a)In the words of Snowden \"properly Imlemented strong crypto systems are one of the few
things that you can rely on.\" By strong crypto he meant Public Key Cryptography(one key is
public and other key is private) like RSA. The 2nd part is implementation which again comes on
human being.Also public key system require that users authenticate each public key before they
use them.Users must keep their local system physically secure and protect the private
key.Finally, it is as good as pass phrase chosen by the user. If somehow Keys are disclosed the
data is no more safe.
b)Identification occurs when you type your username into a login screen because you have
claimed to be that person, while authentication occurs after you have typed in a password and hit
the \'login\' button, at which time the validity you claim to the username is determined. Many
studies have shown that users tend to choose short and guessable passwords, this makes them
vulnerable to attacks. Other ways of stealing the password is using keylogger software where
keystrokes are recorded, users can be fooled by phishing mails, users fail to change password
from time to time even when instructed to, users choose same password for multiple systems.
c)There can be many cases where access control can be compromised- Not locking down
workstations or laptops, not keeping extra security measures on portable devices in case of theft
or you lose them, logging on remote system through open/unencrypted wireless network etc
It is very difficult to remember so many passwords and check all security measures all the time
for human beings. There are people out there who has laid all traps and waiting to steal
information and data. Humans will always be the weakest link in any security system as we are
not designed to act like machine.
Solution
a)In the words of Snowden \"properly Imlemented strong crypto systems are one of the few
things that you can rely on.\" By strong crypto he meant Public Key Cryptography(one key is
public and other key is private) like RSA. The 2nd part is implementation which again comes on
human being.Also public key system require that users authenticate each public key before they
use them.Users must keep their local system physically secure and protect the private
key.Finally, it is as good as pass phrase chosen by the user. If somehow Keys are disclosed the
data is no more safe.
b)Identification occurs when you type your username into a login screen because you have
claimed to be that person, while authentication occurs after you have typed in a password and hit
the \'login\' button, at which time the validity you claim to the username is determined. Many
studies have shown that users tend to choose short and guessable passwords, this makes them
vulnerable to attacks. Other ways of stealing the password is using keylogger software where
keystrokes are recorded, users can be fooled by phishing mails, users fail to change password
from time to time even when instructed .
a)In the words of Snowden properly Imlemented strong crypto system.pdf
1. a)In the words of Snowden "properly Imlemented strong crypto systems are one of the few
things that you can rely on." By strong crypto he meant Public Key Cryptography(one key is
public and other key is private) like RSA. The 2nd part is implementation which again comes on
human being.Also public key system require that users authenticate each public key before they
use them.Users must keep their local system physically secure and protect the private
key.Finally, it is as good as pass phrase chosen by the user. If somehow Keys are disclosed the
data is no more safe.
b)Identification occurs when you type your username into a login screen because you have
claimed to be that person, while authentication occurs after you have typed in a password and hit
the 'login' button, at which time the validity you claim to the username is determined. Many
studies have shown that users tend to choose short and guessable passwords, this makes them
vulnerable to attacks. Other ways of stealing the password is using keylogger software where
keystrokes are recorded, users can be fooled by phishing mails, users fail to change password
from time to time even when instructed to, users choose same password for multiple systems.
c)There can be many cases where access control can be compromised- Not locking down
workstations or laptops, not keeping extra security measures on portable devices in case of theft
or you lose them, logging on remote system through open/unencrypted wireless network etc
It is very difficult to remember so many passwords and check all security measures all the time
for human beings. There are people out there who has laid all traps and waiting to steal
information and data. Humans will always be the weakest link in any security system as we are
not designed to act like machine.
Solution
a)In the words of Snowden "properly Imlemented strong crypto systems are one of the few
things that you can rely on." By strong crypto he meant Public Key Cryptography(one key is
public and other key is private) like RSA. The 2nd part is implementation which again comes on
human being.Also public key system require that users authenticate each public key before they
use them.Users must keep their local system physically secure and protect the private
key.Finally, it is as good as pass phrase chosen by the user. If somehow Keys are disclosed the
data is no more safe.
b)Identification occurs when you type your username into a login screen because you have
claimed to be that person, while authentication occurs after you have typed in a password and hit
the 'login' button, at which time the validity you claim to the username is determined. Many
studies have shown that users tend to choose short and guessable passwords, this makes them
2. vulnerable to attacks. Other ways of stealing the password is using keylogger software where
keystrokes are recorded, users can be fooled by phishing mails, users fail to change password
from time to time even when instructed to, users choose same password for multiple systems.
c)There can be many cases where access control can be compromised- Not locking down
workstations or laptops, not keeping extra security measures on portable devices in case of theft
or you lose them, logging on remote system through open/unencrypted wireless network etc
It is very difficult to remember so many passwords and check all security measures all the time
for human beings. There are people out there who has laid all traps and waiting to steal
information and data. Humans will always be the weakest link in any security system as we are
not designed to act like machine.