CIS Lab 9
Popular in Intro Computer Based Information Systems
Popular in CIS
This 11 page Class Notes was uploaded by Khanh Phan on Tuesday June 14, 2016. The Class Notes belongs to CIS 2010 at Georgia State University taught by James Senn in Summer 2016. Since its upload, it has received 9 views. For similar materials see Intro Computer Based Information Systems in CIS at Georgia State University.
Reviews for CIS Lab 9
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 06/14/16
CIS 2010 Laboratory #1 2 Digital Security: Encryption and Password Protection Practices Part I: Encrypting Files This laboratory, which focuses on digital security, consists of two parts: protecting files and protecting documents. When there is a des ire to protect against interception of data, such as during the transfer of a file or transaction over communication links, encryption is an effective security measure. With encryption, a mathematical algorithm is used to convert the data into an enciphered form. The algorithm translates the message into its disguised cipher text form. T he message can later be read or processed provided the recipient has a valid key for decoding the data. PREREQUISITES Part I of this laboratory will help you establish or improve skills in encrypting files. The process shown here can be used for a wide range of data files. You will need, • A USB memory stick • Access to the following apps: o HxD.exe, o SafeHouseExplorer.exe • Access to the Windows Notepad app At the end of this lab, you are expected to provide the completed lab protocol, including an encrypted file you’ve created using the Windows Notepad . Your lab instructor will advise you whether to deliver the completed file on a USB memory stick, demonstrate the results d uring the lab, or transmit the results to the Desire2LEarn assignment site. (Be certain your name is on the completed protocol.) PART I: CREATING PLAIN TEXT FILES The first steps in this lab take you through the creation of a simple data file. When the f ile is later encrypted, you will see how the data you entered to create the file appear in digital form and later in encrypted form. Ordinary documents, such as word processing, spreadsheet, and text files are called “plain text” files because the contents of the document are stored in a way that the material can be read without a password. To begin, 1. Perhaps you have a secret beverage recipe you want to protect via encryption. To do so, create a text file using the Windows Notepad application. From the Start/Accessories Menu, Choose Notepad. (If your computer does not have Accessories or show an Accessories menu, type Notepad in the Search / Search the Web and Windows search bar.) CIS 2010 Laboratory #13: Encrypting Files Page | 1 This lab was created by Professor Richard Baskerville. 2. Enter secret information into the plain text file , as shown below. 3. Save this file, naming it as “PlainText.txt”. HxD is a simple disk editor that allows you to examine and change the contents of a disk drive or memory location. 4. Run HxD. Load PlainText.txt by selecting “File”, “Open”, and choosing PlainText. txt. Page | 2 5. The hexadecimal editor displays the offset address of the contents of the file in the leftmost column, the contents of the file in binary form (represented by numbers in the base 16 (or “hexadecimal”) in columns 00 through 0F, and also in simple t ext format in the right most column. Your file will display in a format like the one below. The contents will vary as you have inserted your name when preparing the secret recipe. 6. How much of the PlainText file can be read without the notepad applicat ion that created it? How secure is information stored in plain text on a computer? ____________________ 7. Close the file by choosing “File” and “Close” from the HxD menu. SafeHouse Explorer is a simple encryption program that creates an encrypted director y as a repository for files containing sensitive information. 8. Run SafeHouse Explorer. Cancel the Learn More screen, accept the User Agreement, and click Finish. Create a new volume by choosing “Tools” and “Create a new safe house volume” Page | 3 9. The “Create SafeHouse Volume” dialog box will open. Choose “Next”. 10. Choose an appropriate name and folder for your confidential volume. 11. Check that the folder name and filename are correct and choose “Next” 12. Set the filesize to 12k, not expandable, and prei nitialize. Choose next. Page | 4 13. What is the smallest size for a SafeHouse Volume? ____________________ 14. In the following dialog box, choose and enter a good 8 -‐character password. How can lost passwords be recovered? ____________________ 15. What is the password you used in the previous step? ____________________ 16. Double check your work, and choose “Create Volume” 17. After noting the “Volume Created Successfully” message, Choose “Finish”. Select “Yes” to “Open volume now”. Page | 5 18. Open Windows Explorer and locate the P lainText file created earlier. Drag this file into the main right-‐hand pane of the SafeHouse Explorer window. 19. Using HxD, open the SafeHou se volume created above. What warning is given in plain text in the file? ____________________ 20. With HxD, browse through the SafeHouse volume. What information is readable? What parts of the the secret information from the PlainText.txt file is readable ? ____________________ Page | 6 Part II Password Protecting and Encrypting Documents Security breaches on the digital world seem to occur more frequently with every passing day. Consequently managers are expected to be sensitive to protection of valued business documents and files. Yet security should be a personal concern as well, as we store more and more personal information on digital devices, in an Internet cloud, and on Web and e -‐mail sites. Good security practices begin with the choice of passwords. PREREQUISITES Part II of this laboratory will help you establish or improve skills in constructing passwords and password protecting encrypted documents. You will need, • Access to the Internet • Access to Microsoft Excel • USB memory stick At the end of this lab, you are expected to provide the completed lab protocol, including a password protected Excel file. Your lab instructor will advise you whether to deliver the completed file on a USB memory stick, demonstrate the results during the lab, or transmit the results to the Desire2Learn assignment site. (Be certain your name is on the completed protocol.) PASSWORD GUIDELINES 1 Strong passwords adhere to the well -‐defined guidelines. A minimum password length of 12 to 14 characters if permitted • Generating passwords randomly where feasible • Avoiding passwords based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, romantic links (current or past), or biographical information (e.g., ID numbers, ancestors' names or dates) . • Including numbers, and symbols in passwords if allowed by the system • If the system recognizes case as significant, using capital and lower -‐case letters • Avoiding using the same password for multiple sites or purposes Some guidelines advise against writin g passwords down, others permit writing down passwords as long as the written password lists are kept in a safe place, such as a wallet or safe, not attached to a monitor or in an unlocked desk drawer, and not stored on a computer system in plaintext. 1 http://en.wikipedia.org/wiki/Password_strength Page | 7 Examples of weak passwords include: • Default passwords: password, default, admin, guest, etc. • Passwords containing dictionary words (in any language): chameleon, RedSox, sandbags, bunnyhop!, IntenseCrabtree, etc., • Words with numbers appended: password1, dee r2000, john1234, etc., • Words with simple obfuscation: p@ssw0rd, l33th4x0r, g0ldf1sh, etc., • Common sequences from a keyboard row: qwerty, 12345, asdfgh, fred, etc. • Numeric sequences based on well -‐known numbers such as 911 (9 -‐1-‐1, 9/11), 314159... (pi), or 27182... (e), etc. • Identifiers: jsmith123, 1/1/1970, 555–1234, "your username", etc. • Anything personally related to an individual: license plate number, Social Security number, current or past telephone number, student ID, address, birthday, sports team, relative's or pet's names/nicknames/birthdays/initials, etc., PART ONE: Forming and Testing Passwords 1. Open web browser pages to two password testing sites, e.g.,: a. http://www.passwordmeter.com b. http://howsecureismypassword.net 2. Test the password “password ” What is the score, complexity, and length of time to crack this pas d? ____________________ 3. Test the password “TZG9x!5Vl.2LIq7wEy3l” What is the score, complexity, and length of time to crack this pas d? ____________________ 4. Test the passphrase “AlmaMater,weareloyaltothenameofGeorgiaState” What is the score, complexity, and length of time to crack this pas d? ____________________ 5. Test the passphrase “AlMa -‐wearlotothnaofGeSt” What is the score, complexity, and length of time to crack this pass word? ____________________ 6. Test the passphrase “AM-‐walottnoGS” What is the score, complexity, and length of time to crack this pas d? ____________________ 7. Test the passphrase “walttnoG” What is the score, complexity, and length of time to crack this password? ____________________ 8. Test the passphrase “Wa12uG5!” What is the score, complexity, and length of time to crack this pas d? ____________________ 9. Many instances will limit the number of characters, the use of numbers, or the kinds of symbols that may be used in passwords. Is it easier or more difficult to construct a good short password or a good long password? Why or why not? Page | 8 PART TWO: Encrypting and Password Protecting a Document 10. Using the passphrase approach above, create two strong 8 -‐character length passwords. a. What is password #1? b. What is the score, complexity, and length of time to crack this password? ____________________ c. What is password #2? d. What is the score, complexity, and length of time to crack this password? ____________________ 11. Open Microsoft Excel and create a new microsoft excel worksheet named “MySecret”. 12. Insert secret information into the spreadsheet, e.g., Page | 9 13. From the Excel “File” menu, choose “Save As”, and select “Tools” and “General Options” from the sub menu. ! 14. Into the two password boxes in the Save-‐As, General Options dialog, enter each of the two strong 8-‐character length passwords from step 10. ! Page | 10 15. You will be prompted to reenter each of the two passwords. (Read the caution). Then press the Save button. Choose “Yes” if you are prompted to overwrite an existing file. 16. Close Excel. 17. Using Excel, open the workbook file just created: MySecret. Enter the two passwords in the dialog boxes as prompted: 18. In what way can you recover a workbook file that has been protected by password, but for which you have forgotten the password? ____________________ Page | 11
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'