Problem 1: Access Control (a). Under each scenario given below, explain whether
ID: 3818020 • Letter: P
Question
Problem 1: Access Control (a).
Under each scenario given below, explain whether ACL or capabilities would be a good choice for revocation. Justify your answer.
(i). Revoking an individual’s access rights to a particular set of files, but not all files
(ii). Revoking access to a particular file from a group of users, but not all users
Problem 2: Authentication
(a). Suppose that a password-based authentication system only allows passwords to be created by using 26 characters from the alphabet and the 10 number characters. Under such a system, how many number of unique passwords can be constructed assuming that passwords are exactly 10 characters long and are case sensitive (i.e., lower and upper-case characters are considered to be different)?
(b). Does using passwords with salts make attacking a specific account more difficult than using passwords without salts? Explain why or why not.
Problem 3: Intrusion Detection
(a). Suppose you have been hired as the security manager at XYZ company. Your boss asks you to determine the number of erroneous login attempts that should be allowed before a user’s account is locked. She is concerned that too many employees are being locked out of their accounts unnecessarily, but is equally concerned that attackers may be able to guess passwords. How would you determine an appropriate value for the threshold?
Explanation / Answer
Solution:
a)
(i) Capability List would be a good choice because
Revocation of an individual's access to a set of files is easy when Capability list is used because one would have to enumerate through the ACL for each file in the set and delete the user from that file's ACL.
However in the case of Capability lists, one would simply get the Capability list for the user and delete all the files from the set from that Capability list. So, ACLs require accessing and updating multiple ACLs (one per file) whereas Capability lists require accessing and updating one Capability list (the user's) only. Hence in this case Capability List would be a good choice.
(ii) ACL would be a good choice because:
In an ACL-based system, it is easy as it requires a single access to the ACL to delete the relevant set of entries. However, using capabilities means that the OS must search through the capability lists of each user in the group of users. This is time-consuming again requiring accesses to many different OS structures and searching each one for the relevant entry for deletion.
b)
The length of the password: 10
The password can be formed using the following possibilities:
Number of possibilities= 26+26+10 = 62
Required number of subsets = 10
Thus, the number of unique passwords that can be constructed = C (n, r)
C (n, r) = n! / (r! *(n-r)!)
= 62! /10! * 52!
= 107518933731
Thus, the number of unique passwords are: 107518933731
c)
1) "The Account lockout threshold policy" determines the number of failed sign-in attempts which causes a user account to be locked.
2) The normal way of setting the value is between 1 and 999 failed sign-in attempts, or other way to specify that the account will never be locked is by setting the value to 0.
3) Main rule to be followed to set threshold is the number should be greater than zero such that
Account lockout duration >= Value of reset account lockout counter.
4) Limiting the number of failed sign-in attempts eliminates the brute force password attacks.
5) If the number of attempts is greater than the value of Account lockout threshold then the attacker could potentially lock every account.
6) Based on the organization's risk level you can set the threshold between 4 and 10 to allow wrong password entry and brute force attacks.
7) According to the scenario's observed a good recommendation for such kind of configuration is 50 invalid sign-in attempts, this prevents accidental account lockouts and also reduces the number of help desk calls, but it doesn't prevent DoS(Denial Of Service) attack.
8) The above option can be used if your organization cannot implement complex password requirements.