Problem
Florida Orthopedic Institute Breach
Test Password-Cracking Tools and Write a Lab Report
You have successfully examined the threats to a healthcare organization's information systems infrastructure and learned how the organization can increase its security by an active management system. Now, you must begin your practical research into password-cracking software; authentication and hashing functions will get you started. Then, complete the lab activity Password Cracking with Cain using the lab instructions under Complete Lab.
In this lab activity, you will test Cain in several different modes. Not all password-cracking attempts are completed with the same speed, precision, and results, so you will try a few attacks to see which is more effective. Your deliverable will be the completed Lab Worksheet, which will require you to provide screenshots of many steps along the way. You will be introduced to MARS, a new virtual lab environment, which will prepare you to conduct more complicated lab activities in future cybersecurity courses.
In this lab activity, you will navigate your way through the MARS environment to strengthen your password and set up conditions for using Cain to crack passwords. You will learn about different types of attacks and gain knowledge you will use in your report to the director of IT and members of the board.
The Lab Guide for Password Cracking will provide detailed instructions for each step. Record your answers on the lab worksheet, including screenshots of your work. The instructions will list the four topics, which will also be covered in your report for the IT director.
Lab Report Instructions
Your completed worksheet will illustrate how your team tested password cracking tools and learned much more about the strength of passwords. Explain to the director of IT and the members of the board that the health-care organization's antivirus software will detect password-cracking tools as malware. You will also explain how this impacts the effectiveness of testing security controls like password strength. Through persuasive arguments in your lab report and presentation, help the organization's leaders understand the risks and benefits of using password-cracking tools. If any of the attacks take longer than two to three minutes to guess a password, record the estimated length of time the tool anticipates taking to guess it.
Topics to Address in Your Lab Report Worksheet
A. Compare and contrast the results from the two methods used to crack the user accounts.
a. Describe the tool's speed at cracking the passwords and draw conclusions that are relevant to the organization's cybersecurity posture. Explain how the tools respond to password complexity.
B. Explain how strong passwords are constructed and your team's recommendations for the organization.
a. Explain the four types of character sets used for strong passwords, how many you should use, the general rules for password length, and recommendations for how often passwords should be changed.
C. Discuss the benefit of penetration testing.
a. Explain what that would entail in the organization and what the team could learn from the testing. Discuss the pros and cons of using the same usernames and passwords on multiple systems.
D. Discuss any ethical or legal considerations for how you would use password cracking tools.
When you have completed your lab report in the worksheet, complete with screenshots to demonstrate what you did, you will work on the presentation for the board of directors.