IAM Password

  • 710 views
Uploaded on

The Identity management solutions required specific skill to successfully deploy it. This presentation will help you to star build some of them. …

The Identity management solutions required specific skill to successfully deploy it. This presentation will help you to star build some of them.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
710
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Allidm.com Discovering Identity and Access Management Solutions Password Management http://academy.allidm.com
  • 2. Stay connected to Allidm Find us on Facebook: http: //www. facebook.com/allidm Follow us on Twitter: http: //twitter.com/aidy_idm Look for us on LinkedIn: http: //www. linkedin.com/allidm Visit our blog: http://www.allidm.com/blog
  • 3. Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect any official stance of any Identity and Access Management Vendor on any particular technology
  • 4. Contact Us On this presentation we’ll talk about some useful topics that you can use no matter which identity and access management solution or product you are working on. If you know one that make a big difference please tell us to include it in the future aidy.allidm@gmail.com
  • 5. Introduction User names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), Video Games consoles, etc.
  • 6. What’s a password? A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource A sequence of characters that one must input to gain access to a file, application, or computer system. The password should be kept secret from those not allowed access. Also called passkey.
  • 7. Common Issues  Users employ the same password for accounts on different systems  User forget the password  Users put short password or common password  Name, birthday,company name, etc
  • 8. Form of stored passwords Clear Text If an attacker gains access to such an internal password store, all passwords—and so all user accounts—will be compromised. cryptographically access to the actual password will still be difficult for a snooper who gains internal access to the system A common approach stores only a "hashed" form of the plaintext password. When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database, the user is permitted access.
  • 9. Password Management Some common password operations are Password Change Password Reset Password Recovery Password Expiry
  • 10. Password Features Passwords have the following login controls and management features that you should configure in accordance with an organization's security policy and security best practices Length Complexity Aging History Limited attempts Lockout duration Limited time periods
  • 11. Length The longer the better Longer passwords are more difficult to crack, Configure systems to require a minimum password length of six to eight characters. Of course, users can easily forget long passwords or simply find them too inconvenient, leading to some of the human-nature problems.
  • 12. Complexity Strong passwords contain a mix of upper- and lowercase letters, numbers, and special characters such as # and $ Remember that some systems may not accept certain special characters, or those characters may perform special functions
  • 13. Aging Set maximum password aging to require password changes at regular intervals: 30-, 60-, or 90-day periods are com Set minimum password aging One day is usually recommended to prevent users from easily circumventing password history controls for example, by changing their password five times within a few minutes, then setting it back to the original password
  • 14. History Password history settings allow a system to remember previously used passwords for a specific account. five is usually recommended This security setting prevents users from circumventing maximum password aging by alternating between two or three familiar passwords when they're required to change their passwords
  • 15. Limited attempts This control limits the number of unsuccessful log-on attempts Consists of two components counter threshold (three is usually recommended) The counter threshold is the maximum number of consecutive unsuccessful attempts permitted before some action occurs such as automatically disabling the account). counter reset (30 minutes is usually recommended).
  • 16. Limited attempts… The counter reset is the amount of time between unsuccessful attempts. For example, three unsuccessful log-on attempts within a 30-minute period may result in an account lockout for a set period (for example, 24 hours) Two unsuccessful attempts in 25 minutes, and then a third unsuccessful attempt 10 minutes later, wouldn't result in an account lockout. A successful log-on attempt also resets the counter.
  • 17. Lockout duration Lockout duration When a user exceeds the counter threshold the account is locked out. Organizations commonly set the lockout duration to 30 minutes, but you can set it for any duration. If you set the duration to forever, an administrator must unlock the account. Some systems don't notify the user when it locks out an account, instead quietly alerting the system administrator to a possible break-in attempt.
  • 18. Limited time periods This control restricts the time of day that a user can log in. For example, you can effectively reduce the period of time that attackers can compromise your systems by limiting users to access only during business hours.
  • 19. Best Practices Log-on banner Welcome messages literally invite criminals to access your systems. Disable any welcome message and replace it with a legal warning that requires the user to click OK to acknowledge the warning and accept the legal terms of use. Last username Many popular operating systems display the username of the last successful account log-on. Disable this feature. Users (who only need to type in their password) find this feature convenient — and so do attackers (who only need to crack the password without worrying about matching it to a valid user account)
  • 20. Best Practices … Last successful log-on After successfully logging on to the system, this message tells the user the last time that he or she logged on. If the system shows that the last successful log-on for a user was Saturday morning at 2 a.m. and the user knows that he couldn't possibly have logged in at that time because he has a life, he knows that someone has compromised his account, and he can report the incident accordingly.
  • 21. Good criteria Don't pick a password that someone can easily guess if they know who you are not your Social Security number, birthday, or maiden name Don't pick a word that can be found in the dictionary there are programs that can rapidly try every word in the dictionary Don't pick a word that is currently newsworthy Don't pick a password that is similar to your previous password Do pick a mixture of letters and at least one number Do pick a word that you can easily remember
  • 22. Generate your password Mix upper- and lowercase characters for example, eXaMple Replace some letters with numbers for example, replace e with 3 , a with @ , s with 5 Combine two words by using a special character for example, sALT&pEPPER or BaCoN+EgGs Use the first letter from each word of a nonsense phrase or nonsense song, title, or quote for example, "Oops! ...I Did It Again" becomes O!Idia Use a combination of all tips above for example, "Snow White and the Seven Habits of Highly Effective People" becomes SW&t7HoHEP!
  • 23. Tools To generate a password you can always employ a software tool that helps users evaluate the quality of their passwords when they create them. These tools are commonly known as password/passphrase generators or password appraisers. Password tools https://www.microsoft.com/security/pc-security/passwordchecker.aspx https://secure.pctools.com/guides/password/ http://www.securesafepro.com/pasgen.php
  • 24. Allidm.com Discovering Identity and Access Management Solutions Allidm Academy http://academy.allidm.com