1) The importance of a password policy in Windows cannot be overlooked. There ar

Question

1) The importance of a password policy in Windows cannot be overlooked. There are many variables to securing passwords such as minimum and maximum age, complexity, length, and whether they should be stored with reversible encryption. In most enterprises, a user's account is linked to the user, and breach of the account can reflect poorly on the user; as actions performed with the account are the responsibility of the user. In FDA 21CFR11 environments, there can be legal implications to a breached account. A good password should be chosen. There are many thoughts on what a "good" password is, but a good guidance is published by the NIST. NIST Document SP 800-63 (Digital Identity Guidelines) is considered a good guidance. One reason it is important to choose a good password is recently there was a password-hash table dumped containing SHA-1 hashes for over 320 MILLION passwords. 99.9999% of these passwords were discovered in clear text.

2) There are two strategies for reducing the attack surface: One is disable/remove programs with vulnerabilities (the best method since it would be better if the service was not even there), The second is, if you have to run programs with vulnerabilities then implement controls that will mitigate the vulnerability. Although the second strategy is harder, less complete, and time consuming, it is still required when the program you run has known vulnerabilities. By installing only the services you need you reduce the attack surface of the server. This means you reduce the available vulnerabilities that an attacker can use to gain access to your system. For example, when installing a Windows Server, you pick what the role of the server will be (Web, mail, etc) and then only those services that this role requires is loaded. Also, as time goes on you will only be impacted by the new vulnerabilities that are identified in the limited amount of software you have loaded.

Come up with a well thought out 3 sentence responses to both posts above 1) and 2)

Explanation / Answer

Ans 1- Passwords are the primary mechanism for defending private and confidential data from unwanted threat. Appropriate efforts needs to be put by the users to generate an extremely complex password which is highly difficut to crack. If the password is small and guessable, anyone can break into the organization's security and thus can misuse the important information. There must be written policy that need to be created in each organizations about the steps to generate a complex password. If the organization deals with customer's personal data and fails to maintain the confidentiality of their password, they would have to face many legal consequences.

Ans 2- This paragraph talks about strategies to reduce the impact of software vulnerabilities. We should focus on building Role based access to the vulnerable softwares. In the first step, the list of vulnerable softwares is prepared then a list of secure applications is prepared. Post that we need to grant access to each of these secure applications for the softwares. This would help reduce the number of impacted applications from the vulnerable softwares.

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.