What setup should an administrator use for regularly te…

What setup should an administrator use for regularly testing the strength of user passwords?

What setup should an administrator use for regularly testing the strength of user passwords?

A.
A networked workstation so that the live password database can easily be accessed by the cracking
program.

B.
A networked workstation so the password database can easily be copied locally and processed by the
cracking program.

C.
A standalone workstation on which the password database is copied and processed by the cracking
program.

D.
A password-cracking program is unethical; therefore it should not be used.

Explanation:
Poor password selection is frequently a major security problem for any system’s security. Administrators should
obtain and use password-guessing programs frequently to identify those users having easily guessed
passwords.
Because password-cracking programs are very CPU intensive and can slow the system on which it is running,
it is a good idea to transfer the encrypted passwords to a standalone (not networked) workstation. Also, by
doing the work on a non-networked machine, any results found will not be accessible by anyone unless they
have physical access to that system.
Out of the four choice presented above this is the best choice.
However, in real life you would have strong password policies that enforce complexity requirements and does
not let the user choose a simple or short password that can be easily cracked or guessed. That would be the
best choice if it was one of the choices presented.
Another issue with password cracking is one of privacy. Many password cracking tools can avoid this by only
showing the password was cracked and not showing what the password actually is. It is masking the password
being used from the person doing the cracking.
Incorrect Answers:
A: The password cracking program should not be on a networked computer. This is a security risk as someone
could access the computer over the network. Furthermore, you should not run the password cracking program
on the live password database.
B: The password cracking program should not be on a networked computer. This is a security risk as someone
could access the computer over the network.
D: Whether or not a password-cracking program is unethical depends on why you are cracking the passwords.
Cracking passwords as a test of password strength is a valid security test.



Leave a Reply 0

Your email address will not be published. Required fields are marked *

seven − seven =