2 cissp ® Official Study Guide Eighth Edition


Understand the need for strong passwords



Download 19,3 Mb.
Pdf ko'rish
bet614/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   610   611   612   613   614   615   616   617   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Understand the need for strong passwords.
Strong passwords make password-cracking 
utilities less successful. Strong passwords include multiple character types and are not 
words contained in a dictionary. Password policies ensure that users create strong pass-
words. Passwords should be encrypted when stored and encrypted when sent over a 
network. Authentication can be strengthened by using an additional factor beyond just 
passwords.
Understand how salt and pepper thwarts password attacks.
Salts add additional bits to a 
password before salting it and help thwart rainbow table attacks. Some algorithms such as 
bcrypt and Password-Based Key Derivation Function 2 (PBKDF2) add the salt and repeat 
the hashing functions many times. Salts are stored in the same database as the hashed 
password. A pepper is a large constant number used to further increase the security of 
the hashed password, and it is stored somewhere outside the database holding the hashed 
passwords.
Understand sniffer attacks.
In a sniffer attack (or snooping attack) an attacker uses a 
packet-capturing tool (such as a sniffer or protocol analyzer) to capture, analyze, and read 
data sent over a network. Attackers can easily read data sent over a network in cleartext, 
but encrypting data in transit thwarts this type of attack.

656
Chapter 14 

Controlling and Monitoring Access
Understand spoofing attacks.
Spoofing is pretending to be something or someone else, 
and it is used in many types of attacks, including access control attacks. Attackers often try 
to obtain the credentials of users so that they can spoof the user’s identity. Spoofing attacks 
include email spoofing, phone number spoofing, and IP spoofing. Many phishing attacks 
use spoofing methods.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   610   611   612   613   614   615   616   617   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish