13. Enhancing Security via Password Policies.pdf

(209 KB) Pobierz

Enhancing Security

via Password Policies

Security Fundamentals

Instructor: Don Jones

Enhancing Security via Password Policies

Security Fundamentals

In This Lesson:

 Strong Passwords

 Passphrases

 Account Lockout

 Password Aging

 Password History

 GPOs and Password Policies

 Understanding Common Password Attacks

Enhancing Security via Password Policies

Security Fundamentals

Strong Passwords

• Longer passwords that incorporate many different kinds of

characters can help defeat some common types of password

attacks, and makes it harder to guess passwords.

• P@ssw0rd! is harder to guess than just password .

• Because attackers can use automated attacks and pre-

generated “dictionaries,” longer is often considered more secure

than “more complex”.

1123952611.093.png

1123952611.104.png

1123952611.114.png

1123952611.125.png

1123952611.001.png

1123952611.012.png

1123952611.022.png

1123952611.033.png

1123952611.044.png

1123952611.049.png

1123952611.050.png

1123952611.051.png

1123952611.052.png

1123952611.053.png

1123952611.054.png

1123952611.055.png

1123952611.056.png

1123952611.057.png

1123952611.058.png

1123952611.059.png

1123952611.060.png

1123952611.061.png

1123952611.062.png

1123952611.063.png

1123952611.064.png

1123952611.065.png

1123952611.066.png

1123952611.067.png

1123952611.068.png

1123952611.069.png

1123952611.070.png

1123952611.071.png

1123952611.072.png

1123952611.073.png

1123952611.074.png

1123952611.075.png

1123952611.076.png

1123952611.077.png

Enhancing Security via Password Policies

Security Fundamentals

Tips for Stronger Passwords

• Replace letters with numbers: 3 for E, @ for A, etc.

• Add symbols: Babycakes becomes B@by!c@kes? .

• Use acronyms: “The quick brown fox jumped over the lazy dog!”

yields the password Tqbfjotld! .

• Combine personal facts: Your birthdate combined with your

favorite color becomes 11#Blue#22 .

Enhancing Security via Password Policies

Security Fundamentals

Passphrases

• A passphrase is simply a very long password, not necessarily

one that uses funny characters and symbols.

• My Aunt Sally was nice to me when I was a child .

• That’s a very long password – it’s difficult to guess, and its

length makes it very resistant to dictionary attacks. It’s also

somewhat easier to remember than something like

e6R4%m!2hY .

Enhancing Security via Password Policies

Security Fundamentals

Password Complexity

• Complexity involves two factors:

– Length of the password

– Classes of characters used in the password

• Uppercase letters

• Lowercase letters

• Numbers

• Symbols (!@#$%, etc.)

1123952611.078.png

1123952611.079.png

1123952611.080.png

1123952611.081.png

1123952611.082.png

1123952611.083.png

1123952611.084.png

1123952611.085.png

1123952611.086.png

1123952611.087.png

1123952611.088.png

1123952611.089.png

1123952611.090.png

1123952611.091.png

1123952611.092.png

1123952611.094.png

1123952611.095.png

1123952611.096.png

1123952611.097.png

1123952611.098.png

1123952611.099.png

1123952611.100.png

1123952611.101.png

1123952611.102.png

1123952611.103.png

1123952611.105.png

1123952611.106.png

1123952611.107.png

1123952611.108.png

1123952611.109.png

1123952611.110.png

1123952611.111.png

Enhancing Security via Password Policies

Security Fundamentals

Account Lockout

• Locks an account when an incorrect password is provided a

certain number of times within a certain number of minutes.

• Helps prevent unlimited password guessing – but can lock out

users who make frequent mistakes or forget a new password.

• Lockout can automatically expire after a set time or remain in

place until manually unlocked.

• Let’s see how lockout is managed…

Enhancing Security via Password Policies

Security Fundamentals

Password Aging and History

• Password age is the number of days a password is allowed to

remain in use before it must be changed.

• Password history is the number of old passwords the system

remembers and prevents users from reusing them.

• The tradeoff with age is keeping it short, but not so short that

users have a hard time remembering “this week’s password”.

Enhancing Security via Password Policies

Security Fundamentals

Password Policy

• Domains derive their password rules from a centralized policy

setting stored in a Group Policy Object (GPO).

• Fine-grained password policies enable different policies to

be applied to different portions of the organization.

• Let’s see where some of the various rules are set…

1123952611.112.png

1123952611.113.png

1123952611.115.png

1123952611.116.png

1123952611.117.png

1123952611.118.png

1123952611.119.png

1123952611.120.png

1123952611.121.png

1123952611.122.png

1123952611.123.png

1123952611.124.png

1123952611.126.png

1123952611.127.png

1123952611.128.png

1123952611.129.png

1123952611.130.png

1123952611.131.png

1123952611.132.png

1123952611.133.png

1123952611.134.png

1123952611.135.png

1123952611.002.png

1123952611.003.png

1123952611.004.png

1123952611.005.png

1123952611.006.png

1123952611.007.png

1123952611.008.png

1123952611.009.png

1123952611.010.png

1123952611.011.png

Enhancing Security via Password Policies

Security Fundamentals

Common Password Attacks

• Brute Force: Trying as many possible combinations of characters

as possible.

• Dictionary: Attempts all words in one or more dictionaries. Lists

of common passwords are also typically tested.

• Keylogger: Capture key presses of users as they type a

password.

• Leaked/Shared Passwords: No sticky notes!

Enhancing Security via Password Policies

Security Fundamentals

Common Password Attacks

• Network Sniffing: Useless for most Windows-based networks as

the user’s password is never transmitted, and useful in

unencrypted situations like web pages.

• Password cracking: Attackers get access to an encrypted

password file and runs password cracking tools against the files.

• Password guessing: Simply guessing what the password could

possibly be.

Enhancing Security via Password Policies

Security Fundamentals

What We Covered

 Strong Passwords

 Passphrases

 Account Lockout

 Password Aging

 Password History

 GPOs and Password Policies

 Understanding Common Password Attacks















1123952611.013.png

1123952611.014.png

1123952611.015.png

1123952611.016.png

1123952611.017.png

1123952611.018.png

1123952611.019.png

1123952611.020.png

1123952611.021.png

1123952611.023.png

1123952611.024.png

1123952611.025.png

1123952611.026.png

1123952611.027.png

1123952611.028.png

1123952611.029.png

1123952611.030.png

1123952611.031.png

1123952611.032.png

1123952611.034.png

1123952611.035.png

1123952611.036.png

1123952611.037.png

1123952611.038.png

1123952611.039.png

1123952611.040.png

1123952611.041.png

1123952611.042.png

1123952611.043.png

1123952611.045.png

1123952611.046.png

1123952611.047.png

1123952611.048.png

Plik z chomika:

Inne pliki z tego folderu:

01. Getting Started with Security Fundamentals.pdf (242 KB)
03. Physical Security as the First Line of Defense.pdf (201 KB)
02. Introducing Security.pdf (209 KB)
05. Authentication Basics.pdf (281 KB)
07. Using Encryption to Protect Data.pdf (233 KB)

Inne foldery tego chomika:

MP3

Zgłoś jeśli naruszono regulamin