13. Enhancing Security via Password Policies.pdf
(
209 KB
)
Pobierz
Enhancing Security
via Password Policies
Security Fundamentals
Instructor: Don Jones
Enhancing Security via Password Policies
Security Fundamentals
In This Lesson:
Strong Passwords
Passphrases
Account Lockout
Password Aging
Password History
GPOs and Password Policies
Understanding Common Password Attacks
Enhancing Security via Password Policies
Security Fundamentals
Strong Passwords
•
Longer passwords that incorporate many different kinds of
characters can help defeat some common types of password
attacks, and makes it harder to guess passwords.
•
P@ssw0rd!
is harder to guess than just
password
.
•
Because attackers can use automated attacks and pre-
generated “dictionaries,” longer is often considered more secure
than “more complex”.
Enhancing Security via Password Policies
Security Fundamentals
Tips for Stronger Passwords
•
Replace letters with numbers: 3 for E, @ for A, etc.
•
Add symbols:
Babycakes
becomes
B@by!c@kes?
.
•
Use acronyms: “The quick brown fox jumped over the lazy dog!”
yields the password
Tqbfjotld!
.
•
Combine personal facts: Your birthdate combined with your
favorite color becomes
11#Blue#22
.
Enhancing Security via Password Policies
Security Fundamentals
Passphrases
•
A passphrase is simply a very long password, not necessarily
one that uses funny characters and symbols.
•
My Aunt Sally was nice to me when I was a child
.
•
That’s a very long password – it’s difficult to guess, and its
length makes it very resistant to dictionary attacks. It’s also
somewhat easier to remember than something like
e6R4%m!2hY
.
Enhancing Security via Password Policies
Security Fundamentals
Password Complexity
•
Complexity involves two factors:
–
Length of the password
–
Classes of characters used in the password
•
Uppercase letters
•
Lowercase letters
•
Numbers
•
Symbols (!@#$%, etc.)
Enhancing Security via Password Policies
Security Fundamentals
Account Lockout
•
Locks an account when an incorrect password is provided a
certain number of times within a certain number of minutes.
•
Helps prevent unlimited password guessing – but can lock out
users who make frequent mistakes or forget a new password.
•
Lockout can automatically expire after a set time or remain in
place until manually unlocked.
•
Let’s see how lockout is managed…
Enhancing Security via Password Policies
Security Fundamentals
Password Aging and History
•
Password
age
is the number of days a password is allowed to
remain in use before it must be changed.
•
Password
history
is the number of old passwords the system
remembers and prevents users from reusing them.
•
The tradeoff with age is keeping it short, but not so short that
users have a hard time remembering “this week’s password”.
Enhancing Security via Password Policies
Security Fundamentals
Password Policy
•
Domains derive their password rules from a centralized policy
setting stored in a Group Policy Object (GPO).
•
Fine-grained password policies
enable different policies to
be applied to different portions of the organization.
•
Let’s see where some of the various rules are set…
Enhancing Security via Password Policies
Security Fundamentals
Common Password Attacks
•
Brute Force: Trying as many possible combinations of characters
as possible.
•
Dictionary: Attempts all words in one or more dictionaries. Lists
of common passwords are also typically tested.
•
Keylogger: Capture key presses of users as they type a
password.
•
Leaked/Shared Passwords: No sticky notes!
Enhancing Security via Password Policies
Security Fundamentals
Common Password Attacks
•
Network Sniffing: Useless for most Windows-based networks as
the user’s password is never transmitted, and useful in
unencrypted situations like web pages.
•
Password cracking: Attackers get access to an encrypted
password file and runs password cracking tools against the files.
•
Password guessing: Simply guessing what the password could
possibly be.
Enhancing Security via Password Policies
Security Fundamentals
What We Covered
Strong Passwords
Passphrases
Account Lockout
Password Aging
Password History
GPOs and Password Policies
Understanding Common Password Attacks
Plik z chomika:
morek3333
Inne pliki z tego folderu:
01. Getting Started with Security Fundamentals.pdf
(242 KB)
03. Physical Security as the First Line of Defense.pdf
(201 KB)
02. Introducing Security.pdf
(209 KB)
05. Authentication Basics.pdf
(281 KB)
07. Using Encryption to Protect Data.pdf
(233 KB)
Inne foldery tego chomika:
MP3
Zgłoś jeśli
naruszono regulamin