Your SlideShare is downloading. ×
0
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
nFront Password Filter Overview
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

nFront Password Filter Overview

205

Published on

This presentation gives and overview of the nFront Password Filter software.

This presentation gives and overview of the nFront Password Filter software.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
205
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • SOX suggests the disallowance of weak passwords. PCI affects companies that accept credit cards. PCI explicity states that passwords must contain a numeric character. HIPPA affects healthcare companies and suggests the use of strong passwords and measures to protect people’s healthcare data. The IRS 1075 Guidelines contains 18 password management guidelines and is very descriptive of what is required in passwords.
  • Transcript

    • 1. nFront Password Filter Demo
    • 2. Agenda  Why filter passwords?  What is nFront Password Filter  Configuration  Q & A
    • 3. Why Prevent Weak Passwords? • Weak passwords are still on the SANS/FBI top 20 yearly list of top vulnerabilities. • Over 40% of people use passwords that contain the name of a spouse, child or pet. • Password compromise leads to data theft and not just denial of service. • Security Audits / Compliance.
    • 4. Windows Password Policy • The above policy allows passwords like: aaaaa myusername qwerty january mydogsname 123456 Conclusion: The Windows Password Policy is not enough!
    • 5. Compliance • Sarbanes-Oxley section 404 • Payment Card Industry (PCI) • HIPPA • IRS 1075 Guidelines
    • 6. nFront Password Filter  Allows multiple granular password policies in the same Windows domain.  Runs on all domain controllers.  Tightly integrated with Windows OS.  Cannot be bypassed.  Easy to install and configure.
    • 7. Password Change Overview 1. User submits password change. All password changes go to a Domain Controller. 2. LSA calls nFront Password Filter. NPF consults password policy. 3. nFront Password Filter may check dictionary. 4. nFront Password Filter tells LSA if password is acceptable. Password change accepted or rejected.
    • 8. Where NPF fits
    • 9. NPF Group Policy These settings are pushed to registry of all domain controllers and tell the filter the policy rules.
    • 10. NPF Configuration • MPE has a Default Policy plus 5 others. • Each policy has many granular settings that cover not only character types but also rules like rejecting passwords with vowels, etc. • Each policy is linked to one or more security groups.
    • 11. DEMO - configuration • Create GPO • Configure GPO for one policy
    • 12. Versions • Multipolicy Edition – Runs on Domain Controllers – Up to 6 password policies in 1 domain • Single Policy Edition – Runs on Domain Controllers – 1 password policy per domain • Member Server Edition – runs on Member Servers – Filters local pw changes. Controlled via GPO that targets OU where servers are. – Can filter passwords for SQL users if you run SQL Server 2005 on Windows 2003.
    • 13. Performance / Scalability • DLL is only 150 KB in size! • No Network API calls that leave the Domain Controller and add latency. • The PasswordFilter() routine completes in milliseconds. • Sprint tested the DLL with over 11,000 password changes per minute (dictionary not used). • Can check password against 2.5 million passwords in dictionary in less than 1 second.
    • 14. DEMO • Two Policies • Dictionary Scanning
    • 15. Questions and Answers
    • 16. Thank you. Thank you for your time.

    ×