Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Security Policies

Published byMartha Lucas Modified over 5 years ago

Similar presentations

Presentation on theme: "Understanding Security Policies"— Presentation transcript:

1 Understanding Security Policies
Module 3 Understanding Security Policies Christopher Chapman | Content PM , Microsoft Thomas Willingham | Content Developer, Microsoft

2 Module Overview Common Password Attacks Password Policies

3 Common Password Attacks

4 Dictionary and Brute Force Attacks
A dictionary attack uses a dictionary containing an extensive list of potential passwords that the attacker then tries in conjunction with a user ID in an attempt to guess the appropriate password. Another, more crude type of attack—called a brute force attack— doesn’t rely on lists of passwords, but rather tries all possible combinations of permitted character types.

5 Physical Attacks Anytime your computer can be physically accessed by an attacker, that computer is at risk. Physical attacks on your computer can completely bypass almost all security mechanisms, such as by capturing the passwords and other critical data directly from the keyboard when a software or hardware keylogger is used. In fact, if your encryption key passes through a keylogger, you might find that even your encrypted data is jeopardized.

6 Network Sniffers Sniffers are specially designed software (and in some cases hardware) applications that capture network packets as they traverse a network, displaying them for the attacker. Sniffers are valid forms of test equipment, used to identify network and application issues, but the technology has been rapidly co-opted by attackers as an easy way to grab logon credentials.

7 Password Policies

8 Password Complexity Password complexity involves the characters used to make up a password. A complex password uses characters from at least three of the following categories: English uppercase characters (A through Z) English lowercase characters (a through z) Numeric characters (0 through 9) Non-alphanumeric characters #, $, %, ^, &, etc.)

9 Password Length, Age, and History
Password length is the number of characters used in a password. Time between password changes can be defined by two settings: Minimum Password Age Maximum Password Age Password history prevents users from recycling the same passwords through a system.

10 View and Create a Password Policy
Demo 1 – Create a password policy on the domain controller and assign password complexity, length, age, and history 2 –Try to change the password for a user to test the policy View and Create a Password Policy

11 Account Lockout Account lockout settings allow you to specify when to lock an account if incorrect logon attempts happen. Microsoft provides three separate settings with respect to account lockout: Account lockout duration Account lockout threshold Reset account lockout counter after

12 View and Create Account Lockout Policy
Demo 1 – Create an account lockput policy 2 – Test it by locking an account by typing the password incorrectly View and Create Account Lockout Policy

13 Additional Resources & Next Steps
Books Exam Security Fundamentals Exam : MTA Networking Fundamentals Exam Ref : Installing and Configuring Windows Server 2012 Instructor-Led Courses 40349A: Windows Operating System Fundamentals: MTA Exam 40366A: Networking Fundamentals: MTA Exam 40365A: Windows Server Administration Fundamentals: MTA Exam 20410C: Installing and Configuring Windows Server 2012 Exams & Certifications Exam : Security Fundamentals Exam : Windows Operating System Fundamentals Exam : Networking Fundamentals Exam : Windows Server Administration Fundamentals Exam : Installing and Configuring Windows Server 2012

Download ppt "Understanding Security Policies"

Similar presentations

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Microsoft Technology Associate

Microsoft Technology Associate
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.

11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Securing Windows Servers Using Group Policy Objects

Securing Windows Servers Using Group Policy Objects
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.

Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
Password Management PA Turnpike Commission

Password Management PA Turnpike Commission
Managing User Accounts, Passwords and Logon Chapter 5 powered by dj.

Managing User Accounts, Passwords and Logon Chapter 5 powered by dj.
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Managing Network Security ref:www.microsoft.com. Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.

Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.
Chapter 13 – Network Security

Chapter 13 – Network Security

Similar presentations

Ads by Google