Implementing Security for Devices

Implementing Security for Devices

Password Algorithm Design Challenge

In this activity password algorithms were created for a user trying to secure a device or application.

Chosen Algorithm:

  • Users birth month+Users birth day+ Users birth year
  • Least favorite snack
  • Random Symbol
  • All even numbers from users phone number
  • All odd numbers from users phone number added to
  • Random lowercase letter
  • Random uppercase letter
  • Random uppercase letter

  • Random symbol

    ex: 2040spinach#1833pOL&

This password algorithm would suffice for the creation of a unique secure password. The algorithm uses a mix or symbols, numbers, and letters as well as very lengthy. A user would need to have a password manager in order to use this algorthim as it is not easy to remember.

This information came from the Password Algortim Design Challenge

Changing Ubuntu Password

In this activity the Ubuntu default password was changed to a more secure password created by the algorithm above.

In order to accomplish this. Complete these steps:

  • type “passwd”
  • Enter the current password
  • Enter new password
  • Re-enter new password

If it was a success then the user should recieve a screen like this:

image

Confirm the new password by running the command “sudo ls /root” then typing the new password

image

By entering

“sudo adduser username & sudo usermod -aG sudo username”

The user can create a new user on the Ubuntu VM

This information came from the ChangingPassword_Ubuntu_Student Activity

Enabling MFA in Ubuntu

In order to enable MFA in Ubuntu first the user must be logged into an account with admin privaleges

image

Next update the VM by running “sudo apt update” then install the authenticator by running “sudo apt install libpam-google-authenticator -y”

These commands update the VM’s software packages and downloads the authenticator package

Next the “google-authenticator” command was entered

This generates a QR code that gives the user a secret key for the secondary authentication

image

Due to the fact that classroom Ipads do not have the app for the QR code the site “https://totp.danhersam.com/” was used in order to generate the code

Next in order to enable MFA and SSH for login the “sudo nano /etc/ssh/sshd_config” command was ran in order to edit the SSH server config

The following lines were changed:

  • KbdInteractiveAuthentication yes
  • UsePAM yes
  • PasswordAuthentication yes

Next save and exit and restart SSH by running “sudo systemctl restart ssh”. Then open the SSH PAM config file by running “sudo nano /etc/pam.d/sshd”. “auth required pam_google_authenticator.so” was added then it was saved.

The MFA was tested by running “ssh username@localhost”

This information came from the Enabling Multi-Factor Authentication (MFA) in Ubuntu activity

Patching in Ubuntu

Patches are important because they secure the users data. When applications aren’t updated regularly then hackers can use that to their advantage to steal information. Companies constantly roll out updates to better secure the users who use their app.

In ubuntu in order to see the list of upgradable packages enter “sudo apt list –upgradable”

image

image

In order to update these packages enter “sudo apt upgrade”

Ubuntu allows the user to better keep track of their updates by keeping a log file. In order to open it run “cat /var/log/apt/history.log”

By running “grep “2025-10” /var/log/apt/history.log” the user can view specific dates

image

This image shows two different dates and the corresponding logs

By running “grep “nano” /var/log/apt/history.log” or “grep “firefox” /var/log/apt/history.log” the user can search for specific programs

image

image

Or to search for a specific package “grep “google-authenticator” /var/log/apt/history.log”

image

Due to the fact that ubuntu rotates logs the user must enter “tail -n 20 /var/log/apt/history.log” in order to find the most recent one

image

Scenario A hospital is using Ubuntu VM as their real computers and they do not update it

If the Ubuntu VM was never patched or updated then Zero day vulnerabilities could be created that hackers could exploit to get into the hospitals database and view private information. In order to prevent these exploits in the wild then the hospital should hire a Cisco certified support technician to change their ubuntu VM to automatically update so that there are no security vulnerabilities due to old software. These automatic updates ensure that all the hospitals software is updated.

The issue of patching can be solved by turning on automatic updates. In order to view the last automatic update in the Ubuntu VM the user must enter “ls -l /var/lib/apt/periodic/”

image

This inforation came from the Patching Ubuntu Activity

NIST and OWASP

NIST (National Institute of Standards and Technology) and OWASP (Open Worldwide Security Project) are two companies that give guidelines on creating passwords for better device and application securitization.

NIST’s main password ideas: • Length>complexity(The password needs to be greater in length rather than complex for a easier password to remember) • Multi-Factor Authentication(This ensures that a hacker could not enter the users account by just gaining the password) • Screen out bad passwords(This ensures that the hacker is not able to use the brute-force method of hacking) OWASP’s main password ideas: • Authentication cheat sheet(This allows the user to easily find keys or codes) • password storage cheat sheet(THis allows the user to easily find passwords) • recognize credential stuffing(When a hacker tries to use known information about the user to gain access to their account)

This information came from the Implementing Security for Devices Student Notes

Reflection

In order for a user to secure their device and applications they must be active constantly. To start a new account or user then the user must have a password algorithm to generate a strong password that is resistent to hacks. The password algorithm must create a password that is long in order to create more possible outcomes for a potential hacker to guess. It must also use a mix of symbols, numbers and letters. If the algorithm generates a password that is hard to remember then the user can use a password manager or email the password to themselves. After that the user must always update the device and its applications to ensure that hackers can’t exploit out of date software.