Question

An operating system is termed as trusted if and only if it meets the intended security requirements that is of high quality and justified the user confidence. Based on the facts

a. Compare Trusted System and the Secure System from TWO (2) different perspectives. [4 marks]

b. Use of the password is the ultimate method for user authentication in operating system. Suggest FOUR (4) different kinds of attacks on password. [4 marks]

c. In case the user of windows operating system forget the password, administrator cannot help the users to fetch the password back instead helps to generate the new password. Explain why windows cannot retrieve the same password. Also identify the encryption methods used to save the user password. [7 marks]

Answer 1

Answer)

1) The comparision between the trusted system and the secure system is as mentioned below:

When considering the security engineering then the trusted system is defined as a system which relies on a specific extent for enforcing the security policy whereas this is equivalent for stating that this system would not fail or break the security policy.

On the other hand secure system involves the implementation as well as development with the security countermeasure which has firewall, data encryption, biometrics and the password where the firewall would have software as well as hardware being set among the internal computer network as well as the internet for filtering out the unwanted intrusion.

2) One can use a complex password which would be easily remembered while not easy to be traceable.

Like a combination of upper case, lower case, numbers and symbols.

Some of the security attack on password are as mentioned below:

• Brute Force attack which is considered an easy approach for the hackers to perform and this is where the hacker mostly uses the computer program for login to that of the user's account with combination of password.
• Dictonary attack which in turn allows the hacker for accesing a program that is used for cycling with common words and it goes on as letter by letter and hence trying to succeed with the attack.
• Phishing attack is where social engineering comes into picture where the identity attack mostly uses the social conventions for the workplace which fools the users and hackers would pose as that of the IT team and then ask the user for their password even without fearing for any risk detection.
• Rainbow table attack wherein the enterprise would hash the password of the user or email and convert those cache as random looking string while these are prevented and hence traced easily then.

3) Windows cannot retrieve the same password as it would have been hashed or encrypted which would have turned into some random string of character which becomes difficult to be traced back and as hashing is a strong identity security method hence windows cannot trace as to which is the hashed word used.

Some of the encryption method is the public key encryption method to be used for saving the user password.

Please comment if you need any other inputs.
Share a like if you find the answer helpful. This would help us learn and share our learning better.
Thank you.