Chapter 3 Passwords Principals Authenticate to systems.

Slides:

Advertisements

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Advertisements

Computer Security set of slides 10 Dr Alexei Vernitski.

Password Cracking Lesson 10. Why crack passwords?

Chapter 1: Computers and Digital Basics 1 Computers and Digital Basics Chapter 1.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

Next Generation Two Factor Authentication. Laptop Home / Other Business PC Hotel / Cyber Café / Airport Smart Phone / Blackberry 21 st Century Remote.

Security+ Guide to Network Security Fundamentals

Homework #4 Comments. Passwords: What are they good for? Today passwords are the #1 means of authenticating users on a day-to-day basis. – , Websites,

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

Information Systems Security for the Special Educator MGMT 636 – Information Systems Security.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

Passwords Breaches, Storage, Attacks OWASP AppSec USA 2013.

Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.

Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.

CIS 450 – Network Security Chapter 8 – Password Security.

Database Security DB0520 Authentication and password security Authentication options – strong, weak Review security environment - Sys Admin privileges.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.

بسم الله الرحمن الرحيم Islamic University of Gaza Electrical & Computer Engineering Department Prepared By : Eman Khaled El-mashharawi Miriam Mofeed El-Mukhallalati.

Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.

 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.

Operating System Security Fundamentals Dr. Gabriel.

CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.

Identification and Authentication CS432 - Security in Computing Copyright © 2005,2010 by Scott Orr and the Trustees of Indiana University.

How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.

CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

November 19, 2008 CSC 682 Do Strong Web Passwords Accomplish Anything? Florencio, Herley and Coskun Presented by: Ryan Lehan.

Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.

Lecture 5 User Authentication modified from slides of Lawrie Brown.

TCOM Information Assurance Management Software Hacking.

Authentication Lesson Introduction ●Understand the importance of authentication ●Learn how authentication can be implemented ●Understand threats to authentication.

Authentication What you know? What you have? What you are?

COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.

Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.

CSCE 201 Identification and Authentication Fall 2015.

Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.

CIS 450 – Network Security Chapter 10 – UNIX Password Crackers.

Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.

Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.

Understanding Security Policies Lesson 3. Objectives.

Password Cracking COEN 252 Computer Forensics. Social Engineering Perps trick Law enforcement, private investigators can ask. Look for clues: Passwords.

7/10/20161 Computer Security Protection in general purpose Operating Systems.

COEN 252 Computer Forensics

SQL Server Security & Intrusion Prevention

Chapter 6 – Users, Groups, and Permissions

Authentication Schemes for Session Passwords using Color and Images

Password Cracking Lesson 10.

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

CS 465 PasswordS Last Updated: Nov 7, 2017.

Computer Security Protection in general purpose Operating Systems

COEN 351 Authentication.

Presentation transcript:

Chapter 3 Passwords Principals Authenticate to systems

Basics Authenticate user to machine What you have Electronic device What you know Password Who you are Biometrics

Password issues Social Engineering Secure passwords difficult to remember Design errors Mothers maiden name Passwords - many passwords many sites Re-use between sites can be issue PINs 1/3 use a birthdate Many default passwords remain in systems

Specific threats Targeted attack on specific account Any account on a system Any account on any system (in domain) Service denial attack Intrusion detection systems Lock account after 3 failed attempts to login

User training Strong/Secure password training Give them food The passphrase method works well You must stay 1 step ahead of password cracking tools Dictionary cracks With end characters With special characters Brute force and time Password policy

Password attacks Eaves dropping Shoulder surfing In person Via camera Web cams very small and cheap Electronically Sniffing Rogue programs during entry Rogue hardware, keyboards ATMs

Attacks on password storage Attacks via logs Unencrypted password files Password cracking Crack for UNIX L0phtcrack for windows Weak passwords Spouses names Change enough times to get around to original

Attacks on hashes Distributed Rainbow tables Software Tables Video s/backtrackplaintext s/backtrackplaintext

Consider Password reuse Training Freeze accounts How will attackers target Any account, specific account Snooped by Shoulder Network False devices (software or hardware) Current state of cracker programs

Discussion articles Current state of biometrics Current password attacks Current password crackers Identity theft statistics and techniques

Previous articles This site is 2002 identity theft statistics: Types of identity theft, methods, and statistics: Here's a FAQ article from the navy regarding Kerberos. Here's an article from Microsoft on how they implement Kerberos us/dnpag2/html/pagexplained0001.asp us/dnpag2/html/pagexplained0001.asp This article talks about developing strong passwords in detail, something which we were talking about in relation to password safety This article lists many of the password cracking/hacking options for XP and NT Windows systems, and details them further Talks about weak encryption of RFID: RFID analysis and Hacks:

List of Resources Authentication Password issues passwords.html passwords.html Article.jhtml?articleID= Article.jhtml?articleID=

List of Resources Training ecurityrisk.mspx ecurityrisk.mspx ecurity/policies/password-policy.html ecurity/policies/password-policy.html opass/ opass/

List of Resources Password attacks swords-Attacks-Solutions.html swords-Attacks-Solutions.html Kerberos Threat modeling ?url=/library/en- us/dnpag2/html/tmwawalkthrough.asp ?url=/library/en- us/dnpag2/html/tmwawalkthrough.asp