proactive password security:protection beyond compliance

20
PROACTIVE PASSWORD SECURITY: PROTECTION BEYOND COMPLIANCE

Upload: specops-software

Post on 14-Apr-2017

162 views

Category:

Software


1 download

TRANSCRIPT

Page 1: Proactive Password Security:Protection Beyond Compliance

PROACTIVE PASSWORD SECURITY:PROTECTION BEYOND COMPLIANCE

Page 2: Proactive Password Security:Protection Beyond Compliance

Welcome

• Ben Webster– [email protected]

• Enterprise Sales Manager• Definite nerd• Aspiring geek

WHOAMI

Page 3: Proactive Password Security:Protection Beyond Compliance

Welcome• Heather Pacan

[email protected]• Senior Product Specialist• 16 Years Windows Infrastructure Experience• Graduated from Drexel University• Dancer and World Traveler• Karate Mom

WHOAMI

Page 4: Proactive Password Security:Protection Beyond Compliance

Specops Software

• Focused on the IT Professional, systems administrator

• Making the complex easy• Password Management• Desktop Management• http://www.specopssoft.com

INNOVATION AND SIMPLICITY

Page 5: Proactive Password Security:Protection Beyond Compliance

Agenda

• AD Password Policy limitations• Public Breaches• Compliance vs. security• Proactive password policy enforcement• Best practices

SETTING EXPECTATIONS

Page 6: Proactive Password Security:Protection Beyond Compliance

A typical password policy in most organizations

Must include:• An upper

case letter• A lower

case letter• A number• A special

character

‘COMPLEXITY’ ENABLED?

Page 7: Proactive Password Security:Protection Beyond Compliance

How secure is your password?

SECURIOSITY

Page 8: Proactive Password Security:Protection Beyond Compliance

Time takes to crack these passwords

• Password1 – almost instantly• P^tRi0t5– three days• 2!g@Th@R? – five years • wf@@3500A! – 58 years

ALL YOUR PASSWORDS ARE BELONG TO US

Page 9: Proactive Password Security:Protection Beyond Compliance

Time takes to crack these passphrases

• Why so serious?– 46 billion years• You shall not pass! – 85 duodecillion years• may1the2f0rce3be4with5you6always.– 2

quindecillion years

LENGTH IS STRENGTH

Page 10: Proactive Password Security:Protection Beyond Compliance

Security Breaches

YO, THIS IS ZERO COOL!

Page 11: Proactive Password Security:Protection Beyond Compliance

Weak login at heart of healthcare breach

THE LARGEST HEALTHCARE BREACH TO DATE

• A large health insurer in the U.S

• The largest healthcare breach to date

• Attackers used stolen employee password to access highly sensitive data

Page 12: Proactive Password Security:Protection Beyond Compliance

Customer data lost in retail breach

• An American retail giant

• 40 million customer debit and credit card numbers exposed in 2013

• Lack of access controls and poor password policy

A WELL AIMED BLOW TO THIS RETAIL CHAIN

Page 13: Proactive Password Security:Protection Beyond Compliance

Entertainment company hack highlights security failures

• Personal data and intellectual property exposed

• Weak password policy and bad password practice

A HACK THAT EXPOSED HOLLYWOOD’S SECRETS

Page 14: Proactive Password Security:Protection Beyond Compliance

Weak Passwords Top IT Security Risks• 90 percent of successful breaches analyzed

separately by Verizon and McAfee started with a weak or default password

GIVE AN INCH…

Page 15: Proactive Password Security:Protection Beyond Compliance

Costs of a data breach

THE COST OF REACTIVITY

$3.8 million in 2015

23% increase since 2013

Page 16: Proactive Password Security:Protection Beyond Compliance

ARE MY PASSWORDS COMPLIANT?

Page 17: Proactive Password Security:Protection Beyond Compliance

PASSWORD POLICY

DEMO

Page 18: Proactive Password Security:Protection Beyond Compliance

ASK ME ANYTHING

Q & A

Page 19: Proactive Password Security:Protection Beyond Compliance

Thank you!

• Ben Webster – Enterprise Sales Manager– [email protected]

• Heather Pacan – Senior Product Specialist– [email protected]

CONTACTS

Page 20: Proactive Password Security:Protection Beyond Compliance

Resources• https://howsecureismypassword.net/• http

://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/

• http://www.csoonline.com/article/2881532/business-continuity/anthem-how-does-a-breach-like-this-happen.html

• http://time.com/3700203/anthem-identity-theft-hacking/• http://

www.cio.com/article/2600345/security0/11-steps-attackers-took-to-crack-target.html

• http://arstechnica.com/security/2014/12/sloppy-security-hygiene-made-sony-pictures-ripe-for-hacking/

• http://mashable.com/2014/12/02/sony-hack-passwords/#sdhgwkdSJ8qy• http://www.risk3sixty.com/2014/12/19/the-sony-hack-security-failures-and-solutions/• http://www.wikihow.com/Tell-the-Difference-Between-Nerds-and-Geeks• http://www.specopssoft.com

SOME GOOD READING