Basic Defense Methods in Information Systems - Coursework Example

Name Tutor’s Name Course Number Date, Month, Year Abstract Individuals and businesses are becoming more reliant on trustworthy functioning of their information systems. These systems are instrumental towards their achievement and effectiveness. While this increasing reliance on information management systems produces a pressing requirement to accumulate data and make it more available, the abundance of computer technology has also brought forth prospects for malicious persons to contravene the integrity and legitimacy of these systems. One of the frequent control mechanisms for authentication and validation of users of these systems is the utilization of passwords. Nonetheless, in spite of the extensive application of passwords, Minimal awareness and interest has been given to the distinctive nature of their real use. This paper will analyze two network security tools i.e. (Instant password finder and proactive checker). Analysis will also look into their features and a discussion on the criteria employed in selecting the two will also be highlighted. The paper will also address the gap in tool evaluation together with the characteristics. The results will be produced in the form of a practical study. The paper will conclude with a discussion on the relative weakness and strengths of the two tools. Introduction One of the most basic defense methods in any information system is the capability of system administrators to validate the identity of users. Although studies on how to boost security are being conducted including investigations on complex methods of authentication, Application of password methods continue to be the main technique of validating Information system users. (George, 2001).From physical to online networks, information systems depend on admission validation through passwords (George, 2001).Despite both reported and unreported security breaches in computer networks, Validation and authentication of individuals using networks continue to trouble network and information security experts. Proactive Password checker and Instant Password Finder (network security) Due to the growth of the internet networks, the security of the passwords among the users has been and is still a major concern for the network users. The network security includes the issues such as the lack of strength in passwords security that leads to negative impacts such as cybercrimes and hacking of accounts.as a result, technologists have researched for the possible solution to this issue. Among the identified solutions,the proactive password finder and password checker are among the current solutions of this issue of network security among network users (George, 2001). An Overview of the Proactive Password Checker The proactive password checker is a tool for maintaining network security via the ability ofsecuring passwords and preventing hacking among other functions. This tool is in form of a computer program/software. This program prevents entry of passwords that can be easily guessed in the network system by the user. In many cases, the proactive password checker ensures protection of password via detecting the passwords that are presented by a user and that have the highest probabilities of being guessed. Despite the fact that the security hole is evident in the proactive password checker, the existence of the security hole is there until it is detected by this program and at the same time as long as the user of the current password decides to change the password again. In situations whereby this program that has the role of changing the user’s password inspects for the safety and the probability of guessing the password before it is associated with the account of the user, the security hole is not put in location. For a proactive password checker to be effectiveitmust contain the below named criteria (Jacob, 2007). The testing of the password requires invoking in order to avoid bypassed tests which enhance installation of weak passwords on a network system. The proactive checker must have the qualities of rejecting whichever password in a set of similar passwords and also reject transformation of passwords that are common. The checker should entail tests that are easy to set up, otherwise in case of complex tests which an individual is likely to make errors will ensure that the administrators picks up the tests that are less complex and thus may no be of help. In addition, the password security issue being a general principle does not require procedures that require much effort. The proactive checker program should be able to run other sub- programs and as well as run the results that are in the tests. Via this, passwords made up of words that are as a result of coinage, words that have the common misspellings, and words that have simple conjugations are eliminated. These sub-programs also check the passwords that are usually based on the local host names. The password checker should also have the property of allowing the per-site discrimination in the process of conducting the password tests. This process permits the administrator of the system to modify and disable properties such as the minimum and the maximum length for a required password. The password checker should have a design corresponding facility that can be practiced in tests. The checker must also permit the per- user discrimination in all its password tests. In all the transformations that are detected in these tests that such a requirement for the program will ensure that the passwords are eliminated on basis of the user’s account name or the given name and details. The function of the proactive password checker is to attain the maximum password protection and this is achieved with the capability of the system administrator to turn off certain checks(Matt, 1990). Features of the Proactive Password Checker The configuration file is a feature of the proactive password checker that identifies the level of checking of passwords that users can not easily read. The configuration file is made in such a manner that it is not easily accessed by users and potential cracker and for that reason it enhances the security systems via hiding the guide that has the password that have the potential of being acceptedand on the other hand it also detects the password that can not be found. The proactive password checker has a dictionary in it in order to improve its efficiency. These dictionaries must be the ones that were used in that research and basically on per site basis. Other than the feature of rejecting passwords that can be easily guessed, the proactive finder tells the user the reason for rejecting that particular password and gives the user suggestions of how the acceptable password look like. For instance, it provides the user with hints (Matt, 1990). An example of a proactive password checker is the pwcheck. The pwcheck is a part of the passwd+ password changing software package that employs the little language to encode test that defines whether a password is easy or hard to guess. When a password is submitted to the administrator by the user, tests are run and if the password is rejected then the user is notified that the password in not acceptable together with the reason for rejection(Matt, 1990). The Instant Password Finder The instant password finder is a tool that has a fast way of checking for any possible password and shows them immediately. When the network system is running, for instance in a computer, a lot of data is in the system area in a silent and stealth manner. This data includes the personal information that in most cases s private and confidential. It’s the role of the instant password finder to read the data that i the current system and out of it extracts the username and the password for the user(Klein, 2007). Features of the Instant Password Finder The instant password finder has the control over the user credentials and for that reason it runs any other program with the user’s credentials. The instant password finder displays the history of the password hashes. This tool has the feature of reading and encrypting the password hashes directly from the registry files. The instant password finder decrypts and browses the Windows Protected Storage that stores the passwords and auto-complete records for Internet Explorer, the outlook, and the outlook express. It extracts the saved passwords from the network system and uses them in the password recovery engine. This network security tool has the property of backing up the registry files and the active directory database of the system of the user(Klein, 2007). The Criteria used to compare the Proactive Password Checker and the Instant Password Finder The proactive password checker has a configuration file that in it has commands fro setting and evaluating the variables and tests that determine if the proposed password by the user is too easy to guess. These tests comprise of expressions that are have the variables, constants and functions in them. When a password is entered by a user, it is stored in a variable that contains strings plus numerous types of assignments. These assignments include expressions that are used in determining the strength of the password.In conjunction with these tests, there exist statements that are printed once the test of the password succeeds. The role of these statements is to inform the user the reason as to why the password is being rejected in case of a failure and also to inform the user if the criteria have passed (Jacob, 2007). The instant password finder on the other and is a program that has the criteria of fast recovery of password. However, it is vital to note that not all the passwords can be recovered instantly due to the fact that most operating systems encrypts quite a lot of forms of password and thus makes it necessary to apply the advanced attacks in order for them to be recovered. The criterion used to recover such passwords is via the use of the ElcomSoftthat implements numerous radical and recent technologies that enhance faster and instant recovery of passwords. This software is advanced due to the fact that many users have password that are made up of words from the user’s native language, numbers or even important dates in their life. At times password are made up of a combination of numbers and characters. Due to this complexity, a dictionary that is highly customizable permits the specifications of several modifiers to the words in the dictionary. Advanced marks make it easier for the specification of the pieces of information that are likely correct about a password for the objective of making the recovery process a faster and instant one(Klein, 2007). Comparison of the Proactive Password Checker and the instant Password Recovery The proactive password checker has a dictionary with it that has the function of detecting the passwords that are likely to be guessed by users and thus the name the proactive password checker. On the other hand, the instant password finder is a program that has the function of recovering the password in the fastest way possible (Klein, 2007). Unlike in the proactive password checker that gives the password that are likely to be guessed, the instant password finder can a times fail to recover the lost or the hacked password due to factors such as the operating system that is being used or the complexity of the characters that were used to set the password. The proactive password checker provides the user the information on whether the password presented has been accepted or rejected. In case a password is rejected, the user is provided with the appropriate reason as to why the password was rejected. On the other hand, the instant password finder has the specific roles of recovering passwords and not checking and fro the main reason the instant password finder only indicates whether the password was recovered or not(Klein, 2007). Conclusion As the saying goes “good fences makes good neighbors” on the network security perspective the good fences represent the secure passwords, it is therefore important for a user to take care of the password. However, many are the users who do not put the extra effort of protecting their passwords as they do not care who gets access of their information. Unprotected data has the risk of being obtained to get information that can lead to crimes such as cyber crimes, hacking of bank accounts and most important sharing of information with other users. The proactive password checker and the instant password finder are among the “good fences” in the matter of a secure account or system that has a password with it. The common feature with the above discussed network security tools is the ability to check and recover the forgotten or hacked passwords.in addition they are able to detect the password that are likely to be easily guessed by users and are incorrect. The changing and the advanced nature of the dictionaries that are present in different form in these network security tools make it hard for the passwords to be guessed. However, just like in the instant password finder, in the network security in particular password it’s not possible to prevent the entire passwords form being guessed or being hacked by other users(Klein, 2007). References George D. (2001). Information security: 4th international conference. London: Diane publishers. Jacob A. (2007). User Authentication Principles: Theory and Practice. Cambridge: Cambridge University Press. Klein D. (1999). A survey of improvements to UNIX password security: Proceedings of the USENIX security workshop. Oxford:OxfordUniversity Press. Matt B.(1990).A proactive checker. New York: Diane Publishers. Read More