Tom Parker Project Manager Identity Management Team IT Security Group.

Slides:

Advertisements

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Password Cracking Lesson 10. Why crack passwords?

Password Policy: Update Recommendations Identity & Access Management Committee September, 2012.

Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

PowerChart Basics Session 1 June Goal: To acquaint the user with the basics of PowerChart patient information security. Objective: 1.State the importance.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Password?. Project CLASP: Common Login and Access rights across Services Plan

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Password?. Project CLASP: Common Login and Access rights across Services Plan

Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

Introduction To Windows NT ® Server And Internet Information Server.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Access 2007 ® Use Databases How can Microsoft Access 2007 help you manage a database?

1. 2 Overview of AT&T EPIC Ordering Process for SUS (Supply Order) Suppliers 1.AT&T User creates shopping cart on internal web-based portal 2.Shopping.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.

Today’s Objective: I will create a strong, private password.

Creating STRONGCreating STRONGPasswords. CREATING STRONG PASSWORDSCREATING STRONG PASSWORDS A strong password is an important part of keeping your information.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

1 LOGICAL ACCESS FOR University Medical Group Saint Louis University Click the Speaker Icon for Audio.

Protect Your Computer from Viruses and Other Threats! 1. Use antivirus software. 2. Run Windows updates. 3. Use a strong password. 4. Only install reputable.

To navigate through this slideshow, use the arrow keys on your keyboard to go forward or backward.  or  Use your mouse to click to the next step within.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Password Management PA Turnpike Commission

PAGE 1 Company Proprietary and Confidential Internet Safety and Security Presented January 13, 2014.

Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.

CIS 450 – Network Security Chapter 8 – Password Security.

Database Security John Ortiz. Lecture 23Database Security2 Secure Passwords  Two main requirements for choosing a secure password:  1) MUST be easy.

IT Security Essentials Lesley A. Bidwell, IT Security Administrator.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

Database Security DB0520 Authentication and password security Authentication options – strong, weak Review security environment - Sys Admin privileges.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.

Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.

Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.

Module 3: Administrator Set-Up Intuit Financial Services University Internet Banking Certification Training.

What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

SCC Student Technology Access Student Login Guide SCC College Computer Press Ctrl-Alt-Delete keys on the keyboard to access network login User name – this.

The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.

Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst

Internet Safety. Phishing, Trojans, Spyware, Trolls, and Flame Wars—oh my! If the idea of these threats lurking around online makes you nervous, then.

INTERNET SAFETY FOR KIDS

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

Cmpe 471: Personnel and Legal Issues. Personnel Crime is a human issue not a technological one Hiring On-going management Unauthorised access Redundancy.

Lecture 5 User Authentication modified from slides of Lawrie Brown.

Create Strong Passwords A strong password is an important protection to help you have safer online transactions. Here are steps you can take to create.

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

Copyright © 2008 AusCERT 1 Practical Computer Security See the notes section throughout the slide presentation for additional information.

Robert Crawford, MBA West Middle School.  Describe ways criminals obtain passwords  Discuss ways to protect your computer from being accessed by others.

ICT Laptops Passwords Encryption Back-ups Data Protection and the Internet Viruses Social Networking / Professional Conduct.

What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Kerberos is a three-headed dog Available as open source or in supported.

Understanding Security Policies Lesson 3. Objectives.

Digital Citizenship Unit 2 Lesson 1: Strong Passwords

Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Security on Peer-to-Peer Networks.

Understanding Security Policies

I have edited and added material.

Information Systems Desktop Support

Password Cracking Lesson 10.

Information Security Awareness

PLANNING A SECURE BASELINE INSTALLATION

Presentation transcript:

Tom Parker Project Manager Identity Management Team IT Security Group

What Is So Special About Your Cornell NetID?

Your Key to the Kingdom

We Use Kerberos Kerberos is a security system designed to protect access to personal, confidential information on computer networks When you request access to Kerberos-protected private information, Kerberos verifies that you have entered the correct password for your Network ID And then issues you an electronic ticket, which gives you admission to restricted services Password traffic is carefully controlled Your password is stored in an encrypted database which is locked down and protected by dual-factor authentication

So What’s the Problem? Your password is vulnerable to guessing There are computer programs that can guess very fast

CIT Audit Report Drafted Oct. 2002, Updated May 2004

6% Six Percent Cracked in Less than 72 hours CIT NetID Passwords

What we proposed in November Establish baseline; run crack utility against KDC Publicize project; keep it simple, non-intrusive Apply slow leaning pressure as opposed to draconian measures No expiration of current passwords Provide full-featured, web-based password change utility and education site Enforce password complexity rules against all new passwords issued and/or changed Launch in Spring of 2005 Closely monitor results through Dec. 2005

We’ve Had Help IT Security Team Identity Management Developers Customer Services and Marketing (CSM) –Usability Study –Documentation –Marketing –Training Contact Center CIT Community

So What Are The Rules? Choose at least 8 characters, including at least three of the following four character types: –Uppercase letters –Lowercase letters –Numbers –Symbols found on your keyboard, such as ! * () : | / ? Avoid words in any dictionary or language, spelled forward or backward. Don't pick names or nicknames of people, pets, or places, or personal information that can be easily found out, such as your address, birthday, or hobbies. Don't include any of these: –Repeated characters, such as AAA or 555; –Alphabetic or numeric sequences, such as abc or 123; –Common keyboard sequences, such as Qwerty or pas.

What About Password Aging? Helpful at combating weak passwords by forcing to be changed on a regular basis.. A penalty for people who already use strong passwords.. When confronted with a "your password has expired" dialog, you are more likely to choose a poorly conceived password so that you can get back to your work ASAP.. If everyone has good passwords, the need for password aging is minimalized.. The notion of needing to change your Kerberos password on an annual basis is still an item under consideration, but wasn't in the scope of this project.

April 4, Internal testing on sample of 345 Kerberos 5.0 keys successfully cracks 20 passwords (6%) within 72 hours. * April 11, Internal Testing Begins. New policy applied to CIT/OIT employees for internal testing. All CIT/OIT employees strongly encouraged to test their NetID/password combination within 2 weeks April 20, Updates to Campus Developers, Listservers April 21, Begin Print Coverage April 25, Password Complexity Enforcement policy applied; all new passwords and password changes will be subjected to new rules from this point on April 25, Monitoring continues on a monthly basis to measure success… S p r i n g B r e a k ! April We closely track results 12 SundayMondayTuesdayWednesdayThursdayFridaySaturday Apply To CIT/OIT Apply To Campus Test Results * Unix Crack 5.0 running on a locked down machine running no services and protected with two-factor authentication. No attempt to associate NetIDs with cracked passwords. The Recent Schedule

12% 12% of 345 CIT Users in First Two Days CIT NetID Passwords

Quick Stats Total uses of strength-check app: 1529 Total successfull pW changes: 422

Monitoring: What we Hope to Show Fewer Crackable Passwords

Increasing Use of IdM Tools Monitoring: What we Hope to Show

Our Testers Have Been Busy! We’ve adjusted the size of our dictionary Password Tips link on error pages Information about length limitations Spaces will be allowed Good feedback from CSM New feature requests Investigating more intelligent dictionary check mechanisms

Review of our Goals Implement the changes on the backend to enforce a level of password complexity Widely publicize the changes Provide the appropriate tools and end user documentation to be successful Prepare the Contact Center to support customers in adapting to the change