SIGCSE 2003 Undergraduate Cyber Security Course Projects: Password Policy in a Heterogeneous Environment Charles Border Ph.D. Rochester Institute of Technology.

Slides:

Advertisements

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Advertisements

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

Network security policy: best practices

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Guide to MCSE , Enhanced 1 Activity 4-1: Creating and Adding Members to Global Groups Objective: Use Active Directory Users and Computers to create.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Lesson 17. Domains and Active Directory. Objectives At the end of this Presentation, you will be able to:

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

Designing Active Directory for Security

20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Introduction to HP Availability Manager.

Module 11: Remote Access Fundamentals

Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.

Systems Design Approaches The Waterfall vs. Iterative Methodologies.

TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,

Module 7 Active Directory and Account Management.

Module 14 Configuring Security for SQL Server Agent.

Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.

Henry B. HotzKerberos 5 Upgrade JPL’s Kerberos 5 Upgrade Henry B. Hotz Jet Propulsion Laboratory California Institute of Technology.

Module 6 Securing Content. Module Overview Administering SharePoint Groups Implementing SharePoint Roles and Role Assignments Securing and Auditing SharePoint.

Module 3 Configuring File Access and Printers on Windows 7 Clients.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Introduction to Active Directory Domain Services

Chapter 10: Rights, User, and Group Administration.

Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.

1 Network Information System (NIS). 2 Module – Network Information System (NIS) ♦ Overview This module focuses on configuring and managing Network Information.

Module 7: Implementing Security Using Group Policy.

1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management.

Module 10: Implementing Administrative Templates and Audit Policy.

Module 3 Planning for Active Directory®

Installing a Domain Controller

Linux Operations and Administration

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

5/7/2007CoreMcClug/SELinux 1 By: Corey McClurg. Outline A History of SELinux What is SELinux and how do I get it? Getting Started Mandatory Access Control.

UNX122 UNX122_022_w1_p1 Operating Systems - Unix Instructor: DAVID WARD.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

© N. Ganesan, Ph.D., All rights reserved. Windows Server Installation Nanda Ganesan, Ph.D.

Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.

Hands-On Microsoft Windows Server Implementing User Profiles A local user profile is automatically created at the local computer when you log on.

C Copyright © 2007, Oracle. All rights reserved. Security New Features.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Project CLASP: Common Login and Access rights across Services Plan Goal  Propose a detailed plan to reduce the number of login/passwords entered by users.

The Challenges of Teaching an Interdisciplinary IA Course Rose Shumba Indiana University of Pennsylvania EPASEC 2006.

Module Overview Installing and Configuring a Network Policy Server

Module 8: Securing Network Traffic by Using IPSec and Certificates

(ITI310) SESSIONS 6-7-8: Active Directory.

Active Directory Administration

Unit 3 NT1330 Client-Server Networking II Date: 1/6/2016

Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016

Unit 7 NT1330 Client-Server Networking II Date: 7/26/2016

NTC 326 Great Wisdom/tutorialrank.com. NTC 326 All Assignments (New Syllabus) For more course tutorials visit NTC 326 Assignment.

Module 8: Securing Network Traffic by Using IPSec and Certificates

Windows Active Directory Environment

Preparing for the Windows 8.1 MCSA

Access Control and Site Security

Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8

Presentation transcript:

SIGCSE 2003 Undergraduate Cyber Security Course Projects: Password Policy in a Heterogeneous Environment Charles Border Ph.D. Rochester Institute of Technology

Where did this lab come from? Designed for System Administrators Dictum: No thy network, or perish Security as a process, not a product Need to enhance ability of students to –understand the basis for and write policies. –move from a non-technical description of a desired outcome to a technical implementation. –Understand and anticipate the complexity inherent in even the most banal sounding projects.

Lab Topology

Activity Outline: Read scenario (good class discussion) Survey applications on network (can be provided by instructor) and methods of user authentication. Develop outline of policy requirements Modify systems to implement policy (hands-on portion of lab)

Lab Scenario Developed by instructor to give students an overview of a hypothetical, or real, organization and the technological and management issues they face. Puts lab exercise into a context and introduces real world ambiguity. Empowers students to make and justify decisions based on scenario.

Application Survey What applications are being used by the organization? Good opportunity to introduce complexity and issues related to scale. Do all applications handle passwords the same way? Allows students to conduct research and gain experience reading application documentation.

Policy Requirements What constitutes an effective policy? What resources are available to help system administrators develop usage policies? How should policy requirements be developed? What are the roles of different members of the organization in effective policy development and implementation?

General Approaches to Implementation Linux- use of Pluggable Authentication Modules (PAM). Windows 2000 – Use of Domain Security Policy Heterogeneous: Use of Windows Services for Unix (free120 day evaluation copies available) Additional complexity: Develop different policies for different group members, implement as above.

Linux Authentication of users handled by PAM PAM allows the separation of the authentication of users from the development of applications. Also allows local system administrators to control how users are authenticated. Composed of several modules. The system-auth module can be modified in many ways to customize authentication requirements. The cracklib module allows password strength checking by comparing proposed new passwords against a set of standards.

Cracklib Password Strength-Checker Linux-PAM System Administrators Guide html/pam.htmlhttp:// html/pam.html Compares new password with old for: Palindromes Case change only Similarity Simplicity Rotatation Already Used (Database located in /usr/lib/cracklib-dict.pwd) Details of each of above can be subject of lab.

Windows 2000 Win2K uses Kerberos for device authentication and for the transport of user authorization data in the Kerberos ticket. Making changes to many of the required characteristics of user passwords is as easy as pointing and clicking. –Domain Security Policy Password Policy

MS Services for Unix Allows System Administrators to control many characteristics of user passwords on both Win2K domains and Unix systems within those domains. Unix system administration is accomplished by making the Win2K DC an NIS master server and pushing out consistent passwd and shadow files.

Additional Complexity Require students to do Win2K and Unix configuration from the command line. Require sign-offs at different parts of the lab. As part of scenario require that different groups of users within the organization have different password characteristics. Use packet captures to verify hypotheses developed by students as to how this process will be implemented.