Proactive Password Security:Protection Beyond Compliance
-
Upload
specops-software -
Category
Software
-
view
162 -
download
1
Transcript of Proactive Password Security:Protection Beyond Compliance
PROACTIVE PASSWORD SECURITY:PROTECTION BEYOND COMPLIANCE
Welcome
• Ben Webster– [email protected]
• Enterprise Sales Manager• Definite nerd• Aspiring geek
WHOAMI
Welcome• Heather Pacan
– [email protected]• Senior Product Specialist• 16 Years Windows Infrastructure Experience• Graduated from Drexel University• Dancer and World Traveler• Karate Mom
WHOAMI
Specops Software
• Focused on the IT Professional, systems administrator
• Making the complex easy• Password Management• Desktop Management• http://www.specopssoft.com
INNOVATION AND SIMPLICITY
Agenda
• AD Password Policy limitations• Public Breaches• Compliance vs. security• Proactive password policy enforcement• Best practices
SETTING EXPECTATIONS
A typical password policy in most organizations
Must include:• An upper
case letter• A lower
case letter• A number• A special
character
‘COMPLEXITY’ ENABLED?
How secure is your password?
SECURIOSITY
Time takes to crack these passwords
• Password1 – almost instantly• P^tRi0t5– three days• 2!g@Th@R? – five years • wf@@3500A! – 58 years
ALL YOUR PASSWORDS ARE BELONG TO US
Time takes to crack these passphrases
• Why so serious?– 46 billion years• You shall not pass! – 85 duodecillion years• may1the2f0rce3be4with5you6always.– 2
quindecillion years
LENGTH IS STRENGTH
Security Breaches
YO, THIS IS ZERO COOL!
Weak login at heart of healthcare breach
THE LARGEST HEALTHCARE BREACH TO DATE
• A large health insurer in the U.S
• The largest healthcare breach to date
• Attackers used stolen employee password to access highly sensitive data
Customer data lost in retail breach
• An American retail giant
• 40 million customer debit and credit card numbers exposed in 2013
• Lack of access controls and poor password policy
A WELL AIMED BLOW TO THIS RETAIL CHAIN
Entertainment company hack highlights security failures
• Personal data and intellectual property exposed
• Weak password policy and bad password practice
A HACK THAT EXPOSED HOLLYWOOD’S SECRETS
Weak Passwords Top IT Security Risks• 90 percent of successful breaches analyzed
separately by Verizon and McAfee started with a weak or default password
GIVE AN INCH…
Costs of a data breach
THE COST OF REACTIVITY
$3.8 million in 2015
23% increase since 2013
ARE MY PASSWORDS COMPLIANT?
PASSWORD POLICY
DEMO
ASK ME ANYTHING
Q & A
Thank you!
• Ben Webster – Enterprise Sales Manager– [email protected]
• Heather Pacan – Senior Product Specialist– [email protected]
CONTACTS
Resources• https://howsecureismypassword.net/• http
://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/
• http://www.csoonline.com/article/2881532/business-continuity/anthem-how-does-a-breach-like-this-happen.html
• http://time.com/3700203/anthem-identity-theft-hacking/• http://
www.cio.com/article/2600345/security0/11-steps-attackers-took-to-crack-target.html
• http://arstechnica.com/security/2014/12/sloppy-security-hygiene-made-sony-pictures-ripe-for-hacking/
• http://mashable.com/2014/12/02/sony-hack-passwords/#sdhgwkdSJ8qy• http://www.risk3sixty.com/2014/12/19/the-sony-hack-security-failures-and-solutions/• http://www.wikihow.com/Tell-the-Difference-Between-Nerds-and-Geeks• http://www.specopssoft.com
SOME GOOD READING