Upload File

password protection

prev
next
out of 34
Download Password Protection

Upload: shyam792

Post on 19-Oct-2015

22 views

Category:

Documents


0 download

Report

Tags:

DESCRIPTION

how to protect with a password

TRANSCRIPT

Intruders and password protection

Information System Security,Intruders and password protectionPresented by: Aditya ReddyPresented to: ECE A

20121ContentsIntrusion and intruderIntrusion techniquesIntrusion prevention and detectionPassword managementUNIX scheme Password selection strategiesHow to choose secure password.References

2IntrusionEntrance by force or without permission or welcome.

Any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource.

The intentional insertion of electromagnetic energy into transmission paths in any manner with the objective of deceiving operators or of causing confusion.3IntruderSomeone who intrudes on the privacy or property of another without permission.

4Intrusion Techniques The objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system.

system must maintain a file that associates a password with each authorized user.5Intrusion TechniquesThe password file can be protected in one of two ways:One-way function: The system stores only the value of a function based on the user's password. When the user presents a password, the system transforms that password and compares it with the stored value.

Access control: Access to the password file is limited to one or a very few accounts.

6Intrusion TechniquesNumber of password crackers, reports the following techniques for learning passwords: Try default passwords used.Try all short passwords (those of one to three characters). Try words in the system's online dictionary or a list of likely passwords. 7Intrusion TechniquesCollect information about users, such as their full names.Try users' phone numbers, social security numbers, and room numbers.Use a Trojan horse.8Intrusion prevention and detectionThe best intrusion prevention system will fail. A system's second line of defense is intrusion detection, and this has been the focus of much research in recent years.

9Intrusion detection approaches Statistical anomaly detection: Involves the collection of data relating to the behavior of legitimate users over a period of time. Then statistical tests are applied to observed behavior to determine with a high level of confidence whether that behavior is not legitimate user behavior. 10Intrusion detection approaches Rule-based detection: Involves an attempt to define a set of rules that can be used to decide that a given behavior is that of an intruder.11Password Management Password Protection: The front line of defense against intruders is the password system. Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password. The password serves to authenticate the ID of the individual logging on to the system. In turn, the ID provides security in the following ways:

12Password ManagementThe ID determines whether the user is authorized to gain access to a system.

The ID determines the privileges accorded to the user.

13Password ManagementThe Vulnerability of Passwords: let us consider a scheme that is widely used on UNIX:Each user selects a password up to eight characters.This is converted into a 56-bit value (key input to an encryption routine).The encryption routine is based on DES. The DES algorithm is modified using a 12-bit.This value is related to the time at which the password is assigned to the user. 14Password ManagementThe modified DES algorithm is exercised with a data input consisting of a 64-bit block of zeros.The output of the algorithm then serves as input for a second encryption.This process is repeated for a total of 25 encryptions. The resulting 64-bit output is then translated into an 11-character sequence. The hashed password is then stored, together with a plaintext copy of the salt, in the password file 15Password Management

16Password Management

17Password ManagementThe salt serves three purposes:It prevents duplicate passwords from being visible in the password file.It effectively increases the length of the password without requiring the user to remember additional characters. 18Password ManagementAccess Control: One way to thwart a password attack is to deny the opponent access to the password file. If the encrypted password portion of the file is accessible only by a privileged user, then the opponent cannot read it without already knowing the password of a privileged user.

19Password ManagementPassword Selection Strategies: The goal is to eliminate guessable passwords while allowing the user to select a password that is memorable. Four basic techniques are in use: User education.Computer-generated passwords.Reactive password checking.Proactive password checking.

20Password ManagementUser educationUsers can be told the importance of using hard-to-guess passwords and can be provided with guidelines for selecting strong passwords. Computer-generated passwordspasswords are quite random in nature Reactive password checkingthe system periodically runs its own password cracker to find guessable passwords. The system cancels any passwords that are guessed 21Password ManagementProactive password checkinguser is allowed to select his or her own password. However, at the time of selection, the system checks to see if the password is allowable and, if not, rejects it.

The trick with a proactive password checker is to strike a balance between user acceptability and strength. 22Password ManagementProactive password checking approaches:Rule enforcement:All passwords must be at least eight characters long.The passwords must include at least one each of uppercase, lowercase, numeric digits, and punctuation marks.Another possible procedure is simply to compile a large dictionary of possible "bad" passwords.23Password ManagementProactive password checker techniques Markov model: generation of guessable passwords, this model shows a language consisting of an alphabet of three characters. The state of the system at any time is the identity of the most recent letter. The value on the transition from one state to another represents the probability that one letter follows another. Thus, the probability that the next letter is b, given that the current letter is a, is 0.5. 24Password Management

25

Password reuse26

Most Able Attackers27

Most Motivated Attackers28AttackerRetail StoreProcessorCorporateInternet

Payment Services29Speak slowly

The first case is commonly missed by the industry, with the false pretense that brick and mortar retailers are safe from compromises

Explain path the credit card takes to get from the retail store/customer processor corporate office

The connection to the Internet can be high speed T1, Cable, DSL, etc or even dial-up

For brick and mortar compromises some of the big cases we saw were Lowes in 2003, BJs in 2004 and now DSW last night in 2005How to Choose a secure password?Do NOT use words or phrases that have personal significance. Mix letters, numbers and symbols, and use case sensitivityTry to memorize the password, and avoid writing it downDo not use the same password for everything Use a password manager (PM). It is a utility that creates an encrypted file where your passwords are stored. Try to use "nonsense words." Do not tell anybody your password.

30ConclusionWe need password because of the widespread adoption of computer networks, and particularly the Internet, has enabled electronic access to almost every possible service: e-mail, e-commerce, banking and government services. But with this access has come the need to identify the users of these services, both to safeguard personal information and to control the capabilities given to each user.An encrypted password database is likely to be much more secure than a notebook or a wallet.ConclusionBecause of the difficulties associated with remembering passwords, a group of software applications, called password keepers or password managers has emerged. These applications deal with everything from the simple storage of user IDs and passwords to the management of password access across many users.Poor encryption or use of a weak master password, allowing the contents to be accessed.

ReferencesCryptography and Network Security Principles and Practices, Fourth Edition, WilliamStallings, 2005Computer networks, Andrew S. Tanenbaum. Fourth Edition, 2003Password management, Matt Bishop, Department of math and CS, Dartmouth college 2000.Password Management Strategies for Online Accounts, Shirley Gaw, Edward W. Felten, Princeton University 2002.Identity Lifecycle Management, Rafal Lukawiecki, Strategic Consultant, Project Botticelli Ltd, 2005Payment Services Critical Infrastructure Protection, Michael Dahn,Sr. Security Advisor, 2005Secure Password-Based Cipher Suite for TLS, Michael Steiner Universitat des Saarlandes and Peter Buhler, Thomas Eirich and Michael Waidnerhttp://www.wikihow.com/Choose-a-Secure-PasswordOptions for Secure Personal Password Management, Hugh T. Ranalli, 2003

33Intruders and password protectionThank You for listening

Aditya ReddyChart129016236

FrequencyGreatest Ability

Chart1 (2)39415719

FrequencyLeast Ability

Chart1 (3)151411916

FrequencyMost Motivated

Chart1 (5)191414315

FrequencyLeast Motivated

Chart1 (4)151154714

FrequencyMost Likely

Chart1 (6)112302217

FrequencyLeast Likely

Sheet1Greatest AbilityLeast AbilityAttackerFrequencyAttackerFrequency12913Friend20294Non-Tech Acquaintance31631Tech Acquaintance4245Insider5357Competitor66619Hacker56129Most MotivatedLeast MotivatedAttackerFrequencyAttackerFrequency1151192121434314144519536166155656Most LikelyLeast LikelyAttackerFrequencyAttackerFrequency1151112122331530444257526146175655

Sheet2

Sheet3

Chart129016236

FrequencyGreatest Ability

Chart1 (2)39415719

FrequencyLeast Ability

Chart1 (3)151411916

FrequencyMost Motivated

Chart1 (5)191414315

FrequencyLeast Motivated

Chart1 (4)151154714

FrequencyMost Likely

Chart1 (6)112302217

FrequencyLeast Likely

Sheet1Greatest AbilityLeast AbilityAttackerFrequencyAttackerFrequency12913Friend20294Non-Tech Acquaintance31631Tech Acquaintance4245Insider5357Competitor66619Hacker56129Most MotivatedLeast MotivatedAttackerFrequencyAttackerFrequency1151192121434314144519536166155656Most LikelyLeast LikelyAttackerFrequencyAttackerFrequency1151112122331530444257526146175655

Sheet2

Sheet3


Mac Security 2 - ocalamug.orgocalamug.org/resources/meeting-notes/mac-security-2015-05-12.pdfMay 12, 2015  · Mac Password Protection? If you lose your computer password, there is

CK Range - Rotork · 6 CK Centronik Full Configuration Manual 1.0 Introduction 1.5 Password Security PASSWORD ROTORK The Centronik control module offers password protection that prevents

Advanced Protection Systemelectronicsound-nc.com/downloads/Download Page/Fire Alarm/Siemens/mxl.pdf• User Help Screens • Multiple Levels of Password Protection ... • FireFinder

Keypass Password Protection Manager

Cyber Hygiene Infographic v3 - IoTUK · allow for password protection and for the default password to be changed 4 Change the default password on products, networks and services Use

OUTDOOR CAMERA WITH LED FLOODLIGHT · • To ensure your privacy, this device supports password protection. • The default, all-access username is admin, the default password is

Canon imagePRESS Lite C165 Specification Sheetdownloads.canon.com/nw/pdfs/production/ip-c165-spec... · 2019-12-11 · Password Lock, Hard Disk Drive Erase, Mail Box Password Protection,

1 Chapter 13 – Network Security Password Protection Security Models Firewalls Security Protocols

Password Management. Password Protection Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password

TrimarcSecurity.com ] - Active Directory Security · Azure AD Premium Password Protection (Public Preview) •On-prem Active Directory solution. •Microsoft Password Filter deployed

Dubai Partner Bootcamp Part1 Without Password Protection

QC-Gage - Contract Dimensional Inspection Services · QC-Gage Password Protection – The menus in QC-Gage can be password protected to eliminate accidental changes. Curre feature

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols

The Big Picturefa.opco.com/mccann.ward/mediahandler/media/100112...of password protection, consider using password management software. Password manager programs generate strong, unique

Password Protection

Verizon Family Protection User Guide · 8 Verizon Family Protection User Guide Change a family member's password If you change your mind about a family member's password, or if you

DVR User Manual - iBall User Manual.pdf · Picture-1 Login Password protection If the password is continuous wrong 3 times, the beep will appear. If the password is continuous wrong

Motor Protection System - GE Grid Solutions Multilin 339 Motor Protection System instruction manual for revision 1.41. ... Password security ... Short circuit

Cyber law and password protection

Analysis of Microsoft Office Password Protection System,

Dual-Input process meter - Instrumart · 3 YPP6060 DUAL-INPUT PROCESS METER Three Tier Password Protection The PROPLUS offers 3 levels of password protection: • Level 1 protection

The Password Hashing Competition - University of Aucklandpgut001/pubs/phc.pdf · The Password Hashing Competition Peter Gutmann University of Auckland Prehistory of Password Protection

Honeywords: A New Tool for Protection from Password ... · A New Tool for Protection from Password Database Breach . DSP-W02 . ... Study of 69M Yahoo passwords ... Cracking Detectable

Team: SuperBad Cats MSIT 458 – Dr. Chen Authentication through Password Protection

PGR-6300 MANUAL MOTOR PROTECTION SYSTEM/media/files/littelfuse/technical-resources/documents/...Factory default password is 1111 New Password See Section 4.3.6. Motor Identification

Hmi password protection

Microsoft Password Guidance · PDF fileMicrosoft Password Guidance Robyn Hicock, rhicock@ Microsoft Identity Protection Team Purpose This paper provides Microsoft’s recommendations

ENCRYPTION AND PASSWORD PROTECTION - Westlaw · Mack's Criminal Law Bulletin . ... PREFACE. This Bulletin reviews cases that have considered the encryption and password protection;

PASSWORD MANAGERS: COMPARATIVE EVALUATION, …...naive password manager offers no protection, making it a high value target. With a master password, the manager provides at best a

Comprehensive Feeder Protection - Larsen & · PDF filecircuit breaker, annunciation and ... For complete feeder protection of ... with password protection. This Document and Design

Transformer Protection IED - toshiba-tds. · PDF filecapability and teleprotection based upon packet-based communications are just two of the ... - Password protection ... circuit

Social Media Password Protection and Privacy — The Patchwork of

1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical

EcoStar C Owner's Manual...Press resume to end. SVRS Inactive 3200 rpm for 60 min; Remote Stop is engaged Password Protection Disabled Password Timeout 0:15 System Password + change

Password Protection User Manual (CarryItEasy.exe).pdf