Submit Search
Upload
Chapter 11 Authentication and Account Management
•
Download as PPTX, PDF
•
0 likes
•
1,340 views
Dr. Ahmed Al Zaidy
Follow
CompTIA Security+ Guide to Network Security Fundamentals, Sixth Edition
Read less
Read more
Education
Report
Share
Report
Share
1 of 44
Download now
Recommended
Chapter 3 Basic Cryptography
Chapter 3 Basic Cryptography
Dr. Ahmed Al Zaidy
Â
Chapter 5 Networking and Server Attacks
Chapter 5 Networking and Server Attacks
Dr. Ahmed Al Zaidy
Â
Chapter 15 Risk Mitigation
Chapter 15 Risk Mitigation
Dr. Ahmed Al Zaidy
Â
Chapter 1 Introduction to Security
Chapter 1 Introduction to Security
Dr. Ahmed Al Zaidy
Â
Chapter 4 Advanced Cryptography and P K I
Chapter 4 Advanced Cryptography and P K I
Dr. Ahmed Al Zaidy
Â
Chapter 7 Administering a Secure Network
Chapter 7 Administering a Secure Network
Dr. Ahmed Al Zaidy
Â
Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering Attacks
Dr. Ahmed Al Zaidy
Â
Chapter 9 Client and application Security
Chapter 9 Client and application Security
Dr. Ahmed Al Zaidy
Â
Recommended
Chapter 3 Basic Cryptography
Chapter 3 Basic Cryptography
Dr. Ahmed Al Zaidy
Â
Chapter 5 Networking and Server Attacks
Chapter 5 Networking and Server Attacks
Dr. Ahmed Al Zaidy
Â
Chapter 15 Risk Mitigation
Chapter 15 Risk Mitigation
Dr. Ahmed Al Zaidy
Â
Chapter 1 Introduction to Security
Chapter 1 Introduction to Security
Dr. Ahmed Al Zaidy
Â
Chapter 4 Advanced Cryptography and P K I
Chapter 4 Advanced Cryptography and P K I
Dr. Ahmed Al Zaidy
Â
Chapter 7 Administering a Secure Network
Chapter 7 Administering a Secure Network
Dr. Ahmed Al Zaidy
Â
Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering Attacks
Dr. Ahmed Al Zaidy
Â
Chapter 9 Client and application Security
Chapter 9 Client and application Security
Dr. Ahmed Al Zaidy
Â
Whitman_Ch03.pptx
Whitman_Ch03.pptx
Siphamandla9
Â
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and Technology
Dr. Ahmed Al Zaidy
Â
Chapter 12 Access Management
Chapter 12 Access Management
Dr. Ahmed Al Zaidy
Â
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security
Dr. Ahmed Al Zaidy
Â
Chapter 14 Business Continuity
Chapter 14 Business Continuity
Dr. Ahmed Al Zaidy
Â
Whitman_Ch05.pptx
Whitman_Ch05.pptx
Siphamandla9
Â
Whitman_Ch02.pptx
Whitman_Ch02.pptx
Siphamandla9
Â
Cyber Security Best Practices
Cyber Security Best Practices
Evolve IP
Â
Information security
Information security
razendar79
Â
Chapter 12 Presentation
Chapter 12 Presentation
Amy McMullin
Â
Security Threats at OSI layers
Security Threats at OSI layers
Department of Computer Science
Â
Chapter 7 Presentation
Chapter 7 Presentation
Amy McMullin
Â
Chapter 2 Presentation
Chapter 2 Presentation
Amy McMullin
Â
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
Â
Chapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
Â
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
Â
Threat Modelling
Threat Modelling
n|u - The Open Security Community
Â
Security misconfiguration
Security misconfiguration
Jiri Danihelka
Â
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
waqasahmad1995
Â
Application Security
Application Security
florinc
Â
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
Dr. Ahmed Al Zaidy
Â
ITT450 Chapter 1.pptx
ITT450 Chapter 1.pptx
AliffDarfriz
Â
More Related Content
What's hot
Whitman_Ch03.pptx
Whitman_Ch03.pptx
Siphamandla9
Â
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and Technology
Dr. Ahmed Al Zaidy
Â
Chapter 12 Access Management
Chapter 12 Access Management
Dr. Ahmed Al Zaidy
Â
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security
Dr. Ahmed Al Zaidy
Â
Chapter 14 Business Continuity
Chapter 14 Business Continuity
Dr. Ahmed Al Zaidy
Â
Whitman_Ch05.pptx
Whitman_Ch05.pptx
Siphamandla9
Â
Whitman_Ch02.pptx
Whitman_Ch02.pptx
Siphamandla9
Â
Cyber Security Best Practices
Cyber Security Best Practices
Evolve IP
Â
Information security
Information security
razendar79
Â
Chapter 12 Presentation
Chapter 12 Presentation
Amy McMullin
Â
Security Threats at OSI layers
Security Threats at OSI layers
Department of Computer Science
Â
Chapter 7 Presentation
Chapter 7 Presentation
Amy McMullin
Â
Chapter 2 Presentation
Chapter 2 Presentation
Amy McMullin
Â
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
Â
Chapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
Â
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
Â
Threat Modelling
Threat Modelling
n|u - The Open Security Community
Â
Security misconfiguration
Security misconfiguration
Jiri Danihelka
Â
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
waqasahmad1995
Â
Application Security
Application Security
florinc
Â
What's hot
(20)
Whitman_Ch03.pptx
Whitman_Ch03.pptx
Â
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and Technology
Â
Chapter 12 Access Management
Chapter 12 Access Management
Â
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security
Â
Chapter 14 Business Continuity
Chapter 14 Business Continuity
Â
Whitman_Ch05.pptx
Whitman_Ch05.pptx
Â
Whitman_Ch02.pptx
Whitman_Ch02.pptx
Â
Cyber Security Best Practices
Cyber Security Best Practices
Â
Information security
Information security
Â
Chapter 12 Presentation
Chapter 12 Presentation
Â
Security Threats at OSI layers
Security Threats at OSI layers
Â
Chapter 7 Presentation
Chapter 7 Presentation
Â
Chapter 2 Presentation
Chapter 2 Presentation
Â
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Â
Chapter 1 Presentation
Chapter 1 Presentation
Â
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Â
Threat Modelling
Threat Modelling
Â
Security misconfiguration
Security misconfiguration
Â
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
Â
Application Security
Application Security
Â
Similar to Chapter 11 Authentication and Account Management
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
Dr. Ahmed Al Zaidy
Â
ITT450 Chapter 1.pptx
ITT450 Chapter 1.pptx
AliffDarfriz
Â
Whitman_Ch06.pptx
Whitman_Ch06.pptx
Siphamandla9
Â
Software Development, Data Types, and Expressions
Software Development, Data Types, and Expressions
pullaravikumar
Â
Python Fundamentals
Python Fundamentals
pullaravikumar
Â
Intro to Web Design 6e Chapter 7
Intro to Web Design 6e Chapter 7
Steve Guinan
Â
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Research
Â
Intro to Web Design 6e Chapter 5
Intro to Web Design 6e Chapter 5
Steve Guinan
Â
9781337102087 ppt ch05
9781337102087 ppt ch05
Terry Yoast
Â
Whitman_Ch12.pptx
Whitman_Ch12.pptx
Siphamandla9
Â
Ecc 2016 module 1 ppt presentation
Ecc 2016 module 1 ppt presentation
dgdotson
Â
Ecc 2016 module 1 ppt presentation
Ecc 2016 module 1 ppt presentation
dgdotson
Â
Lecture 8- information technology slides
Lecture 8- information technology slides
Aiman Niazi
Â
Intro to Web Design 6e Chapter 6
Intro to Web Design 6e Chapter 6
Steve Guinan
Â
1WebDesign6EChapter1TheEnvironmentandtheTools.docx
1WebDesign6EChapter1TheEnvironmentandtheTools.docx
lorainedeserre
Â
9780840024220 ppt ch09
9780840024220 ppt ch09
Kristin Harrison
Â
Lecture 5.pptx
Lecture 5.pptx
DuncanWachira3
Â
Intro to Web Design 6e Chapter 1
Intro to Web Design 6e Chapter 1
Steve Guinan
Â
BSAD 372 SPRING 2017 CH 10
BSAD 372 SPRING 2017 CH 10
Janice Robinson
Â
9781337102087 ppt ch15
9781337102087 ppt ch15
Terry Yoast
Â
Similar to Chapter 11 Authentication and Account Management
(20)
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
Â
ITT450 Chapter 1.pptx
ITT450 Chapter 1.pptx
Â
Whitman_Ch06.pptx
Whitman_Ch06.pptx
Â
Software Development, Data Types, and Expressions
Software Development, Data Types, and Expressions
Â
Python Fundamentals
Python Fundamentals
Â
Intro to Web Design 6e Chapter 7
Intro to Web Design 6e Chapter 7
Â
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
Â
Intro to Web Design 6e Chapter 5
Intro to Web Design 6e Chapter 5
Â
9781337102087 ppt ch05
9781337102087 ppt ch05
Â
Whitman_Ch12.pptx
Whitman_Ch12.pptx
Â
Ecc 2016 module 1 ppt presentation
Ecc 2016 module 1 ppt presentation
Â
Ecc 2016 module 1 ppt presentation
Ecc 2016 module 1 ppt presentation
Â
Lecture 8- information technology slides
Lecture 8- information technology slides
Â
Intro to Web Design 6e Chapter 6
Intro to Web Design 6e Chapter 6
Â
1WebDesign6EChapter1TheEnvironmentandtheTools.docx
1WebDesign6EChapter1TheEnvironmentandtheTools.docx
Â
9780840024220 ppt ch09
9780840024220 ppt ch09
Â
Lecture 5.pptx
Lecture 5.pptx
Â
Intro to Web Design 6e Chapter 1
Intro to Web Design 6e Chapter 1
Â
BSAD 372 SPRING 2017 CH 10
BSAD 372 SPRING 2017 CH 10
Â
9781337102087 ppt ch15
9781337102087 ppt ch15
Â
More from Dr. Ahmed Al Zaidy
Chapter 14 Exploring Object-based Programming
Chapter 14 Exploring Object-based Programming
Dr. Ahmed Al Zaidy
Â
Chapter 13 Programming for web forms
Chapter 13 Programming for web forms
Dr. Ahmed Al Zaidy
Â
Chapter 12 Working with Document nodes and style sheets
Chapter 12 Working with Document nodes and style sheets
Dr. Ahmed Al Zaidy
Â
Chapter 11 Working with Events and Styles
Chapter 11 Working with Events and Styles
Dr. Ahmed Al Zaidy
Â
Chapter 10 Exploring arrays, loops, and conditional statements
Chapter 10 Exploring arrays, loops, and conditional statements
Dr. Ahmed Al Zaidy
Â
Chapter 9 Getting Started with JavaScript
Chapter 9 Getting Started with JavaScript
Dr. Ahmed Al Zaidy
Â
Chapter 8 Enhancing a website with multimedia
Chapter 8 Enhancing a website with multimedia
Dr. Ahmed Al Zaidy
Â
Chapter 7 Designing a web form
Chapter 7 Designing a web form
Dr. Ahmed Al Zaidy
Â
Chapter 6 Working with Tables and Columns
Chapter 6 Working with Tables and Columns
Dr. Ahmed Al Zaidy
Â
Chapter 5 Designing for the mobile web
Chapter 5 Designing for the mobile web
Dr. Ahmed Al Zaidy
Â
Chapter 4 Graphic Design with CSS
Chapter 4 Graphic Design with CSS
Dr. Ahmed Al Zaidy
Â
Chapter 3 Designing a Page Layout
Chapter 3 Designing a Page Layout
Dr. Ahmed Al Zaidy
Â
Chapter 2 Getting Started with CSS
Chapter 2 Getting Started with CSS
Dr. Ahmed Al Zaidy
Â
Chapter 1 Getting Started with HTML5
Chapter 1 Getting Started with HTML5
Dr. Ahmed Al Zaidy
Â
Integer overflows
Integer overflows
Dr. Ahmed Al Zaidy
Â
testing throughout-the-software-life-cycle-section-2
testing throughout-the-software-life-cycle-section-2
Dr. Ahmed Al Zaidy
Â
Fundamental of testing
Fundamental of testing
Dr. Ahmed Al Zaidy
Â
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
Dr. Ahmed Al Zaidy
Â
More from Dr. Ahmed Al Zaidy
(18)
Chapter 14 Exploring Object-based Programming
Chapter 14 Exploring Object-based Programming
Â
Chapter 13 Programming for web forms
Chapter 13 Programming for web forms
Â
Chapter 12 Working with Document nodes and style sheets
Chapter 12 Working with Document nodes and style sheets
Â
Chapter 11 Working with Events and Styles
Chapter 11 Working with Events and Styles
Â
Chapter 10 Exploring arrays, loops, and conditional statements
Chapter 10 Exploring arrays, loops, and conditional statements
Â
Chapter 9 Getting Started with JavaScript
Chapter 9 Getting Started with JavaScript
Â
Chapter 8 Enhancing a website with multimedia
Chapter 8 Enhancing a website with multimedia
Â
Chapter 7 Designing a web form
Chapter 7 Designing a web form
Â
Chapter 6 Working with Tables and Columns
Chapter 6 Working with Tables and Columns
Â
Chapter 5 Designing for the mobile web
Chapter 5 Designing for the mobile web
Â
Chapter 4 Graphic Design with CSS
Chapter 4 Graphic Design with CSS
Â
Chapter 3 Designing a Page Layout
Chapter 3 Designing a Page Layout
Â
Chapter 2 Getting Started with CSS
Chapter 2 Getting Started with CSS
Â
Chapter 1 Getting Started with HTML5
Chapter 1 Getting Started with HTML5
Â
Integer overflows
Integer overflows
Â
testing throughout-the-software-life-cycle-section-2
testing throughout-the-software-life-cycle-section-2
Â
Fundamental of testing
Fundamental of testing
Â
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
Â
Recently uploaded
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
GeoBlogs
Â
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
GaneshChakor2
Â
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Â
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
chloefrazer622
Â
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
eniolaolutunde
Â
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
sanyamsingh5019
Â
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
Celine George
Â
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of Powders
ChitralekhaTherkar
Â
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
RKavithamani
Â
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
RoyAbrique
Â
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
SoniaTolstoy
Â
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
UnboundStockton
Â
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Â
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
VS Mahajan Coaching Centre
Â
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
pboyjonauth
Â
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
Maksud Ahmed
Â
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
Steve Thomason
Â
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
JhengPantaleon
Â
CĂłdigo Creativo y Arte de Software | Unidad 1
CĂłdigo Creativo y Arte de Software | Unidad 1
MaestrĂa en ComunicaciĂłn Digital Interactiva - UNR
Â
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
pboyjonauth
Â
Recently uploaded
(20)
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
Â
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
Â
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Â
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
Â
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
Â
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
Â
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
Â
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of Powders
Â
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Â
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Â
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
Â
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
Â
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Â
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Â
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
Â
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
Â
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
Â
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
Â
CĂłdigo Creativo y Arte de Software | Unidad 1
CĂłdigo Creativo y Arte de Software | Unidad 1
Â
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
Â
Chapter 11 Authentication and Account Management
1.
1 CompTIA Security+ Guide
to Network Security Fundamentals, Sixth Edition Chapter 11 Authentication and Account Management © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
2.
Objectives 11.1 Describe the
different types of authentication credentials 11.2 Explain what single sign-on can do 11.3 List the account management procedures for securing passwords © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password- protected website for classroom use.
3.
3 Authentication Credentials (1
of 2) • Types of authentication credentials • Where you are -Example: a military base • What you have -Example: key fob to lock your car • What you are -Example: facial characteristics recognized • What you know -Example: combination to health club locker • What you do -Example: do something to prove authenticity © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
4.
4 Authentication Credentials (2
of 2) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
5.
5 What You Know:
Passwords • User logging in to a system • Asked to identify himself -User enters username • User asked to authenticate -User enters password • Passwords are the most common type of authentication today • Passwords provide only weak protection • Actions can be taken to strengthen passwords © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
6.
6 Password Weaknesses (1
of 3) • Weakness of passwords is linked to human memory • Humans can memorize only a limited number of items • Long, complex passwords are most effective • Most difficult to memorize • Users must remember passwords for many different accounts • Each account password should be unique • Security policies mandate passwords must expire • Users must repeatedly memorize passwords © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
7.
7 Password Weaknesses (2
of 3) • Users often take shortcuts • Using a weak password -Examples: common words, short password, or personal information • When attempting to create stronger passwords, they generally follow predictable patterns: -Appending: using letters, numbers, and punctuation in a pattern -Replacing: users use replacements in predictable patterns © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
8.
8 Password Weaknesses (3
of 3) Rank Password 1 123456 2 123456789 3 abc123 4 password 5 password1 6 12345678 7 111111 8 1234567 9 12345 10 1234567890 © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
9.
9 Attacks on Passwords
(1 of 9) • Attacks that can be used to discover passwords: • Social engineering -Phishing, shoulder surfing, dumpster diving • Capturing -Keylogger, protocol analyzer -Man-in-the-middle and replay attacks • Resetting -Attacker gains physical access to computer and resets password © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
10.
10 Attacks on Passwords
(2 of 9) • Offline attack • Method used by most password attacks today • Attackers steal file of password digests -Compare with their own digests they have created • Offline password attacks include: • Brute force • Mask • Rule • Dictionary • Rainbow tables • Password collections © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
11.
11 Attacks on Passwords
(3 of 9) • Brute force • Every possible combination of letters, numbers, and characters used to create encrypted passwords and matched against stolen file • Slowest, most thorough method • NTLM (New Technology LAN Manager) hash -An attacker who can steal the digest of an NTLM password would not need to try to break it -He would simply pretend to be the user and send that hash to the remote system to then be authenticated -Known as a pass the hash attack © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
12.
12 Attacks on Passwords
(4 of 9) • Mask Attack • A more targeted brute force attack that uses placeholders for characters in certain positions of the password • Parameters that can be entered in a mask attack include: -Password length -Character set -Language -Pattern -Skips • Rule Attack • Conducts a statistical analysis on the stolen passwords that is used to create a mask to break the largest number of passwords © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
13.
13 Attacks on Passwords
(5 of 9) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
14.
14 Attacks on Passwords
(6 of 9) • Dictionary Attack • Attacker creates digests of common dictionary words • Compares against stolen digest file • Pre-image attack - a dictionary attack that uses a set of dictionary words and compares it with the stolen digests • Birthday attack - the search for any two digests that are the same © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
15.
15 Attacks on Passwords
(7 of 9) • Rainbow Tables • Creates a large pregenerated data set of candidate digests • Steps for using a rainbow table • Creating the table -Chain of plaintext passwords -Encrypt initial password -Feed into a function that produces different plaintext passwords -Repeat for a set number of rounds • Using the table to crack a password -Run encrypted password though same procedure used to create initial table -Results in initial chain password © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
16.
16 Attacks on Passwords
(8 of 9) • Using the table to crack a password (cont’d.) • Repeat, starting with this initial password until original encryption is found • Password used at last iteration is the cracked password • Rainbow table advantages over other attack methods • Can be used repeatedly • Faster than dictionary attacks • Less memory on the attacking machine is required © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
17.
17 Attacks on Passwords
(9 of 9) • Password Collections • In 2009, an attacker used an SQL injection attack and more than 32 million user passwords (in cleartext) were stolen • These passwords provided two key elements for password attacks: -Gave attackers a large corpus of real-world passwords -Have provided attackers advanced insight into the strategic thinking of how users create passwords © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
18.
18 Password Security (1
of 5) • Securing passwords from attacks depends upon the user as well as the enterprise • For the user • It involves properly managing passwords • For the enterprise • It involves protecting password digests © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
19.
19 Password Security (2
of 5) • Managing Passwords • Most critical factor in a strong password is length • In addition to having long passwords, other recommendations are: -Do not use passwords that consist of dictionary words or phonetic words -Do not repeat characters or use sequences -Do not use birthdays, family member names, pet names, addresses, or any personal information • Also, use non-keyboard characters -Created by holding down the ALT key while typing a number on the numeric keypad © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
20.
20 Password Security (3
of 5) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
21.
21 Password Security (4
of 5) • Password managers • Technology used for securing passwords • Three basic types of password manager: -Password generators -Online vaults -Password management applications • Protecting Password Digests • One method is to use salts -Consists of a random string that is used in hash algorithms -Passwords can be protected by adding a random strong to the user’s cleartext password before it is hashed -Make dictionary attacks and brute force attacks much slower and limit the impact of rainbow tables © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
22.
22 Password Security (5
of 5) • Protecting Password Digests (continued) • Another method is to use key stretching - A specialized password hash algorithm that is intentionally designed to be slower - Two key stretching algorithms: brypt and PBKDF2 • Recommendation for enterprises using salts and key stretching: • Use a strong random number generator to create a salt of at least 128 bits • Input the salt and the user’s plaintext password into the PBKDF2 algorithm that is using HMAC-SHA-256 as the core hash • Perform at least 30,000 iterations on PBKDF2 • Capture the first 256 bits of output from PBKDF2 as the password digest • Store the iteration count, the salt, and the password digest in a secure password database © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
23.
23 What You Have:
Tokens, Cards, and Cell Phones • Multifactor authentication • When a user is using more than one type of authentication credential • Example: what a user knows and what a user has could be used together for authentication • Single-factor authentication • Using just one type of authentication • Most common items used for authentication: • Tokens, cards, and cell phones © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
24.
24 Tokens (1 of
3) • Tokens • Used to create a one-time password (OTP) - Authentication code that can be used only once or for a limited period of time • Hardware security token - Typically a small device with a window display • Software security token - Stored on a general-purpose device like a laptop computer or smartphone • Two types of OTPs • Time-based one-time password (TOTP) - Synched with an authentication server - Code is generated from an algorithm - Code changes every 30 to 60 seconds © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
25.
25 Tokens (2 of
3) • Two types of OTPs (continued) • HMAC-based one-time password (HOTP) • “Event-driven” and changes when a specific event occurs • Advantages over passwords • Token code changes frequently • Attacker would have to crack code within time limit • User may not know if password has been stolen • If token is stolen, it becomes obvious and steps could be taken to disable account © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
26.
26 Tokens (3 of
3) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
27.
27 Cards (1 of
2) • Smart card contains integrated circuit chip that holds information and can be either: • Contact card – a “pad” that allows electronic access to chip contents • Contactless cards (proximity cards) • Require no physical access to the card • Common access card (CAC) • Issued by US Department of Defense • Bar code, magnetic strip, and bearer’s picture • The smart card standard covering all U.S. government employees is the Personal Identity Verification (PIV) standard © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
28.
28 Cards (2 of
2) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
29.
29 Cell Phones • Cell
Phones are increasingly replacing tokens and cards • A code can be sent to a user’s cell phone through an app on the device • Allow a user to send a request via the phone to receive an HOTP authorization code © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
30.
30 What You Are:
Biometrics • “Something you are” biometrics involves: • Standard biometrics • Cognitive biometrics © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
31.
31 Standard Biometrics (1
of 4) • Standard biometrics • Uses a person’s unique physical characteristics for authentication • Face, hand, or eye characteristics are used to authenticate • Specialized Biometric Scanners • Retinal scanner uses the human retina as a biometric identifier - Maps the unique patterns of a retina by directing a beam of low-energy infrared light (IR) into a person’s eye • Fingerprint scanner types - Static fingerprint scanner - takes a picture and compares with image on file - Dynamic fingerprint scanner - uses small slit or opening © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
32.
32 Standard Biometrics (2
of 4) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
33.
33 Standard Biometrics (3
of 4) • Standard Input Devices • Voice recognition uses a standard computer microphone to identify users based on the unique characteristics of a person’s voice • Iris scanner uses a standard webcam to identify the unique characteristics of the iris • Facial recognition uses landmarks called nodal points on human faces for authentication © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
34.
34 Standard Biometrics (4
of 4) • Biometric Disadvantages • Cost of hardware scanning devices • Readers have some amount of error • Reject authorized users • Accept unauthorized users • Biometric systems can be “tricked” © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
35.
35 Cognitive Biometrics (1
of 2) • Cognitive biometrics • Relates to perception, thought process, and understanding of the user • Easier for user to remember because it is based on user’s life experiences • Difficult for an attacker to imitate • Picture password • Introduced by Windows • Users select a picture to use for which there should be at least 10 “points of interest” that could serve as “landmarks” or places to touch • Other examples of cognitive biometrics: • Requires user to identify specific faces • User selects one of several “memorable events” © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
36.
36 Cognitive Biometrics (2
of 2) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
37.
37 What You Do:
Behavioral Biometrics (1 of 2) • Behavioral biometrics • Authenticates by normal actions the user performs • Keystroke dynamics • Attempts to recognize user’s typing rhythm • All users type at a different pace • Provides up to 98 percent accuracy • Uses two unique typing variables • Dwell time (time it takes to press and release a key) • Flight time (time between keystrokes) • Holds a great amount of potential • It requires no specialized hardware © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
38.
38 What You Do:
Behavioral Biometrics (2 of 2) © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
39.
39 • Geolocation • The
identification of the location of a person or object using technology • Used most often to reject imposters instead of accepting authorized users • Can indicate if an attacker is trying to perform a malicious action from a location different from the normal location of the user • Many websites will not allow a user to access an account if the computer is located in a different state • Some websites may require a second type of authentication • A code sent as a text message to a cell phone number on file © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Where You Are: Geolocation
40.
40 Single Sign-on • Identity
management • Using a single authentication credential shared across multiple networks • It is called federated identity management (FIM) when networks are owned by different organizations • Single sign-on (SSO) holds promise to reduce burden of usernames and passwords to just one • Examples of popular SSOs: • OAuth, Open ID Connect, and Shibboleth © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
41.
41 Account Management (1
of 2) • Managing user account passwords • Can be done by setting password rules • Too cumbersome to manage on a user-by-user basis • Security risk if one user setting is overlooked • Preferred approach: assign privileges by group (group policy) • Microsoft Windows group password settings • Password Policy Settings • Account Lockout Policy © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
42.
42 Account Management (2
of 2) • Other steps to take: • A shared account, a generic account, and a guest account should be prohibited • Closely monitor any privileged accounts • Disable account passwords instead of deleting accounts no longer being used • Create strict policies regarding password recovery • Transitive trust • A two-way relationship that is automatically created between parent and child domains in a Microsoft Active Directory Forest • When a new domain is created, it shares resources with its parent domain by default • Can enable an authenticated user to access resources in both the child and the parent © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
43.
43 Chapter Summary (1
of 2) • Authentication credentials can be classified into five categories: what you know, what you have, what you are, what you do, and where you are • Passwords provide a weak degree of protection • Must rely on human memory • Most password attacks today use offline attacks • Attackers steal encrypted password file • A dictionary attack begins with the attacker creating digests of common dictionary words, which are compared with those in a stolen password file • Securing passwords from attacks depends upon the user as well as the enterprise • Security experts recommend that technology be used to store and manage passwords called password managers © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
44.
44 Chapter Summary (2
of 2) • Another type of authentication credential is based on the approved user having a specific item in her possession • A hardware token is a small device that generates a code from an algorithm once every 30 to 60 seconds • Biometrics bases authentication on characteristics of an individual • Standard and cognitive biometrics are examples • Behavioral biometrics authenticates by normal actions the user performs • Single sign-on (SSO) allows a single username and password to gain access to all accounts • Group Policy settings allow an administrator to set password restrictions for an entire group at once © 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Download now