1 of 16

Slide Notes

DownloadGo Live

Lesson 3: Understanding Security Policies

Published on Dec 07, 2015

No Description

View Outline

MORE DECKS TO EXPLORE

PRESENTATION OUTLINE

1.

UNDERSTANDING SECURITY POLICIES

CHAPTER THREE
Photo by Dazzie D
2.

OBJECTIVES

  • Using security policies to enhance security
  • Understand password policies
Photo by Cola21
3.

PASSWORD INTRO

  • Foundation of security is the protection of networks, systems and data
  • Passwords secure everything: NEED STRONG PASSWORDS!!!
  • Password policies force users to create strong passwords
Photo by ajari
4.

PASSWORD INTRO

  • Microsoft provides controls that allow you to control password creation
  • Password complexity, account lockout, pw length, etc..
Photo by formalfallacy @ Dublin (Victor)
5.

CERT READY?

HOW DO YOU ENFORCE STRONGER PASSWORDS FOR YOUR ORGANIZATION?
Photo by Leo Reynolds
6.

COMPLEXITY TO MAKE STRONG PASSWORDS

  • A complex password uses uppercase, lowercase, numerical and symbols
  • Try not to use words in a dictionary, personal info, or easily guessable things
  • Take a dictionary word and substitute some letters for characters
  • Ex. c0mput3r
Photo by marsmet549
7.

USING ACCOUNT LOCKOUT TO PREVENT HACKING

  • Account lockout is when too many attempts are failed and locks the account
  • The most common way to hack is to repeatedly guess passwords
Photo by hugovk
8.

PASSWORD LENGTH

  • Length is more secure but harder to remember
  • General minimum length is eight characters
Photo by Leo Reynolds
9.

USING GPO TO ENFORCE SECURITY

  • A GPO are rules that allow admins to have control
  • A GPO can be used to set password rules and regulations
Photo by theqspeaks
10.

UNDERSTANDING COMMON ATTACK METHODS

  • Passwords have always been the weakest link
  • Even strong passwords are vulnerable to attack
Photo by Stéfan
11.

DICTIONARY & BRUTE ATTACKS

  • Dictionary attack: uses a dictionary of common passwords
  • Brute force: goes through every combo possible
  • Both attacks work better when used on short passwords
  • Account lockout feature really helps
Photo by greeblie
12.

PHYSICAL ATTACKS

  • Keylogger: captures every stroke on a user's keyboard
  • Hidden cameras
  • Removal of hard drives
Photo by downhilldom1984
13.

LEAKED AND SHARED PASSWORDS

  • Co-workers often share passwords
  • Family members, spouses, boyfriends and girlfriends share passwords
Photo by blentley
14.

CRACKED PASSWORDS

  • A password crack attack attempts to steal as many passwords
  • Encrypted passwords are slightly more protected than plain or hashed
Photo by Adrian Serghie
15.

NETWORK AND WIRELESS SNIFFERS

  • If attacker has access to network it can uses a sniffer
  • Sniffer: software that capture network packets and display them
  • Used to access to passwords sent over the network
  • Sniffers can also be used to track keystrokes thru a wireless keyboard
Photo by Daniel Kulinski
16.

GUESSED PASSWORDS

  • Using personal info such as birthdays
  • Pet names, street names make it easy to guess
  • Usually only people who know a lot about the user will guess
Photo by PhotKing ♛

Devin Lind

meiows.tumblr.com