Cracker Attack: A Password Security Lab Exercise
Password security is an area of Information Assurance which is easily understood and is currently very important in any security system consideration. This lab exercise is for students in upper-level undergraduate courses and will give them experience with password security policies, systems, and tools. The password systems used in the lab are available for any linux system. The tools used are John the Ripper and the Linux Pluggable Authentication Modules (Linux-PAM).
Learning Objectives- Identify current best practices in password security.
- Gain experience with password policies from user and administrator perspectives.
- Gain experience with the Linux password security system.
- Evaluate and change an existing password policy and modify configuration files in order to enforce a new policy.
- Identify weak passwords and gain experience with tools used to detect weak passwords.
- Understand the human factors in password security and be able to design a password policy that takes these factors into account without accepting weak passwords from users.
- Password policy developed in the lab and configuration files used to enforce it.
- Lab Writeup and Report
- Student Homework (optional)