Chapter 11, System Management, Ida A. Flynn and Ann McIver McHoes, Understanding Operating Systems, Second Edition, PWS Publishing Company (1993)

Lesson B: Accounting, Ethics, System Security, System Vulnerabilities, System Assaults: Computer Viruses, Managing Systems.
Ex: 4, 5, 6, 7, 8, 9

Problem 4.  Give three examples of excellent passwords and explain why each would be a good choice to protect a system from unauthorized users.

65518053  21294724  90676086  09458796  36364742  44662961

These passwords were selected by use of a table of random numbers.  It is unusual to have passwords that are all numeric.  An extension of the technique is to randomly select characters from an ASCII table.

The difficulty with such passwords is that they are hard to remember.  You can do it by pretending the numbers are digits for a 4 place combination lock, taking each pair of numbers as one of the combination numbers.

A password generator macro for use with Excel produced the following passwords:

iXaIJm0l  pi2QsnNy  s3xMXm3b  TIdeGHqp

To use the Excel macro that generated these, click on the spread sheet cell you want the password to be placed into.  From the top menu, select Tools|Macro|Macros|Password_Generator|Run.  The code is:

Dim Rand_Char(62)

'Generate ASCII numbers 0 through 9
'Store in Rand_Char positions 0 through 9
J = 0
For K = 48 To 57
Rand_Char(J) = Chr(K)
J = J + 1
Next K

'Generate ASCII letters A through Z
'Store in Rand_Char positions 10 through 35
For K = 65 To 90
Rand_Char(J) = Chr(K)
J = J + 1
Next K

'Generate ASCII letters a through z
'Store in Rand_Char positions 36 through 61
For K = 97 To 122
Rand_Char(J) = Chr(K)
J = J + 1
Next K

'Generate a password of 8 characters
For K = 1 To 8
N = Int((62 + 1) * Rnd)
Next K

'Tell the world

End Sub

Problem 5.  Give three examples of inadequate passwords and explain why each would be a poor choice to protect a system from unauthorized users.

These are character sequences that are easy for a hacker to consider.  Birthdates are common, everyone has one.  The word "Password" is often a default password for software until the user changes the password.  The sequence "abcdef" is simple; it is an easy starting point for a search.

The complexity of the password should be appropriate to the risk and resulting cost of unauthorized access.  Normal private correspondence does not warrant protection through use of extraordinary passwords.  Further, extraordinary passwords usually get written down because they are hard to remember.  Use of such passwords are reasonable when guarding access to classified information and system administrator access.

Problem 6.  System managers can't protect their resources without recognizing all threats and even learning to "think like a hacker".  Knowing that, and knowing that it is unethical to use a computer system without proper authorization, imagine that you are an unauthorized user who wants to break into your system.  Describe how you might begin guessing the password of a legitimate user.

The text reports some approaches:

• Search the user's desk for a written reminder
• Try the user's name
• Try the user birthday, anniversary date, children's birthdates, etc
• Try the user ID as the password
• Search log-on scripts
• Try names of family members, pets, and hobbies

Problem 7.  As a follow-up to the previous question, identify a friend who has chosen at least one computer password.  On a piece of paper, list 20 possible passwords you might use if you were trying to access the friend's system.  Then show the list to your friend and ask if any of your guesses were correct.  You might try combinations of names of family members and friends, favorite hobbies, automobiles, pets, birthdays, slang terms, favorite sayings, etc.

This problem is a good mental exercise.

If I had a friend, I certainly would not post such information on this web site.

If you had a friend and tried this problem, you would no longer have a friend because collecting the needed information would be an invasion of privacy.

Your friend would be stupid to tell you if any of your guesses were correct.

Problem 8.  Describe how you would convince a university staff member to perform regular backups and manage archives appropriately.

Arrange for merit bonus pay to be awarded annually that is reduced as a function of the number of days of lost computer service.

Problem 9.  List 20 viruses and research three in detail, describing which files they infect, how they spread, and their intended effects.

Try the following web sites:

http://www.cert.org

http://www.ciac.llnl.gov

http://www.symantec.com

http://www.ncsa.com

http://www.nha.com