Worksheet 3 User restrictions

Learning Aim B Cyber Security

Name:..................................................................................................... Class: .......................

Task 1
(a) Go to https://www.betterbuys.com/estimating-password-cracking-times/
For each of the passwords in the table below, complete the columns to show the password
length, which types of character are used in the password and how long it will take for a
computer to crack the password. The first example has been completed for you.

Password Password Upper Lower- Numbers Symbols How long to

length -case case used used crack (using
used used brute-force)
jcpxd 5  1s

JcPXd 5 yup yup na na

3JcPXdEPm 9 yup yup yup na 2 decades

JcP5dEp9 8 yup yup Yup[ na 4 months
JcP5dEp93D 10 yup yup yup na 1 millenia
Jc@5dEp93D 10 yup yup yup yup 80 millenia
12001010yea
Jc@5dEp93D 12 yup yup yup yup
rs

(b) Think of a password you have used in the past and you NO LONGER use. Write the
password below along with how long it would take one computer to crack. If you cannot
think of a password you have previously used then make one up.

Password: John

Time to crack: 0.19 seconds

(c) Give three rules which help to make strong passwords that are difficult to crack.

Make your passwords long. Change them every month.

1
Worksheet 3 User restrictions
Learning Aim B Cyber Security

(d) The password ‘equivalency’ will take around 7 years to crack using a brute-force method.
Explain why this password may be cracked far faster.

2
Worksheet 3 User restrictions
Learning Aim B Cyber Security

Task 2
(a) The following table contains six scenarios. Tick which factor(s) of authentication are being
used. The first one has been completed for you.

Something Something Something

Scenario
you are you know you have

A school needs to make charges to student

accounts in the canteen. They authenticate the 
student for payment by use of a fingerprint scanner.

When setting up a bank account at a modern bank,

they take a photo of you and ask you to enter a
four-digit Personal Identification Number (PIN). In yes
yes yes
order to withdraw cash at the counter, they can
check the photo of the customer and then ask for
their PIN and card.

In order to carry out online banking a password and

user ID is first needed. If a user wants to send
money to another person, they will be sent a yes
verification number to their mobile phone which
they must then enter into the website.

A social network site requires users to log in with a

username and password. If a user has lost their
yes
password then it asks a security question in order to
reset the password.

Inland Revenue are responsible for collecting tax

from people and businesses. When a user tries to
log in using their ID number and password, the
yes yes
website will phone the user’s registered telephone
number with a security code. This must then be
entered into the system to log in.

A mobile phone makes use of a fingerprint scanner

to allow people to log into the phone. The same
yes
fingerprint scanner can then be used to
authenticate payments from the phone.

(b) Describe another computer system that requires you to authenticate yourself in order to
use it.
Vein recognition

3
Worksheet 3 User restrictions
Learning Aim B Cyber Security

(c) What factors are used in the method you described?

veins

Task 3
(a) Go to the website https://wigle.net. This website records access point (AP) names and their
unique MAC addresses.
(b) Search for a place you know such as your home, school or restaurant. Note down three of
the access point names and their MAC addresses.

Access point (AP) name MAC address

Afsgs.net Fagsggs.net

Font/sa Fefe/ea

frafafa

(c) Discuss with your friends or class whether you have found any Wi-Fi networks which you
recognise.

4
Worksheet 3 User restrictions
Learning Aim B Cyber Security

Task 4
The screenshot below shows output from software used for penetration testing Wi-Fi networks.
Look at the output and the key below.

BSSID PWR CH ENC ESSID

36-C3-F1-77-E9-82 -82 1 WPA2 BTWiFi
63-AD-7C-8D-FE-01 -89 11 OPN MiFi6FF4
C6-F6-95-7C-52-21 -83 6 WPA2 HUAWEI-5C57
C0-B0-C9-E2-40-48 -51 6 OPN Office-Printer-4500
8D-1E-CD-3C-CB-ED -58 6 WPA2 AndroidAP
12-B1-5F-99-E5-46 -45 11 WPA2 iPhone Loz
7E-E2-56-E0-8E-B2 -80 14 WEP Linksys
35-CE-01-84-B4-FB -65 11 OPN Jeremy’s iPhone
B7-55-89-7B-A7-AF -78 14 WPA2 Sky54AC9
6C-16-A7-B5-B3-7F -69 6 WPA2 BTFON

Key

BSSID MAC address of the Access Point

PWR Signal strength

CH Channel

ENC Encryption method:

OPN – No encryption
WEP – Wired Equivalent Privacy encryption
WPA/WPA2 - Wi-Fi Protected Access encryption

ESSID Network name

(a) What is the purpose of penetration testing?

(b) How many networks has the penetration software found nearby?

5
Worksheet 3 User restrictions
Learning Aim B Cyber Security

(c) What is(are) the network name(s) that do not use encryption, making them vulnerable to
man-in-the-middle attacks?

(d) Which network(s) is(are) using a weak encryption which is easy for a hacker to crack?

(e) Suggest three areas other than Wi-Fi which penetration may try to test for weaknesses. For
each area, explain how the vulnerability would be fixed if found.

1.

2.

3.