4.1 Task: Install a Linux Distro
1. You will need a USB drive of 8 GB or higher capacity. Install a Linux distribution of your choice, but within the Ubuntu family, onto the USB drive as if it is a HDD.
1. This can be the multiboot USBD you created in an earlier lab. You will need to mount the system read-and-write. The so-called frugal-install or ISO based installs will not do.
2. Should you wish to work with non-Ubuntu distros, adapt the following appropriately.
2. Establish at least 5 ordinary users with names and passwords of your choice. Learn how to do this as a script. Include the script in your submission. The following script was used to create the users. (See figure 1).
#!/bin/bash
# Script to add a user to Linux system if [
…show more content…
I created a stronger password
4.2 Task: DAC Examples
1. Take five examples as-is from LXU and explain DAC ideas.
4.3 Task: File Permissions, Etc
1. Find and report all files with peculiar permissions. Examples: no permissions given --- --- ---, executable but not readable, readable for group and others but not the owner, unsearchable directories, etc.
To view file permissions, I used ls -la (-- removed HTML --) command. For instance, to display all the files of the /root directory, I typed ls -la /root. (see figure 4). The –a option would display the hidden files which are typically the system files. Figure 4: viewing file permissions
The log.txt has no read, write, execute permissions.
2. Files and directories whose names begin with a dot are unlisted by ls unless -a flag is used. Find and report all such files and directories whose size is larger than 10 MB.
4.4 Task: Check for Weak Logins
1. No password shoul be breakable within an hour. List the names and plain text passwords of such users. Assume you are root.
2. Should root be allowed to login? Ubuntu/ Debian do not assign a passwd to root. Discuss the pro/cons of this choice.
The advantages of not having root password is that the users can easily swich to root without signing in with a password. This gives a flexibility of running certain scripts and installing programs.
However, not assigning a password to root would be disadvantageous in terms of security. Any user in the group would be able to
How : Hackers gained access to the user records in the database by using a password cracking tool. Passwords which were disclosed are weakly encrypted using outdated hashing technique without salting the password and this has made hacker's job easier to convert the encrypted passwords with no less than 2 hours.
Passwords should be designed to prevent them from being discovered by unauthorized persons. All passwords should have at least eight (8) characters. The user-IS should never be used as the password. Words in dictionary, derivates of user-IDs, and common character sequences such as “123456789” should not be employed.
One of the other failures that the book presents us is the user’s weak password practice and how the intruder took advantage of this is to gain super user privileges and created several user accounts by gaining root privileges. All it takes is a one-time access as super user to establish his base into the defenders zone. This book describes how the intruder took advantage of brute force method to hack user accounts and password. Also, the intruder was smart enough to steal the password information file and even managed to encrypt all the dictionary words by using the same encryption algorithm and then compared those words with the stolen encrypted passwords file to find out passwords of user accounts. The scientists/ researchers at the laboratories who are not aware of such kind of exploitations made intruder’s work easy by having easy to guess passwords, never bothered to change the passwords from time to time or in fact did not realize the importance of having strong passwords in order to maintain and protect their research data in a safe and secure way. Even today, not all the users realize the importance of having strong/secure passwords and we come across such instances where intruders exploit users ignorance. (For example, Two years ago, before I enrolled in MS-CS program, I did not know how brute force attacks work or
No demand to remember multiple passwords, it saves your passwords and other data in sync.
shown in Table 2. It indicates that all the default alphabet password which is "jackson" can be
For example, if a user exceeds a certain number of failed login attempts the system will either lock the user out of the system or prevent any future attempts for a specified period of time. Although an account lockout policy is designed to take time away from the attacker, so that the brute force attack will fail, this is only true if the attack is performed on an online database. For example, if the user account’s database is copied to a flash drive, and thus taken offline, the attacker could then perform brute force attacks on the copied database from their own home, bypassing your security policies all together. [explain how a hacker could accomplish this copy to a flashdrive] As a result, once the attacker discovers the password they could then impersonate (or masquerade) as an authorized user, thereby gaining access to systems with certain
Password Policy: Password policies for SQL Server logins can be compulsory only when the case is installed on windows server 2003 or 2008.
ATTACK VECTORS (EASY Exploitability): Once an attacker understands that the authorization system is vulnerable, they can login to the application as a valid user. They will successfully pass the authentication control. Administrative functionality can be executed once authentication is passed.
After all the students have completed the task of creating a Naviance account, they will then create a personalized Google Doc. They will open a Google Doc that has been shared with them titled " Passwords - Study Strategies" and they each will need to make a copy of this document so that it can be their own. The purpose of this google document will be to house usernames and passwords to websites the students will need for future use to assist them with success in high school and to plan for their future. See sample document below and a copy is also attached to this posting as well. This document contains a spot for them to place usernames and passwords for each of the following online platforms titled; "Genesis" - the student database
- The third step: You need to establish a list of your employees on the system. You need to fill in employee’s name, address of employees, tax information such as Tax File Number (TFN) and etc.
Because it uses a hierarchical structure in shape of a pyramid or (up-rooted) tree to make director and subdirectories.
What do you want to use to transfer items to your new computer? Click a network.
While of a similar flavor to that of Windows 7 Ubuntu is a Debian based desktop distribution. Ubuntu is a good general desktop application geared more toward graphic multimedia usage. Ubuntu also has the ability to run some Microsoft programs such as Microsoft Office through the use of a software program called wine which allows Linux like operating systems to run windows applications.
The purpose of this document is to detail the various steps needed to install, make ready, and mount an IDE disk on a Linux system. The process starts first with the cabling and physical installation of the disk. Next it is key to ensure the computer’s BIOS is properly configured to allow access to the drive. Once the machine can see the physical drive the next step is to prepare the drive to accept data by partitioning the drive for the desired disk layout. Finally, the drive is mounted within the filesystem hierarchy so it may be accessed by the end user.
In order to run Kali “Live” from a USB drive on standard Windows and Macintosh PCs, you’ll need a Kali Linux bootable ISO image, in either 32-bit or 64-bit formats.