Understanding Security Policies

Slides:



Advertisements
Similar presentations
Password Cracking Lesson 10. Why crack passwords?
Advertisements

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Cryptography and Network Security Chapter 20 Intruders
Tom Parker Project Manager Identity Management Team IT Security Group.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Securing Windows Servers Using Group Policy Objects
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Password Management PA Turnpike Commission
Managing User Accounts, Passwords and Logon Chapter 5 powered by dj.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.
Chapter 13 – Network Security
Designing Active Directory for Security
Windows Server 2003 Overview 1 Windows 2003 Server Overview Ayaz
CIS 450 – Network Security Chapter 8 – Password Security.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.
Securing AD DS Module A 3: Securing AD DS
Microsoft ® Virtual Academy Module 3 Understanding Security Policies Christopher Chapman | Content PM, Microsoft Thomas Willingham | Content Developer,
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
1 Chapter Overview Understanding User Accounts Planning New User Accounts Creating, Modifying, and Deleting User Accounts Setting Properties for User Accounts.
Mr C Johnston ICT Teacher BTEC IT Unit 05 - Lesson 12 Network Security Policy.
LockoutGuard Protect AD accounts from Extranet attacks Copyright ©2008 Collective Software, LLC.
Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
November 19, 2008 CSC 682 Do Strong Web Passwords Accomplish Anything? Florencio, Herley and Coskun Presented by: Ryan Lehan.
Module 7: Implementing Security Using Group Policy.
NetTech Solutions Security and Security Permissions Lesson Nine.
Building Structures. Building Relationships. Passwords February 2010 Marshall Tuck.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.
Chapter 7 Server Management Policies –User accounts –Groups Rights and permissions Examples.
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
Module 7: Designing Security for Accounts and Services.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Chapter 14: Controlling and Monitoring Access. Comparing Access Control Models Comparing permissions, rights, and privileges Understanding authorization.
Overview Microsoft Windows XP Pro (SP2) Microsoft Windows Server 2003 User accounts and groups File sharing and file permissions Password/Lockout Policy.
Understanding Security Policies Lesson 3. Objectives.
Managing User and Service Accounts
Vocabulary Big Data - “Big data is a broad term for datasets so large or complex that traditional data processing applications are inadequate.” Moore’s.
I have edited and added material.
Configuring Windows Firewall with Advanced Security
Password Cracking Lesson 10.
Big Picture How many ways can a system be attacked? What can we do about it?
Unit 1.6 Systems security Lesson 4
Passwords.
Lesson 16-Windows NT Security Issues
Understanding Security Policies
PLANNING A SECURE BASELINE INSTALLATION
Managing Passwords with Group Policy
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Understanding Security Policies Lesson 3

Objectives This should also be a review for the 70-642.

Password Much of today’s data protection is based on the password. One basic component of your information security program is ensuring that all employees select and use strong passwords. The strength of a password can be determined by looking at the password’s length, complexity, and randomness.

Password Complexity Password complexity involves the characters used to make up a password. A complex password uses characters from at least three of the following categories: English uppercase characters (A through Z) English lowercase characters (a through z) Numeric characters (0 through 9) Nonalphanumeric characters (!, @, #, $, %, ^, &, etc.)

Password Length The length of a password is a key component of its strength. Password length is the number of characters used in a password.

Time Between Password Changes Time between password changes can be defined by two settings: Minimum Password Age Maximum Password Age

Password History Password history is the setting that determines the number of unique passwords that must be used before a password can be re-used. This setting prevents users from recycling the same passwords through a system.

Password Policy

Account Lockout Account lockout refers to the number of incorrect logon attempts permitted before a system locks an account. Microsoft provides three separate settings with respect to account lockout: Account lockout duration Account lockout threshold Reset account lockout counter after

Account Lockout Policy

Common Attack Methods Passwords have long been recognized as one of the weak links in many security programs. First, you are completely reliant on users in the selection of passwords. Second, even strong passwords are vulnerable to attack through a variety of different mechanisms.

Dictionary and Brute Force Attacks A dictionary attack uses a dictionary containing an extensive list of potential passwords that the attacker then tries in conjunction with a user ID in an attempt to guess the appropriate password. Another, more crude type of attack—called a brute force attack—doesn’t rely on lists of passwords, but rather tries all possible combinations of permitted character types.

Physical Attacks Anytime your computer can be physically accessed by an attacker, that computer is at risk. Physical attacks on your computer can completely bypass almost all security mechanisms, such as by capturing the passwords and other critical data directly from the keyboard when a software or hardware keylogger is used. In fact, if your encryption key passes through a keylogger, you might find that even your encrypted data is jeopardized.

Sniffers Sniffers are specially designed software (and in some cases hardware) applications that capture network packets as they traverse a network, displaying them for the attacker. Sniffers are valid forms of test equipment, used to identify network and application issues, but the technology has been rapidly co-opted by attackers as an easy way to grab logon credentials.

Summary The strength of a password can be determined by looking at the password’s length, complexity, and randomness. A complex password uses characters from at least three of the following categories: uppercase, lowercase, numeric characters, and nonalphanumeric characters. Account lockout refers to the number of incorrect logon attempts permitted before a system will lock an account.

Summary The Minimum Password Age setting controls how many days users must wait before they can reset their password. The Maximum Password Age setting controls the maximum period of time that can elapse before users are forced to reset their password. A Group Policy Object (GPO) is a set of rules that allow an administrator granular control over the configuration of objects in Active Directory (AD), including user accounts, operating systems, applications, and other AD objects.

Summary Passwords have long been recognized as one of the weak links in many security programs. During a dictionary attack, the attacker tries an extensive list of potential passwords in conjunction with a user ID to try to guess the appropriate password. Brute force attacks try all possible combinations of permitted character types in an attempt to determine a user’s password.

Summary Physical attacks on a computer can completely bypass almost all security mechanisms, such as by capturing passwords and other critical data directly from a keyboard when a software or hardware keylogger is used. In a password crack attack, attackers get access to an encrypted password file from a workstation or server. Once they have access to this file, attackers start running password cracking tools against it.

Summary Physical attacks on a computer can completely bypass almost all security mechanisms, such as by capturing passwords and other critical data directly from a keyboard when a software or hardware keylogger is used. In a password crack attack, attackers get access to an encrypted password file from a workstation or server. Once they have access to this file, attackers start running password cracking tools against it.