Examining a Security Policy Worksheet Overview: In this lab activity you will ex

Question

Examining a Security Policy Worksheet Overview: In this lab activity you will examine a security policy. Complete the tasks and provide a paragraph or two response when needed. Task: 1. Using sans.org to review and develop security policies. a. Access the http://www.sans.orgwebsite b. Select Free Resources c. Select Security Policy Templates d. Select General e. Select Password Construction Guidelines f. Download the DOC and Save this document g. Using the Password Construction Guidelines policy, create a policy for a company of your choosing 2. Describe what kind of policy is referenced. 3. Discuss the standard policy components that are included in this policy? 4. How often must system-level administrators change their passwords to confirm to this policy? 5. To confirm to this policy, how often must regular system users change their password? 6. According to this policy, what is the minimum character length for a password, and how should it be constructed? 7. According to this policy, why is password1 not a good choice for a password? 8. Close the policy file. If necessary, close file explorer.

Explanation / Answer

2. Describe what kind of policy is referenced.
   storng password policy should be applied to protect data and secure information and to remember password manager is used to not to repeat same password for last three password set
  
3. Discuss the standard policy components that are included in this policy?
    •   Contain eight characters or less.
   •   Contain personal information such as birthdates, addresses, phone numbers, or names of family members, pets, friends, and fantasy characters.
   •   Contain number patterns such as aaabbb, qwerty, zyxwvuts, or 123321.
   •   Are some version of “Welcome123” “Password123” “Changeme123”
   as above password policy is not healthy as its easy to remember and easy to crack by the attackers , to remember long password, password manager should be
   used and every week password should be change by user.

  
4. How often must system-level administrators change their passwords to confirm to this policy?
   in a month it must be forcefully change and two factor authentication should be apply so if any illegle attempt directly send you an sms for the threats.
  
5. To confirm to this policy, how often must regular system users change their password?
   every week password should be change and should be use the same password since last three password set.

6. According to this policy, what is the minimum character length for a password, and how should it be constructed?
   minimum length of password is 14 characters long as they have recomanded simple passphrases no numbers or special characters are included ,
   passwords made up of multiple words.password must be strongly choosen as its core key of information security if its weak then your system or data may get
   compromised. so password must contain atleast 3 to 5 special characteres number , where number will be the passoword setting time eg 12am 2pm 630pm etc
   so for eg. itsfrid@y_tod@y12am
  
7. According to this policy, why is password1 not a good choice for a password?
   it can be bruteforced by the attackers and since its easy to guess anyone can see when typing even from camera or by any keyloggers

Related Questions

Navigate

• Browse (All)
• Browse E
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.