Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tom Parker Project Manager Identity Management Team IT Security Group.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Tom Parker Project Manager Identity Management Team IT Security Group."— Presentation transcript:

1 Tom Parker jtp5@cornell.edu Project Manager Identity Management Team IT Security Group

2 What Is So Special About Your Cornell NetID?

3 Your Key to the Kingdom

4

5

6 We Use Kerberos Kerberos is a security system designed to protect access to personal, confidential information on computer networks When you request access to Kerberos-protected private information, Kerberos verifies that you have entered the correct password for your Network ID And then issues you an electronic ticket, which gives you admission to restricted services Password traffic is carefully controlled Your password is stored in an encrypted database which is locked down and protected by dual-factor authentication

7 So What’s the Problem? Your password is vulnerable to guessing There are computer programs that can guess very fast http://www.lockdown.co.uk/?pg=combi&s=articles

8 CIT Audit Report Drafted Oct. 2002, Updated May 2004

9 6% Six Percent Cracked in Less than 72 hours CIT NetID Passwords

10 What we proposed in November Establish baseline; run crack utility against KDC Publicize project; keep it simple, non-intrusive Apply slow leaning pressure as opposed to draconian measures No expiration of current passwords Provide full-featured, web-based password change utility and education site Enforce password complexity rules against all new passwords issued and/or changed Launch in Spring of 2005 Closely monitor results through Dec. 2005

11 We’ve Had Help IT Security Team Identity Management Developers Customer Services and Marketing (CSM) –Usability Study –Documentation –Marketing –Training Contact Center CIT Community

12 So What Are The Rules? Choose at least 8 characters, including at least three of the following four character types: –Uppercase letters –Lowercase letters –Numbers –Symbols found on your keyboard, such as ! * () : | / ? Avoid words in any dictionary or language, spelled forward or backward. Don't pick names or nicknames of people, pets, or places, or personal information that can be easily found out, such as your address, birthday, or hobbies. Don't include any of these: –Repeated characters, such as AAA or 555; –Alphabetic or numeric sequences, such as abc or 123; –Common keyboard sequences, such as Qwerty or pas. http://www.cit.cornell.edu/services/identity/password.html

13

14

15

16

17

18

19

20

21

22

23

24

25

26 What About Password Aging? Helpful at combating weak passwords by forcing to be changed on a regular basis.. A penalty for people who already use strong passwords.. When confronted with a "your password has expired" dialog, you are more likely to choose a poorly conceived password so that you can get back to your work ASAP.. If everyone has good passwords, the need for password aging is minimalized.. The notion of needing to change your Kerberos password on an annual basis is still an item under consideration, but wasn't in the scope of this project.

27 April 4, Internal testing on sample of 345 Kerberos 5.0 keys successfully cracks 20 passwords (6%) within 72 hours. * April 11, Internal Testing Begins. New policy applied to CIT/OIT employees for internal testing. All CIT/OIT employees strongly encouraged to test their NetID/password combination within 2 weeks April 20, Updates to Campus Developers, Listservers April 21, Begin Print Coverage April 25, Password Complexity Enforcement policy applied; all new passwords and password changes will be subjected to new rules from this point on April 25, Monitoring continues on a monthly basis to measure success… 25262324222021 123031292728 8967534 151613141011 22232021191718 29302728262425 S p r i n g B r e a k ! April We closely track results 12 SundayMondayTuesdayWednesdayThursdayFridaySaturday Apply To CIT/OIT Apply To Campus Test Results * Unix Crack 5.0 running on a locked down machine running no services and protected with two-factor authentication. No attempt to associate NetIDs with cracked passwords. The Recent Schedule

28 12% 12% of 345 CIT Users in First Two Days CIT NetID Passwords

29 Quick Stats Total uses of strength-check app: 1529 Total successfull pW changes: 422

30 Monitoring: What we Hope to Show Fewer Crackable Passwords

31 Increasing Use of IdM Tools Monitoring: What we Hope to Show

32 Our Testers Have Been Busy! We’ve adjusted the size of our dictionary Password Tips link on error pages Information about length limitations Spaces will be allowed Good feedback from CSM New feature requests Investigating more intelligent dictionary check mechanisms

33 Review of our Goals Implement the changes on the backend to enforce a level of password complexity Widely publicize the changes Provide the appropriate tools and end user documentation to be successful Prepare the Contact Center to support customers in adapting to the change

34 aadssupport@cornell.edu

Download ppt "Tom Parker Project Manager Identity Management Team IT Security Group."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Password Policy: Update Recommendations Identity & Access Management Committee September, 2012.

Password Policy: Update Recommendations Identity & Access Management Committee September, 2012.
Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security.

Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
PowerChart Basics Session 1 June 2009. Goal: To acquaint the user with the basics of PowerChart patient information security. Objective: 1.State the importance.

PowerChart Basics Session 1 June Goal: To acquaint the user with the basics of PowerChart patient information security. Objective: 1.State the importance.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.

Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Access 2007 ® Use Databases How can Microsoft Access 2007 help you manage a database?

Access 2007 ® Use Databases How can Microsoft Access 2007 help you manage a database?
1. 2 Overview of AT&T EPIC Ordering Process for SUS (Supply Order) Suppliers 1.AT&T User creates shopping cart on internal web-based portal 2.Shopping.

1. 2 Overview of AT&T EPIC Ordering Process for SUS (Supply Order) Suppliers 1.AT&T User creates shopping cart on internal web-based portal 2.Shopping.

Similar presentations

Ads by Google