1. Respond to other student Discussion Board providing additional insights, feedback and/or examples as applicable.
Discussion Board of another student:
It is almost impossible to fully secure an online or mobile account with just password. Data breaches ,malware, device theft, and myriad other methods can be used to compromise digital passwords, no matter how secure they are. That's why anyone with sensitive information or data protected by a password needs a second method of securing their account, hence two-factor authentication ( Vigliarolo, 2020). Two-factor authentication is a supplement to a digital password that, when used properly, makes it harder for a cybercriminal to access a compromised account. Two-factor authentication is also referred to as 2FA, two-step verification, login verification, and two-step authentication. Two factor authentication goes along with a password as second form of identity verification. How this works is upon successful login into an account with password user is prompted to either confirm their identity using a one-button push with a verification app or input a random security code from a text, email, push notification, or physical key. The second factor is, ideally, harder to spoof than a password; it requires something the legitimate user has physical access to, like a smartphone with a particular authenticator app installed, a linked phone number for a push notification or SMS authentication code, or a hardware security key, which leaves a hacker stuck even if they have the correct password to the account. some form of two factor authentications are biometrics like Touch ID , authenticator apps, SMS authentication, email authentication, or a physical security key to authenticate an account with an authentication code.
Each method has its pros and cons, and two-factor authentication shouldn't be relied on to be the end-all, be-all of account security. Each of those methods can be cracked by someone with enough knowledge or drive. SMS and email authentication, easily the most ubiquitous, are also the most easily cracked. Text messages aren't secure and can be intercepted, and email accounts can be hacked. Anyone who has spent time online knows it's a bad idea to put all their security eggs in a single basket, and two-factor authentication is no exception. Couple years ago CNET reported RSA's physical security tokens were hacked, so even systems you think are secure (like random number generators) can be exploited. The biggest security hole in two-factor authentication, and the one most often exploited is social engineering. Social engineering is essentially people hacking instead of trying to break encryption, brute-force passwords, or crack RSA tokens a social engineer goes for the path of least resistance by phishing, pretexting, phone spoofing, or otherwise lying to extract information from people who don't realize they're giving up sensitive data to a person who shouldn't have it.
Refere ...
1. 1. Respond to other student Discussion Board providing
additional insights, feedback and/or examples as applicable.
Discussion Board of another student:
It is almost impossible to fully secure an online or mobile
account with just password. Data breaches ,malware, device
theft, and myriad other methods can be used to compromise
digital passwords, no matter how secure they are. That's why
anyone with sensitive information or data protected by a
password needs a second method of securing their account,
hence two-factor authentication ( Vigliarolo, 2020). Two-factor
authentication is a supplement to a digital password that, when
used properly, makes it harder for a cybercriminal to access a
compromised account. Two-factor authentication is also
referred to as 2FA, two-step verification, login verification, and
two-step authentication. Two factor authentication goes along
with a password as second form of identity verification. How
this works is upon successful login into an account with
password user is prompted to either confirm their identity
using a one-button push with a verification app or input a
random security code from a text, email, push notification, or
physical key. The second factor is, ideally, harder to spoof than
a password; it requires something the legitimate user has
physical access to, like a smartphone with a particular
authenticator app installed, a linked phone number for a push
notification or SMS authentication code, or a hardware security
key, which leaves a hacker stuck even if they have the correct
password to the account. some form of two factor
authentications are biometrics like Touch ID , authenticator
apps, SMS authentication, email authentication, or a physical
security key to authenticate an account with an authentication
code.
Each method has its pros and cons, and two-factor
authentication shouldn't be relied on to be the end-all, be-all of
account security. Each of those methods can be cracked by
2. someone with enough knowledge or drive. SMS and email
authentication, easily the most ubiquitous, are also the most
easily cracked. Text messages aren't secure and can be
intercepted, and email accounts can be hacked. Anyone who has
spent time online knows it's a bad idea to put all their security
eggs in a single basket, and two-factor authentication is no
exception. Couple years ago CNET reported RSA's physical
security tokens were hacked, so even systems you think are
secure (like random number generators) can be exploited. The
biggest security hole in two-factor authentication, and the one
most often exploited is social engineering. Social engineering is
essentially people hacking instead of trying to break encryption,
brute-force passwords, or crack RSA tokens a social engineer
goes for the path of least resistance by phishing, pretexting,
phone spoofing, or otherwise lying to extract information from
people who don't realize they're giving up sensitive data to a
person who shouldn't have it.
References :
Vigliarolo, Brandon. "Two -factor authentication : A cheat
Sheet"
TechRepublic 11 June 2020
https://www.techrepublic.com/article/two-factor-authentication-
cheat-sheet/
Respond here:
2. Responding to their Discussion Board with additional
information, feedback and examples as applicable.
Discussion board of another student:
The term “Access Control” refers to “the control of access to
system resources after a user’s account credentials and identity
have been authenticated and access to the system has been
3. granted.” (University of Hawai'i, 2021) Having adequate access
controls are vital to ensuring the security of information held on
an enterprise network from unintentional (or intentional)
modification. The three types of access controls are
Discretionary Access Control (DAC), Mandatory Access
Control (MAC), Role-Based Access Control (RBAC), and
Attribute-Based Access Control (ABAC). Each of these
controls has their own strengths and weaknesses, however it is
important for businesses to adopt the appropriate access control
model based on the needs of their employees, as well as the
information protected.
Discretionary Access Control (DAC) is a simplistic approach to
data control, whereas the data owner decides on the permissions
granted to the specific information. Under this type of control,
persons that have been granted access to the information have
the ability to pass the information to other individuals or
objects, grant privileges to other individuals, change attributes
regarding security and other characteristics, specify security
attributes associated with newly-created objects, or dictate the
overarching rules regarding access controls to the information.
While easy to apply, this type of access control is extremely
difficult to regulate due to the fluid nature of permissions
granted once the data owner issues the initial access
permissions. Mandatory Access Control (MAC), which
improves on the weak points of DAC, is an access policy in
which all individuals and objects within the technical purview
of the data owner have uniform security controls applied to
them. Subjects that are granted access to information are
inhibited from distributing the data to unauthorized sources,
granting privileges to other individuals, changing security
controls, or changing the governing access control. MAC is,
traditionally, the most common access control applied due to its
inclusive nature.
Role-Based Access Control (RBAC) is, as could be extrapolated
from the name, access control based on user roles. This means
that a user that receives access to data based on the assumption
4. of a given role, whether explicit or implicit, is a role-based
access control. This type of access control ensures that
information is only accessed by personnel that require access,
and any modifications are done only by authorized personnel.
This also means that the data owner, while the originator of the
information, may not have access to further modify the data
after its inception. Security principles such as “least privilege”
and “separation of privilege” are in effect in this type of access
control, and play a pivotal role in ensuring the integrity of the
data that it protects.
The final access control, Attribute-Based Access Control, is
more complicated and thus less likely to be utilized in an
enterprise environment. Under this type of access control
resources and users are assigned and organized by “attributes”
such as time of day or position and location, and their access is
based on these factors. Known as a dynamic access control, this
type of control benefits critical operational information and
sensitive data. If the information does not geographically move
(aka a SCIF or some sort of classified facility), then ABAC can
be considered as the most secure type of access control for
high-priority information.
All of this being said, in the end the question is not “Do I need
a form access control?”, but rather “What type of access control
best suits my company needs?” The secrecy and severity of
information, least privilege, and geographic location will
determine the needs of the organization and how read, write,
modify, and delete permissions are applied. Knowing your
organization and its requirements are the most important factor.
Also, it is important to ensure that your company has a
competent Change Management Board (CMB) and that the type
of access control is evaluated upon, thoroughly tested in a
sandbox environment, and implemented in a manner that
supports continuity of business operations.
References
University of Hawai'i. (2021). Access Control Models – UHWO
Cyber Security. Westoahu.hawaii.edu. Retrieved 15 November
5. 2021, from https://westoahu.hawaii.edu/cyber/best-
practices/best-practices-weekly-summaries/access-control/.
Respond here:
Running head: ANNOTATED BIBLIOGRAPHY 1
ANNOTATED BIBLIOGRAPHY 4
Week 3: Annotated Bibliography for Final Project
Your Name
University of Arizona Global Campus
CRJ 201: Introduction to Criminal Justice
Instructor's Name
Month Day, Year
Want to view a sample annotated bibliography? Need further
help?
Ctrl+Click: Annotated Bibliography
Week 3: Annotated Bibliography for Final Project
Author, A. (Year Published). Article title. Journal Name,
Volume(Issue), page range. doi:# or Retrieved from journal’s
homepage URL
In the first paragraph of your annotation, summarize the main
points of the source that you found to support the ideas in Case
#1. This source should address the criminal justice issue of law
enforcement communication in multilingual communities.
In the second paragraph of your annotation, explain how the
source is relevant to your Final Project. Explain how this
particular source relates to the ideas discussed in Case #1.
6. Explain how this source will help you develop your Final
Project.
Author, A. (Year Published). Article title. Journal Name,
Volume(Issue), page range. doi:# or Retrieved from journal’s
homepage URL
In the first paragraph of your annotation, summarize the main
points of the source that provides insight into how criminology
may apply to a program, practice, approach, or policy relevant
to a criminal justice issue in Case #1.
In the second paragraph of your annotation, explain how the
source is relevant to your Final Project. Explain how this
particular source relates to criminology and a program, practice,
approach, or policy discussed in Case #1. Explain how this
source will help you develop your Final Project.
Author, A. (Year Published). Article title. Journal Name,
Volume(Issue), page range. doi:# or Retrieved from journal’s
homepage URL
In the first paragraph of your annotation, summarize the main
points of the source that you found to support the ideas in Case
#2. This source should be relevant to the criminal justice issue
of juror exclusion by race in a criminal case.
In the second paragraph of your annotation, explain how the
source is relevant to your Final Project. Explain how this
particular source relates to the ideas discussed in Case #2.
Explain how this source will help you develop your Final
Project.
Author, A. (Year Published). Article title. Journal Name,
Volume(Issue), page range. doi:# or Retrieved from journal’s
homepage URL
In the first paragraph of your annotation, summarize the main
points of the source that you found to support the ideas in Case
#3. This source should address the criminal justice issue of cell
conditions within the context of Eighth Amendment
considerations.
In the second paragraph of your annotation, explain how the
source is relevant to your Final Project. Explain how this
7. particular source relates to the ideas discussed in Case #3.
Explain how this source will help you develop your Final
Project.
Author, A. (Year Published). Article title. Journal Name,
Volume(Issue), page range. doi:# or Retrieved from journal’s
homepage URL
In the first paragraph of your annotation, summarize the main
points of the source that you found to support the ideas in this
section of your paper. This source will address the critical
perspective of the criminal justice issue that you chose, relevant
to any of the three cases.
In the second paragraph of your annotation, explain how the
source is relevant to your Final Project. Explain how this
particular source relates to a critical perspective of a criminal
justice issue relevant to any of the three cases. Explain how
this source will help you develop your Final Project.
Tip 1: Note that references are listed in alphabetical order.
Tip 2: When including a URL for an online journal, you must
search for the journal’s home page and include this in your
reference entry. You may not include the URL found through
your university library, as readers will not have access to this
library.
Tip 3: Delete these “hints” (purple boxes) before turning in
your final assignment.
8. Need more help formatting other types of sources?
Ctrl+Click: Formatting Your References