Understanding Network and System Security
VerifiedAdded on 2020/05/04
|19
|2775
|84
AI Summary
This assignment delves into the crucial aspects of network and system security. It explores fundamental concepts like security goals, services, and mechanisms within grid computing environments. The document also examines various cryptographic modes of operation, including block ciphers and the Data Encryption Standard (DES), shedding light on their significance in secure communication. Additionally, it discusses threat modeling methodologies and common attacks such as dictionary attacks. Understanding these principles is essential for safeguarding information systems and networks.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Advanced security and network assinment
OCTOBER 23, 2017
OCTOBER 23, 2017
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Question 1.......................................................................................................................................1
Question 2.......................................................................................................................................3
Question 3.......................................................................................................................................5
Question 4.......................................................................................................................................7
Question 5.......................................................................................................................................9
Question 6.....................................................................................................................................11
Bibliography.................................................................................................................................14
ii
Question 1.......................................................................................................................................1
Question 2.......................................................................................................................................3
Question 3.......................................................................................................................................5
Question 4.......................................................................................................................................7
Question 5.......................................................................................................................................9
Question 6.....................................................................................................................................11
Bibliography.................................................................................................................................14
ii
Question 1
a. Analyse the security threats that can arise in such an environment. State any
assumptions that you are making.
Ransomware attack assuming some of the software and operating systems in use have not been
updated which will lock the devices and demand payment before they can be unlocked failure to
which the data from the devices will be destroyed.
Phishing attacks occur when an attacker creates a fake email or websites that looks like an
original to confuse the user who will then be redirected to their fake network. This can be done
to collect a user’s personal information.
Pharming attacks refer to a situation when an attacker redirects traffic from a website to a fake
website such that even manually entering the web address in the browser might still redirect to
the fake site from which a user’s personal information can be retrieved without their knowledge.
Botnets these are a group of computers that have been taken over by an attacker remotely to
create an army of computers that are infected. These computers are therefore under the command
of the attacker and the attacker can use them even to stage a denial of service attack or collect
different kinds of information.
Spam which is one of the most common methods for sending out information and collecting
information from unsuspecting people (Government of Canada, 2017). This refers to sending
unwanted or unrequested advertisements or information to a user to entice them to a website.
Denial-of-service attack which occurs when an attacker takes over a device and locks out the
owner or sends a large number of requests to a network to overload the server such that it cannot
process other legitimate requests sent over by users hence users are locked out of the system.
a. Analyse the security threats that can arise in such an environment. State any
assumptions that you are making.
Ransomware attack assuming some of the software and operating systems in use have not been
updated which will lock the devices and demand payment before they can be unlocked failure to
which the data from the devices will be destroyed.
Phishing attacks occur when an attacker creates a fake email or websites that looks like an
original to confuse the user who will then be redirected to their fake network. This can be done
to collect a user’s personal information.
Pharming attacks refer to a situation when an attacker redirects traffic from a website to a fake
website such that even manually entering the web address in the browser might still redirect to
the fake site from which a user’s personal information can be retrieved without their knowledge.
Botnets these are a group of computers that have been taken over by an attacker remotely to
create an army of computers that are infected. These computers are therefore under the command
of the attacker and the attacker can use them even to stage a denial of service attack or collect
different kinds of information.
Spam which is one of the most common methods for sending out information and collecting
information from unsuspecting people (Government of Canada, 2017). This refers to sending
unwanted or unrequested advertisements or information to a user to entice them to a website.
Denial-of-service attack which occurs when an attacker takes over a device and locks out the
owner or sends a large number of requests to a network to overload the server such that it cannot
process other legitimate requests sent over by users hence users are locked out of the system.
b. Specify the types of security services that would be needed to counteract these
security threats and what type of security mechanisms could support these services.
Authentication- This will ensure that a user’s identity is verified before they can perform certain
actions. This can be supported by an encipherment mechanism
Access control – controls incoming traffic into the network to allow only specified
communication. It is supported by the access control mechanism
Data confidentiality – ensures that data is viewed and edited only by relevant parties. It is
supported by both traffic padding mechanism and routing control mechanism
c. Identify the types of security components that can be used to provide these security
services and mechanisms and where they would be placed.
Confidentiality refers to the accessibility of data in a system on a need to know basis. This is
placed under the traffic padding and routing control mechanism
Integrity is the confidence that data in a system is not changed unless it is should. It is classified
under the access control mechanism
Availability refers to the ability of a system to be accessed at any time or the uptime of a system.
It can be placed under the encipherment mechanism to ensure that data is available but only to
those authorized to view it.
2
security threats and what type of security mechanisms could support these services.
Authentication- This will ensure that a user’s identity is verified before they can perform certain
actions. This can be supported by an encipherment mechanism
Access control – controls incoming traffic into the network to allow only specified
communication. It is supported by the access control mechanism
Data confidentiality – ensures that data is viewed and edited only by relevant parties. It is
supported by both traffic padding mechanism and routing control mechanism
c. Identify the types of security components that can be used to provide these security
services and mechanisms and where they would be placed.
Confidentiality refers to the accessibility of data in a system on a need to know basis. This is
placed under the traffic padding and routing control mechanism
Integrity is the confidence that data in a system is not changed unless it is should. It is classified
under the access control mechanism
Availability refers to the ability of a system to be accessed at any time or the uptime of a system.
It can be placed under the encipherment mechanism to ensure that data is available but only to
those authorized to view it.
2
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Question 2
a. What is threat modelling and describe the steps involved in a threat modelling
process?
Threat modeling is a process by which potential threats can be identified, enumerated, and
prioritized (Wikipedia, 2017). This process is done from an attacker’s point of view to evaluate
the most valuable and the most vulnerable part of an application. It is not a one-time only process
(Microsoft Corporation, 2003).
The process occurs in six steps:
i. Identify assets
This involves taking not of the different valuable components that should be protected by
the system
ii. Create an architecture overview
This involves creating a model of the architecture of the application using tables and
diagrams. The model should include the subsystems and dataflow and trust boundaries
iii. Decompose the application
Break down the application into smaller simpler parts in order to create a security profile
which should highlight the vulnerabilities of the application
iv. Identify the threats
While looking at the application from the attackers point of view and with the security
profile highlighting the vulnerabilities, identify the threats that could affect the
application
v. Document the threats
3
a. What is threat modelling and describe the steps involved in a threat modelling
process?
Threat modeling is a process by which potential threats can be identified, enumerated, and
prioritized (Wikipedia, 2017). This process is done from an attacker’s point of view to evaluate
the most valuable and the most vulnerable part of an application. It is not a one-time only process
(Microsoft Corporation, 2003).
The process occurs in six steps:
i. Identify assets
This involves taking not of the different valuable components that should be protected by
the system
ii. Create an architecture overview
This involves creating a model of the architecture of the application using tables and
diagrams. The model should include the subsystems and dataflow and trust boundaries
iii. Decompose the application
Break down the application into smaller simpler parts in order to create a security profile
which should highlight the vulnerabilities of the application
iv. Identify the threats
While looking at the application from the attackers point of view and with the security
profile highlighting the vulnerabilities, identify the threats that could affect the
application
v. Document the threats
3
Outline each and every threat identified in a common threat template defining the major
attributes of a threat that should be recorded for each threat
vi. Rate the threats
Rate the identified threats in order to prioritize and identify which one has to be dealt
with first. This should be done on the basis of the damage that a threat can cause.
b. What happens if the security tool vendor does not include UDP traffic and port 1434
in the attack pattern/signature? In other words, what happens if only the
highlighted pattern in Figure 2 is used as the attack pattern/signature?
If the port number and the UDP traffic are not included, any data coming through with that
pattern even from a different port or protocol will be treated the same way as is specified for
that particular pattern. That is if the packets are meant to be dropped, all packets with the
pattern will be dropped regardless of port and protocol.
4
attributes of a threat that should be recorded for each threat
vi. Rate the threats
Rate the identified threats in order to prioritize and identify which one has to be dealt
with first. This should be done on the basis of the damage that a threat can cause.
b. What happens if the security tool vendor does not include UDP traffic and port 1434
in the attack pattern/signature? In other words, what happens if only the
highlighted pattern in Figure 2 is used as the attack pattern/signature?
If the port number and the UDP traffic are not included, any data coming through with that
pattern even from a different port or protocol will be treated the same way as is specified for
that particular pattern. That is if the packets are meant to be dropped, all packets with the
pattern will be dropped regardless of port and protocol.
4
Question 3
a. Find the cipher text corresponding to the following plaintext. (Treat both uppercase
and lowercase characters to be the same). “SecurityIsPeaceOfMind”
As computed above, the cipher text corresponding to the above plain text while using this
encryption method is: gcwczimubcxaqowktwupw
5
a. Find the cipher text corresponding to the following plaintext. (Treat both uppercase
and lowercase characters to be the same). “SecurityIsPeaceOfMind”
As computed above, the cipher text corresponding to the above plain text while using this
encryption method is: gcwczimubcxaqowktwupw
5
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
b. Assume the above cipher text is transferred over a network to a receiver. If an error
occurs during the transmission of this cipher text affecting one letter, how much of
the decrypted plaintext will be in error.
The amount of error in the plaintext will depend on whether a 3x3 matrix was used or a 2x2
matrix during encryption. In this case a 3x3 matrix was used hence three of the plaintext
characters will have errors. This is because the encryption is dependent on a matrix hence
each chunk of three consecutive characters is dependent on each other for proper encryption
and decryption.
c. What is a dictionary attack on a block cipher, and how can we ensure that such an
attack is infeasible?
Trying every word in the dictionary as a possible password for an encrypted message (Tech-
FAQ, 2017). The solution to making the attack infeasible is using a passphrase which ensures
that it cannot be easily guessed since it will become more difficult to guess a phrase as
opposed to guessing a single word using a dictionary.
d. Consider a general n-bit substitution block cipher. What is the size of the key
(number of bits in the key) required for such a general block cipher? Explain how
you arrive at the answer.
This because each possible input block is considered as one of 2n integers and each integer
specifies an output that is n bits. Therefore, a codebook can be constructed by displaying just
the output blocks in the order of the integers corresponding to the input blocks (Kak, 2017).
This results to: 2n * n bits
Hence the implication that the encryption key will be 2n * n bits.
6
occurs during the transmission of this cipher text affecting one letter, how much of
the decrypted plaintext will be in error.
The amount of error in the plaintext will depend on whether a 3x3 matrix was used or a 2x2
matrix during encryption. In this case a 3x3 matrix was used hence three of the plaintext
characters will have errors. This is because the encryption is dependent on a matrix hence
each chunk of three consecutive characters is dependent on each other for proper encryption
and decryption.
c. What is a dictionary attack on a block cipher, and how can we ensure that such an
attack is infeasible?
Trying every word in the dictionary as a possible password for an encrypted message (Tech-
FAQ, 2017). The solution to making the attack infeasible is using a passphrase which ensures
that it cannot be easily guessed since it will become more difficult to guess a phrase as
opposed to guessing a single word using a dictionary.
d. Consider a general n-bit substitution block cipher. What is the size of the key
(number of bits in the key) required for such a general block cipher? Explain how
you arrive at the answer.
This because each possible input block is considered as one of 2n integers and each integer
specifies an output that is n bits. Therefore, a codebook can be constructed by displaying just
the output blocks in the order of the integers corresponding to the input blocks (Kak, 2017).
This results to: 2n * n bits
Hence the implication that the encryption key will be 2n * n bits.
6
7
Question 4
a. Consider triple encryption by using E-D-E with CBC on the inside. If a single bit
“x” of then cipher text block, say “c2” is modified, then how does it affect the
decrypted plaintext?
The plaintext will not be properly decrypted and the resultant plaintext might be totally different
from the original message due to the mutation during the chaining while the encryption was
taking place.
i. Show how the decryption works?
Ri = Dec[K] ⊕ Ci-1 Ci = Pi ⊕ Ri
ii. If we use, Ri = Enc [K] ⊕ Pi-1 for encryption instead of Ri = Enc[K] ⊕ Ci-1 then how
would decryption work?
Ri = Dec[K] ⊕ Pi-1 Pi = Ci ⊕ Ri
iii. Discuss the security of the above schemes
The major security advantage of this scheme is in its ability to hide the statistical ability to
hide the plaintext blocks therefore the same plaintext can produce different cipher texts
b. A system is designed to use the RSA public key scheme, where m is the modulus, (e,
m) is the public key and (d, p, q) is the corresponding private key. The system
developer discovers that the private key (d, p, q) is compromised and hence modifies
the system by generating some new public and private key exponents (e1, d1) for the
same modulus. Discuss the security of the modified system
8
a. Consider triple encryption by using E-D-E with CBC on the inside. If a single bit
“x” of then cipher text block, say “c2” is modified, then how does it affect the
decrypted plaintext?
The plaintext will not be properly decrypted and the resultant plaintext might be totally different
from the original message due to the mutation during the chaining while the encryption was
taking place.
i. Show how the decryption works?
Ri = Dec[K] ⊕ Ci-1 Ci = Pi ⊕ Ri
ii. If we use, Ri = Enc [K] ⊕ Pi-1 for encryption instead of Ri = Enc[K] ⊕ Ci-1 then how
would decryption work?
Ri = Dec[K] ⊕ Pi-1 Pi = Ci ⊕ Ri
iii. Discuss the security of the above schemes
The major security advantage of this scheme is in its ability to hide the statistical ability to
hide the plaintext blocks therefore the same plaintext can produce different cipher texts
b. A system is designed to use the RSA public key scheme, where m is the modulus, (e,
m) is the public key and (d, p, q) is the corresponding private key. The system
developer discovers that the private key (d, p, q) is compromised and hence modifies
the system by generating some new public and private key exponents (e1, d1) for the
same modulus. Discuss the security of the modified system
8
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The modified system is not secure since the original system can still compute the modified
system’s private key and hence it is still compromised. The modified system can also
compute the original system’s private key since they both have the same modulus.
iv.
9
system’s private key and hence it is still compromised. The modified system can also
compute the original system’s private key since they both have the same modulus.
iv.
9
Question 5
a. List and describe (in detail), the different types of memorable patterns that may be
used by a human when selecting a four (4) digit PIN
Using four consecutive numbers such as 1234
Using the same number four times
Using four consecutive odd or even numbers
Motor patterns which involve remembering the pattern your finger takes rather than the
actual password (Lancet, 2013)
b. For each memorable pattern, quantify (using the correct notation), the reduction of
keyspace and entropy
When using four consecutive numbers, the possible number of combinations that can be
attained is ten. Therefore, entropy will be 10 and entropy in bits will be equal to:
210 =1024bits
Using the same number four consecutive times gives a total number of ten combinations.
Hence entropy in bits becomes
210 =1024bits
Using consecutive odd or even numbers the total possible number of combinations is five
therefore entropy in bits results to:
25 = 32bits
c. Once you have listed and described all memorable patterns, quantify (using the
correct notation), the overall reduction of key space and entropy
To get the average entropy, you get the sum of the entropy of the individual methods and
divide it by the number of methods.
10
a. List and describe (in detail), the different types of memorable patterns that may be
used by a human when selecting a four (4) digit PIN
Using four consecutive numbers such as 1234
Using the same number four times
Using four consecutive odd or even numbers
Motor patterns which involve remembering the pattern your finger takes rather than the
actual password (Lancet, 2013)
b. For each memorable pattern, quantify (using the correct notation), the reduction of
keyspace and entropy
When using four consecutive numbers, the possible number of combinations that can be
attained is ten. Therefore, entropy will be 10 and entropy in bits will be equal to:
210 =1024bits
Using the same number four consecutive times gives a total number of ten combinations.
Hence entropy in bits becomes
210 =1024bits
Using consecutive odd or even numbers the total possible number of combinations is five
therefore entropy in bits results to:
25 = 32bits
c. Once you have listed and described all memorable patterns, quantify (using the
correct notation), the overall reduction of key space and entropy
To get the average entropy, you get the sum of the entropy of the individual methods and
divide it by the number of methods.
10
Therefore, the average entropy is calculated to:
(210 +210+25) / 3 = 693.33bits
11
(210 +210+25) / 3 = 693.33bits
11
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Question 6
a. Describe the differences in protection capabilities between operating systems that
use the two processor-state model and those that use the four processor-state model.
A two processor-state model uses only two states for a process. A process is either running or in
queue to be run when the current process is done. In this case a process is created, labeled as not
running and put in queue. After some time, the current process stops running and is labeled as
not running where as a process is chosen from the queue, labeled as running and dispatched.
A four-processor-state model however has four nodes therefore a process is either in admission,
dispatch, pause or exiting state. A newly created process is in admission. It changes to dispatched
when it is chosen to start running. After some time, the process is paused to enable running other
processes and after a process is complete, it exits.
b. Describe the benefits and drawbacks of the following platform management
architectures:
i. Natively within an operating system.
Benefits
Faster performance since application is used in the environment for which it is meant
Able to access and use a device’s built-in capabilities this is because the application is meant
specifically for that particular operating system
Better user experience since there is no chance for incompatibility, the applications are
generally better for use by than the others
Higher security
Drawbacks
12
a. Describe the differences in protection capabilities between operating systems that
use the two processor-state model and those that use the four processor-state model.
A two processor-state model uses only two states for a process. A process is either running or in
queue to be run when the current process is done. In this case a process is created, labeled as not
running and put in queue. After some time, the current process stops running and is labeled as
not running where as a process is chosen from the queue, labeled as running and dispatched.
A four-processor-state model however has four nodes therefore a process is either in admission,
dispatch, pause or exiting state. A newly created process is in admission. It changes to dispatched
when it is chosen to start running. After some time, the process is paused to enable running other
processes and after a process is complete, it exits.
b. Describe the benefits and drawbacks of the following platform management
architectures:
i. Natively within an operating system.
Benefits
Faster performance since application is used in the environment for which it is meant
Able to access and use a device’s built-in capabilities this is because the application is meant
specifically for that particular operating system
Better user experience since there is no chance for incompatibility, the applications are
generally better for use by than the others
Higher security
Drawbacks
12
Little to no portability since they can only be used for the specific operating system that they
are meant for
They can be costly in the long term since a change in platform requires a change of
application to a different one altogether
ii. By extending the processor’s state model with an extra mode complimented by
dedicated platform management kernel.
Benefits
High user experience due to compatibility with native system. They provide a user
experience that is almost equal to what native applications provide.
Drawbacks
Performance is a bit slower since the applications are not fully optimized for that specific
operating system
iii. By adding a separate management processor to a platform
Benefits
It results to very portable applications that can be used in various operating system platforms
without any extra components required.
Cheaper origination costs since they are made for different platforms hence they can work
with any platform that is available without any additional acquisition costs. All that is needed
is the application itself.
Access to various hardware and software capabilities using plug-ins therefore it is able to
access some of the built-in capabilities of a platform.
Drawbacks
13
are meant for
They can be costly in the long term since a change in platform requires a change of
application to a different one altogether
ii. By extending the processor’s state model with an extra mode complimented by
dedicated platform management kernel.
Benefits
High user experience due to compatibility with native system. They provide a user
experience that is almost equal to what native applications provide.
Drawbacks
Performance is a bit slower since the applications are not fully optimized for that specific
operating system
iii. By adding a separate management processor to a platform
Benefits
It results to very portable applications that can be used in various operating system platforms
without any extra components required.
Cheaper origination costs since they are made for different platforms hence they can work
with any platform that is available without any additional acquisition costs. All that is needed
is the application itself.
Access to various hardware and software capabilities using plug-ins therefore it is able to
access some of the built-in capabilities of a platform.
Drawbacks
13
This architecture does not provide the best user experience since they are the ones with the
highest compatibility issues since applications are made to conform to different operating
system platforms
14
highest compatibility issues since applications are made to conform to different operating
system platforms
14
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Bibliography
Callari, F., n.d. Process states. [Online]
Available at: https://www.cim.mcgill.ca/~franco/OpSys-304-427/lecture-notes/node5.html
[Accessed 22 10 2017].
Courtois, N. T., 2012. Algebraic Complexity Reduction and Cryptanalysis of GOST. [Online]
Available at:
https://pdfs.semanticscholar.org/486d/c17d6dee3dda978bd241739a699282e2eab8.pdf
[Accessed 22 10 2017].
Dahshan, M. H., n.d. Block Ciphers and DES, n.a: n.a.
Government of Canada, 2017. Common threats to be aware of. [Online]
Available at: https://www.getcybersafe.gc.ca/cnt/rsks/cmmn-thrts-en.aspx
[Accessed 22 10 2017].
Gutmann, A., Volkamer, M. & Renaud, K., 2016. Memorable And Secure: How Do You Choose
Your PIN?, n.a: s.n.
Integrated Computer Solutions, n.a. Encryption. [Online]
Available at: http://www.ics.uci.edu/~keldefra/teaching/fall2016/uci_compsci134/slides/LEC3-
KED.pdf
[Accessed 22 10 2017].
Jain, R., 2009. Modes of Modes of Operation. [Online]
Available at: http://www.cse.wustl.edu/~jain/cse571-09/ftp/l_06moo.pdf
[Accessed 22 10 2017].
Jain, R., 2009. Network Security Concepts, Saint Louis: n.a.
15
Callari, F., n.d. Process states. [Online]
Available at: https://www.cim.mcgill.ca/~franco/OpSys-304-427/lecture-notes/node5.html
[Accessed 22 10 2017].
Courtois, N. T., 2012. Algebraic Complexity Reduction and Cryptanalysis of GOST. [Online]
Available at:
https://pdfs.semanticscholar.org/486d/c17d6dee3dda978bd241739a699282e2eab8.pdf
[Accessed 22 10 2017].
Dahshan, M. H., n.d. Block Ciphers and DES, n.a: n.a.
Government of Canada, 2017. Common threats to be aware of. [Online]
Available at: https://www.getcybersafe.gc.ca/cnt/rsks/cmmn-thrts-en.aspx
[Accessed 22 10 2017].
Gutmann, A., Volkamer, M. & Renaud, K., 2016. Memorable And Secure: How Do You Choose
Your PIN?, n.a: s.n.
Integrated Computer Solutions, n.a. Encryption. [Online]
Available at: http://www.ics.uci.edu/~keldefra/teaching/fall2016/uci_compsci134/slides/LEC3-
KED.pdf
[Accessed 22 10 2017].
Jain, R., 2009. Modes of Modes of Operation. [Online]
Available at: http://www.cse.wustl.edu/~jain/cse571-09/ftp/l_06moo.pdf
[Accessed 22 10 2017].
Jain, R., 2009. Network Security Concepts, Saint Louis: n.a.
15
Kak, A., 2017. Lecture 3: Block Ciphers and the Data Encryption Standard. [Online]
Available at: https://engineering.purdue.edu/kak/compsec/NewLectures/Lecture3.pdf
[Accessed 23 10 2017].
Kumar, A. & Bawa, S., 2011. Network Security: Goals, Services and Mechanisms in Grid
Computing Environments, n.a: n.a.
Lancet, Y., 2013. 7 Ways To Make Up Passwords That Are Both Secure & Memorable. [Online]
Available at: http://www.makeuseof.com/tag/7-ways-to-make-up-passwords-that-are-both-
secure-memorable/
[Accessed 22 10 2017].
Microsoft Corporation, 2003. Chapter 3 Threat Modeling. [Online]
Available at: https://msdn.microsoft.com/en-us/library/ff648644.aspx
[Accessed 22 10 2017].
n.a, n.d. Network and Systems Security. [Online]
Available at: http://csis.gmu.edu/ksun/AIT682-f17/notes/T03.2-4_SecKeyModeEtc-6spp.pdf
[Accessed 22 10 2017].
StackExchange, 2016. How should I calculate the entropy of a password. [Online]
Available at: https://crypto.stackexchange.com/questions/374/how-should-i-calculate-the-
entropy-of-a-password
[Accessed 22 10 2017].
Tech-FAQ, 2017. Dictionary Attacks. [Online]
Available at: http://www.tech-faq.com/dictionary-attack.html
[Accessed 22 10 2017].
16
Available at: https://engineering.purdue.edu/kak/compsec/NewLectures/Lecture3.pdf
[Accessed 23 10 2017].
Kumar, A. & Bawa, S., 2011. Network Security: Goals, Services and Mechanisms in Grid
Computing Environments, n.a: n.a.
Lancet, Y., 2013. 7 Ways To Make Up Passwords That Are Both Secure & Memorable. [Online]
Available at: http://www.makeuseof.com/tag/7-ways-to-make-up-passwords-that-are-both-
secure-memorable/
[Accessed 22 10 2017].
Microsoft Corporation, 2003. Chapter 3 Threat Modeling. [Online]
Available at: https://msdn.microsoft.com/en-us/library/ff648644.aspx
[Accessed 22 10 2017].
n.a, n.d. Network and Systems Security. [Online]
Available at: http://csis.gmu.edu/ksun/AIT682-f17/notes/T03.2-4_SecKeyModeEtc-6spp.pdf
[Accessed 22 10 2017].
StackExchange, 2016. How should I calculate the entropy of a password. [Online]
Available at: https://crypto.stackexchange.com/questions/374/how-should-i-calculate-the-
entropy-of-a-password
[Accessed 22 10 2017].
Tech-FAQ, 2017. Dictionary Attacks. [Online]
Available at: http://www.tech-faq.com/dictionary-attack.html
[Accessed 22 10 2017].
16
Tutorials Point, 2017. Operating System - Quick Guide. [Online]
Available at: https://www.tutorialspoint.com/operating_system/os_quick_guide.htm
[Accessed 22 10 2017].
Wikipedia, 2017. Threat model. [Online]
Available at: https://en.wikipedia.org/wiki/Threat_model
[Accessed 22 10 2017].
17
Available at: https://www.tutorialspoint.com/operating_system/os_quick_guide.htm
[Accessed 22 10 2017].
Wikipedia, 2017. Threat model. [Online]
Available at: https://en.wikipedia.org/wiki/Threat_model
[Accessed 22 10 2017].
17
1 out of 19
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.