Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 3 Passwords Principals Authenticate to systems.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 3 Passwords Principals Authenticate to systems."— Presentation transcript:

1 Chapter 3 Passwords Principals Authenticate to systems

2 Basics Authenticate user to machine What you have Electronic device What you know Password Who you are Biometrics

3 Password issues Social Engineering Secure passwords difficult to remember Design errors Mothers maiden name Passwords - many passwords many sites Re-use between sites can be issue PINs 1/3 use a birthdate Many default passwords remain in systems

4 Specific threats Targeted attack on specific account Any account on a system Any account on any system (in domain) Service denial attack Intrusion detection systems Lock account after 3 failed attempts to login

5 User training Strong/Secure password training Give them food The passphrase method works well You must stay 1 step ahead of password cracking tools Dictionary cracks With end characters With special characters Brute force and time Password policy

6 Password attacks Eaves dropping Shoulder surfing In person Via camera Web cams very small and cheap Electronically Sniffing Rogue programs during entry Rogue hardware, keyboards ATMs

7 Attacks on password storage Attacks via logs Unencrypted password files Password cracking Crack for UNIX L0phtcrack for windows Weak passwords Spouses names Change enough times to get around to original

8 Attacks on hashes Distributed Rainbow tables Software http://www.antsight.com/zsl/rainbowcrack/ Tables http://www.plain-text.info/index/ Video http://www.irongeek.com/i.php?page=video s/backtrackplaintext http://www.irongeek.com/i.php?page=video s/backtrackplaintext

9 Consider Password reuse Training Freeze accounts How will attackers target Any account, specific account Snooped by Shoulder Network False devices (software or hardware) Current state of cracker programs

10 Discussion articles Current state of biometrics Current password attacks Current password crackers Identity theft statistics and techniques

11 Previous articles This site is 2002 identity theft statistics: http://www.creditinfocenter.com/identity/IDTheftStats.shtml Types of identity theft, methods, and statistics: http://www.irmi.com/Expert/Articles/2005/Olson07.aspx Here's a FAQ article from the navy regarding Kerberos. http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html Here's an article from Microsoft on how they implement Kerberos http://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnpag2/html/pagexplained0001.asp http://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnpag2/html/pagexplained0001.asp This article talks about developing strong passwords in detail, something which we were talking about in relation to password safety http://insight.zdnet.co.uk/0,39020415,39249138,00.htm This article lists many of the password cracking/hacking options for XP and NT Windows systems, and details them further http://www.petri.co.il/forgot_administrator_password.htm Talks about weak encryption of RFID: http://www.networkworld.com/news/2005/0317rfidcrack.html?fsrc=rss-wirelesssec RFID analysis and Hacks: http://rfidanalysis.org/

12 List of Resources Authentication http://en.wikipedia.org/wiki/Authentication Password issues http://www.mais.umich.edu/projects/2factor_ passwords.html http://www.mais.umich.edu/projects/2factor_ passwords.html http://www.informationweek.com/story/show Article.jhtml?articleID=171201187 http://www.informationweek.com/story/show Article.jhtml?articleID=171201187

13 List of Resources Training http://www.microsoft.com/midsizebusiness/s ecurityrisk.mspx http://www.microsoft.com/midsizebusiness/s ecurityrisk.mspx http://www.comptechdoc.org/independent/s ecurity/policies/password-policy.html http://www.comptechdoc.org/independent/s ecurity/policies/password-policy.html http://www.comptechdoc.org/docs/ctdp/howt opass/ http://www.comptechdoc.org/docs/ctdp/howt opass/

14 List of Resources Password attacks http://www.windowsecurity.com/articles/Pas swords-Attacks-Solutions.html http://www.windowsecurity.com/articles/Pas swords-Attacks-Solutions.html Kerberos http://web.mit.edu/kerberos/ Threat modeling http://msdn.microsoft.com/library/default.asp ?url=/library/en- us/dnpag2/html/tmwawalkthrough.asp http://msdn.microsoft.com/library/default.asp ?url=/library/en- us/dnpag2/html/tmwawalkthrough.asp

Download ppt "Chapter 3 Passwords Principals Authenticate to systems."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Computer Security set of slides 10 Dr Alexei Vernitski.

Computer Security set of slides 10 Dr Alexei Vernitski.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Chapter 1: Computers and Digital Basics 1 Computers and Digital Basics Chapter 1.

Chapter 1: Computers and Digital Basics 1 Computers and Digital Basics Chapter 1.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
CIT 1100. In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Next Generation Two Factor Authentication. Laptop Home / Other Business PC Hotel / Cyber Café / Airport Smart Phone / Blackberry 21 st Century Remote.

Next Generation Two Factor Authentication. Laptop Home / Other Business PC Hotel / Cyber Café / Airport Smart Phone / Blackberry 21 st Century Remote.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Homework #4 Comments. Passwords: What are they good for? Today passwords are the #1 means of authenticating users on a day-to-day basis. –Email, Websites,

Homework #4 Comments. Passwords: What are they good for? Today passwords are the #1 means of authenticating users on a day-to-day basis. – , Websites,
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Similar presentations

Ads by Google