Imagine that you work for the Corporation. Your CIO tells you that he just got a
ID: 3860024 • Letter: I
Question
Imagine that you work for the Corporation. Your CIO tells you that he just got a message on his computer saying that he has to change his password. He wants to know why he must not only use such a relatively long password, but also why he must change that password on a regular basis. What should you tell him? Why? You are taking with the CIO of your company. One of the programs she needs access to is on a server that is on the using the following protocols: Secure Shell (SSH) Network News Transfer Protocol Simple Network Management Protocol NetBIOS Session Service Network Time Protocol The CIO wants to know what a port is and what ports are involved with these protocols. What should you tell her?Explanation / Answer
Scenario 1
There are several factors to consider when using your password length. First up are some of the things that a long password is designed to protect against guessing attack of password for your account by an attacker. For long password, if you have a relatively lockout policy like few incorrect attempts and then a lockout of your account will occur then the access to your account will be unlikely to succeed. Even if it is you who have failed attempts to login then also you have to face same consequences. If there's a risk of offline brute force then password strength becomes more important. the problem here is that improved processing power and methods of attack make this a moving target in terms of strength. Realistically I'd say that you'd be looking at 10+ characters and strong enforcement that passwords aren't on common dictionary lists.Another factor to consider here is your user base, and how the application is used. In some cases, I'd say that very long password requirements can actually lead to a less secure application. If this application is frequently accessed by you and the password policy is strong then it's likely that you will start writing down your lengthy passwords, which is not a secure practice.
Password changes are considered as good practice to prevent attackers from gaining access to your accounts and tracking your activity over an extended period of time. A regular password change would stop any possibility of attacks or snooping on your account. One should change their passwords on a regular basis, as the flow of workers through an office can increase the chances of unauthorized access to sensitive corporate and employee information. Remote access to company databases also increases security risk, so changing passwords after sessions on outside devices reduces the chance that an outsider can gain access to information.
Scenario 2-
In programming terms a port is a logical connection place and uses the Internet's protocol the way a client program specifies a particular server program on a computer in a network. Applications that use TCP/IP have ports with pre assigned numbers. Other application processes are given port numbers dynamically for each connection. When a service starts, it is said to bind to its designated port number. Any client program wants to use that server, must request to bind to the designated port number. Port numbers are from 0 to 65535. Ports 0 to 1024 are reserved for use by certain privileged services. For the HTTP service, port 80 is defined as a default.
1) SSH- TCP- Port number 22- SSH is the primary method used to manage network devices securely at the command level. It is typically used as a secure alternative to Telnet which does not support secure connections.
2) Network news transfer protocol (NNTP) - TCP- 119 port number- The Network News Transfer Protocol (NNTP) is an application protocol used for transporting Usenet news articles between news servers and for reading and posting articles by end user client applications.
3) Simple Network Management Protocol (SNMP) - TCP/UDP- 161/162 port number- SNMP is used by network administrators as a method of network management. SNMP has a number of different abilities including the ability to monitor, configure and control network devices.
4) Net BIOS session service- TCP/UDP- 137/138/139 port number- NetBIOS itself is not a protocol but is typically used in combination with IP with the NetBIOS over TCP/IP protocol. NBT has long been the central protocol used to interconnect Microsoft Windows machines.
5) Network Time Protocol (NTP) – UDP- 123 port number- NTP is used to synchronize the devices on the Internet. Even most modern operating systems support NTP as a basis for keeping an accurate clock.