Question

QUESTION 3: SYSTEM CONFIGURATION [5+5 = 10 Marks]
a) Be aware of the options available for setting password requirements under Windows, as well as the options available under Linux. Discuss good and bad practices for setting passwords and why administrators may enforce logon hours and logon locations for Windows users. [5 Marks]
b) Explain what Multi Factor Authentication (MFA) is – a method of authentication which requires a user to supply two or more types of authentication drawn from these credential categories:
1. Knowledge – what the user knows, such as a username or password
2. Possession – what the user has, such as a smart card or key
3. Inherence – what the user is; a unique biometric trait, such as a fingerprint [5 Marks]

Answer 1

>>Answer

>>Given That

1. The good practices of setting passwords include minimum and maximum password age policy, where minimum can be 1 day and maximum be 90 days. Apart from that, the minimum password length policy which can be a minimum of 8 characters must be ensured. The long passwords make it harder to crack it. Plus, it must be complex enough with numbers, letters(uppercase and lowercase), and symbols for better protection.

While the bad password setting may include using the name as a password or not having email linkages to the password setting, or reminders to change the password. A weak password with less variation in characters is also easy to crack.

The administrator may enforce logon hours and locations for users to control the privacy of the system. In remote locations, with logon hours, it can be ensured that confidential information is not accessed beyond the work time. In the same manner, accessing it outside the office premises can be blocked. It comes under good practices as it further restricts the unauthentic access of the system.

2. MFA is a way of authentication in which a person or user may get access to a platform or website only after entering at least two pieces of evidence. This can be regarding something only the user knows, or only posses or only he/she is like in biometric.

Hence, it provides better security, apart from password set by the user
Thus, in the knowledge, it can be password and other protecting questions like the name of the first school, or mother's maiden name, etc. This information is very personal and hence adds a security element

In possession, the user may have to authenticate access with a key or a smart card, that needs to be inserted to access the system. For example, a lot of offices give the smart card to their employees to enter office premises or even using their computer system

Inherence can be a fingerprint, or retina scan, that shows that person accessing is the same person, inherently.

With MFA, the security is improved as at least two evidence are needed for it.