SlideShare une entreprise Scribd logo

nFront Password Filter Overview

Télécharger en tant que PPTX, PDF
nFront Security
nFront Security

The document summarizes nFront Password Filter, which allows organizations to implement multiple granular password policies within a single Windows domain. It runs on all domain controllers and tightly integrates with Windows to filter passwords during change requests. The document outlines why weak passwords should be prevented, how nFront Password Filter works during password changes, and its capabilities like supporting multiple password policies and password dictionaries. It also notes nFront Password Filter's performance, scalability, and compliance with standards like PCI, HIPAA, and SOX.

Technologie
1  sur  16
nFront Password Filter Demo
Agenda  Why filter passwords?  What is nFront Password Filter  Configuration  Q & A
Why Prevent Weak Passwords? • Weak passwords are still on the SANS/FBI top 20 yearly list of top vulnerabilities. • Over 40% of people use passwords that contain the name of a spouse, child or pet. • Password compromise leads to data theft and not just denial of service. • Security Audits / Compliance.
Windows Password Policy • The above policy allows passwords like: aaaaa myusername qwerty january mydogsname 123456 Conclusion: The Windows Password Policy is not enough!
Compliance • Sarbanes-Oxley section 404 • Payment Card Industry (PCI) • HIPPA • IRS 1075 Guidelines
nFront Password Filter  Allows multiple granular password policies in the same Windows domain.  Runs on all domain controllers.  Tightly integrated with Windows OS.  Cannot be bypassed.  Easy to install and configure.
Password Change Overview 1. User submits password change. All password changes go to a Domain Controller. 2. LSA calls nFront Password Filter. NPF consults password policy. 3. nFront Password Filter may check dictionary. 4. nFront Password Filter tells LSA if password is acceptable. Password change accepted or rejected.
Where NPF fits
NPF Group Policy These settings are pushed to registry of all domain controllers and tell the filter the policy rules.
NPF Configuration • MPE has a Default Policy plus 5 others. • Each policy has many granular settings that cover not only character types but also rules like rejecting passwords with vowels, etc. • Each policy is linked to one or more security groups.
DEMO - configuration • Create GPO • Configure GPO for one policy
Versions • Multipolicy Edition – Runs on Domain Controllers – Up to 6 password policies in 1 domain • Single Policy Edition – Runs on Domain Controllers – 1 password policy per domain • Member Server Edition – runs on Member Servers – Filters local pw changes. Controlled via GPO that targets OU where servers are. – Can filter passwords for SQL users if you run SQL Server 2005 on Windows 2003.
Performance / Scalability • DLL is only 150 KB in size! • No Network API calls that leave the Domain Controller and add latency. • The PasswordFilter() routine completes in milliseconds. • Sprint tested the DLL with over 11,000 password changes per minute (dictionary not used). • Can check password against 2.5 million passwords in dictionary in less than 1 second.
DEMO • Two Policies • Dictionary Scanning
Questions and Answers
Thank you. Thank you for your time.

Recommandé

How a Windows Password Filters Works
How a Windows Password Filters WorksHow a Windows Password Filters Works
How a Windows Password Filters WorksnFront Security
 
PCI Password Policy Compliance
PCI Password Policy CompliancePCI Password Policy Compliance
PCI Password Policy CompliancenFront Security
 
Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...
Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...
Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...VMware Tanzu
 
Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar Rogue Wave Software
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactTom Eston
 
Core Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Security
 
Legal and practical concerns with open source software
Legal and practical concerns with open source softwareLegal and practical concerns with open source software
Legal and practical concerns with open source softwareRogue Wave Software
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsSam Bowne
 

Recommandé

How a Windows Password Filters Works
How a Windows Password Filters WorksHow a Windows Password Filters Works
How a Windows Password Filters WorksnFront Security
 
PCI Password Policy Compliance
PCI Password Policy CompliancePCI Password Policy Compliance
PCI Password Policy CompliancenFront Security
 
Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...
Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...
Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...VMware Tanzu
 
Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar Rogue Wave Software
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactTom Eston
 
Core Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Security
 
Legal and practical concerns with open source software
Legal and practical concerns with open source softwareLegal and practical concerns with open source software
Legal and practical concerns with open source softwareRogue Wave Software
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsSam Bowne
 
Windows Defense101
Windows Defense101Windows Defense101
Windows Defense101NickAlholinna
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
 
CNIT 128 8. Android Implementation Issues (Part 3)
CNIT 128 8. Android Implementation Issues (Part 3)CNIT 128 8. Android Implementation Issues (Part 3)
CNIT 128 8. Android Implementation Issues (Part 3)Sam Bowne
 
Software compliance
Software complianceSoftware compliance
Software complianceS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Be Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingBe Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingAmit Shirolkar
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database ServerFahri Firdausillah
 
PCI 3.0 and penetration testing
PCI 3.0 and penetration testingPCI 3.0 and penetration testing
PCI 3.0 and penetration testingMarcus Dempsey
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primeramiable_indian
 
Magento Security and Us
Magento Security and UsMagento Security and Us
Magento Security and UsLee Saferite
 
CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)Sam Bowne
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Nagaraju Repala
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge frameworkOWASP
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 
Earth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitEarth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitSelassie Networks
 
Earth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitEarth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitRasjomanny Puntorg
 
How to Create Cohesive Teams
How to Create Cohesive TeamsHow to Create Cohesive Teams
How to Create Cohesive TeamsBizSmart Select
 
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
"Redes y estructuras transversales" en el II Encuentro de Cultura y CiudadaníaEsteban Romero Frías
 
As Mãos do avô
As Mãos do avôAs Mãos do avô
As Mãos do avôguest1b6e91
 
arts / architecture / cadre juridique
arts / architecture / cadre juridiquearts / architecture / cadre juridique
arts / architecture / cadre juridiqueChristiaan Weiler
 
Magento 2 Módulo Low Stock Notifier
Magento 2 Módulo Low Stock NotifierMagento 2 Módulo Low Stock Notifier
Magento 2 Módulo Low Stock Notifiergalan83
 
Ten years of the UK web archive: what have we saved?
Ten years of the UK web archive: what have we saved?Ten years of the UK web archive: what have we saved?
Ten years of the UK web archive: what have we saved?Andy Jackson
 

Contenu connexe

Tendances

Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
 
CNIT 128 8. Android Implementation Issues (Part 3)
CNIT 128 8. Android Implementation Issues (Part 3)CNIT 128 8. Android Implementation Issues (Part 3)
CNIT 128 8. Android Implementation Issues (Part 3)Sam Bowne
 
Be Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingBe Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingAmit Shirolkar
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
PCI 3.0 and penetration testing
PCI 3.0 and penetration testingPCI 3.0 and penetration testing
PCI 3.0 and penetration testingMarcus Dempsey
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primeramiable_indian
 
Magento Security and Us
Magento Security and UsMagento Security and Us
Magento Security and UsLee Saferite
 
CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)Sam Bowne
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Nagaraju Repala
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge frameworkOWASP
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 

Tendances (14)

Windows Defense101
Windows Defense101Windows Defense101
Windows Defense101
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
 
CNIT 128 8. Android Implementation Issues (Part 3)
CNIT 128 8. Android Implementation Issues (Part 3)CNIT 128 8. Android Implementation Issues (Part 3)
CNIT 128 8. Android Implementation Issues (Part 3)
 
Software compliance
Software complianceSoftware compliance
Software compliance
 
Be Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingBe Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability Testing
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database Server
 
PCI 3.0 and penetration testing
PCI 3.0 and penetration testingPCI 3.0 and penetration testing
PCI 3.0 and penetration testing
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primer
 
Magento Security and Us
Magento Security and UsMagento Security and Us
Magento Security and Us
 
CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden Threat
 

En vedette

Earth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitEarth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitSelassie Networks
 
Earth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitEarth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitRasjomanny Puntorg
 
How to Create Cohesive Teams
How to Create Cohesive TeamsHow to Create Cohesive Teams
How to Create Cohesive TeamsBizSmart Select
 
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
"Redes y estructuras transversales" en el II Encuentro de Cultura y CiudadaníaEsteban Romero Frías
 
As Mãos do avô
As Mãos do avôAs Mãos do avô
As Mãos do avôguest1b6e91
 
arts / architecture / cadre juridique
arts / architecture / cadre juridiquearts / architecture / cadre juridique
arts / architecture / cadre juridiqueChristiaan Weiler
 
Magento 2 Módulo Low Stock Notifier
Magento 2 Módulo Low Stock NotifierMagento 2 Módulo Low Stock Notifier
Magento 2 Módulo Low Stock Notifiergalan83
 
Ten years of the UK web archive: what have we saved?
Ten years of the UK web archive: what have we saved?Ten years of the UK web archive: what have we saved?
Ten years of the UK web archive: what have we saved?Andy Jackson
 
English ppt on vikram seth's poem
English ppt on vikram seth's poemEnglish ppt on vikram seth's poem
English ppt on vikram seth's poemAnish Mishra
 
Get Exposure By Giving Exposure
Get Exposure By Giving ExposureGet Exposure By Giving Exposure
Get Exposure By Giving ExposureClayton Carroll
 
Comment développer votre B2B grâce au web ?
Comment développer votre B2B grâce au web ?Comment développer votre B2B grâce au web ?
Comment développer votre B2B grâce au web ?Silex
 
ITALIANI VOTATE!
ITALIANI VOTATE!ITALIANI VOTATE!
ITALIANI VOTATE!telosaes
 
arts / architecture / cadre technique
arts / architecture / cadre techniquearts / architecture / cadre technique
arts / architecture / cadre techniqueChristiaan Weiler
 

En vedette (14)

Earth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitEarth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In Toolkit
 
Earth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitEarth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In Toolkit
 
How to Create Cohesive Teams
How to Create Cohesive TeamsHow to Create Cohesive Teams
How to Create Cohesive Teams
 
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
 
As Mãos do avô
As Mãos do avôAs Mãos do avô
As Mãos do avô
 
arts / architecture / cadre juridique
arts / architecture / cadre juridiquearts / architecture / cadre juridique
arts / architecture / cadre juridique
 
Magento 2 Módulo Low Stock Notifier
Magento 2 Módulo Low Stock NotifierMagento 2 Módulo Low Stock Notifier
Magento 2 Módulo Low Stock Notifier
 
Ten years of the UK web archive: what have we saved?
Ten years of the UK web archive: what have we saved?Ten years of the UK web archive: what have we saved?
Ten years of the UK web archive: what have we saved?
 
English ppt on vikram seth's poem
English ppt on vikram seth's poemEnglish ppt on vikram seth's poem
English ppt on vikram seth's poem
 
Get Exposure By Giving Exposure
Get Exposure By Giving ExposureGet Exposure By Giving Exposure
Get Exposure By Giving Exposure
 
Comment développer votre B2B grâce au web ?
Comment développer votre B2B grâce au web ?Comment développer votre B2B grâce au web ?
Comment développer votre B2B grâce au web ?
 
ITALIANI VOTATE!
ITALIANI VOTATE!ITALIANI VOTATE!
ITALIANI VOTATE!
 
Blogging for business
Blogging for businessBlogging for business
Blogging for business
 
arts / architecture / cadre technique
arts / architecture / cadre techniquearts / architecture / cadre technique
arts / architecture / cadre technique
 

Similaire à nFront Password Filter Overview

The Windows Password Policy is Not Enough
The Windows Password Policy is Not EnoughThe Windows Password Policy is Not Enough
The Windows Password Policy is Not EnoughnFront Security
 
5 Effective M365 IT Pro Habits
5 Effective M365 IT Pro Habits5 Effective M365 IT Pro Habits
5 Effective M365 IT Pro HabitsAllison Schoner
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Teemu Tiainen
 
Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...Andrejs Prokopjevs
 
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)Nexcess.net LLC
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
Federated access management
Federated access managementFederated access management
Federated access managementMark Cairney
 
Puppet Camp London Fall 2014: Keynote
Puppet Camp London Fall 2014: KeynotePuppet Camp London Fall 2014: Keynote
Puppet Camp London Fall 2014: KeynotePuppet
 
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck HubFLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck HubBlack Duck by Synopsys
 
Kaseya Connect 2013: Templates and Policy: The Next Steps
Kaseya Connect 2013: Templates and Policy: The Next StepsKaseya Connect 2013: Templates and Policy: The Next Steps
Kaseya Connect 2013: Templates and Policy: The Next StepsKaseya
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Lumberjack: Finit's Oracle EPM - Hyperion System Monitoring Tool
Lumberjack: Finit's Oracle EPM - Hyperion System Monitoring ToolLumberjack: Finit's Oracle EPM - Hyperion System Monitoring Tool
Lumberjack: Finit's Oracle EPM - Hyperion System Monitoring Toolfinitsolutions
 
Back from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerBack from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerTeamstudio
 
Answer each question1-Describe reasons for using each of the two.docx
Answer each question1-Describe reasons for using each of the two.docxAnswer each question1-Describe reasons for using each of the two.docx
Answer each question1-Describe reasons for using each of the two.docxjustine1simpson78276
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposalDale White
 
Steve Jones - Team-based Version Control
Steve Jones - Team-based Version ControlSteve Jones - Team-based Version Control
Steve Jones - Team-based Version ControlRed Gate Software
 
Inside Solr 5 - Bangalore Solr/Lucene Meetup
Inside Solr 5 - Bangalore Solr/Lucene MeetupInside Solr 5 - Bangalore Solr/Lucene Meetup
Inside Solr 5 - Bangalore Solr/Lucene MeetupShalin Shekhar Mangar
 

Similaire à nFront Password Filter Overview (20)

The Windows Password Policy is Not Enough
The Windows Password Policy is Not EnoughThe Windows Password Policy is Not Enough
The Windows Password Policy is Not Enough
 
5 Effective M365 IT Pro Habits
5 Effective M365 IT Pro Habits5 Effective M365 IT Pro Habits
5 Effective M365 IT Pro Habits
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
 
Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...
 
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
 
Federated access management
Federated access managementFederated access management
Federated access management
 
Puppet Camp London Fall 2014: Keynote
Puppet Camp London Fall 2014: KeynotePuppet Camp London Fall 2014: Keynote
Puppet Camp London Fall 2014: Keynote
 
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck HubFLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
 
Kaseya Connect 2013: Templates and Policy: The Next Steps
Kaseya Connect 2013: Templates and Policy: The Next StepsKaseya Connect 2013: Templates and Policy: The Next Steps
Kaseya Connect 2013: Templates and Policy: The Next Steps
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Firewall best-practices-firewall-analyzer
Firewall best-practices-firewall-analyzerFirewall best-practices-firewall-analyzer
Firewall best-practices-firewall-analyzer
 
Lumberjack: Finit's Oracle EPM - Hyperion System Monitoring Tool
Lumberjack: Finit's Oracle EPM - Hyperion System Monitoring ToolLumberjack: Finit's Oracle EPM - Hyperion System Monitoring Tool
Lumberjack: Finit's Oracle EPM - Hyperion System Monitoring Tool
 
Back from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerBack from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good Server
 
#1
#1#1
#1
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0
 
Answer each question1-Describe reasons for using each of the two.docx
Answer each question1-Describe reasons for using each of the two.docxAnswer each question1-Describe reasons for using each of the two.docx
Answer each question1-Describe reasons for using each of the two.docx
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposal
 
Steve Jones - Team-based Version Control
Steve Jones - Team-based Version ControlSteve Jones - Team-based Version Control
Steve Jones - Team-based Version Control
 
Inside Solr 5 - Bangalore Solr/Lucene Meetup
Inside Solr 5 - Bangalore Solr/Lucene MeetupInside Solr 5 - Bangalore Solr/Lucene Meetup
Inside Solr 5 - Bangalore Solr/Lucene Meetup
 

Dernier

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 

Dernier (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

nFront Password Filter Overview

  • 2. Agenda  Why filter passwords?  What is nFront Password Filter  Configuration  Q & A
  • 3. Why Prevent Weak Passwords? • Weak passwords are still on the SANS/FBI top 20 yearly list of top vulnerabilities. • Over 40% of people use passwords that contain the name of a spouse, child or pet. • Password compromise leads to data theft and not just denial of service. • Security Audits / Compliance.
  • 4. Windows Password Policy • The above policy allows passwords like: aaaaa myusername qwerty january mydogsname 123456 Conclusion: The Windows Password Policy is not enough!
  • 5. Compliance • Sarbanes-Oxley section 404 • Payment Card Industry (PCI) • HIPPA • IRS 1075 Guidelines
  • 6. nFront Password Filter  Allows multiple granular password policies in the same Windows domain.  Runs on all domain controllers.  Tightly integrated with Windows OS.  Cannot be bypassed.  Easy to install and configure.
  • 7. Password Change Overview 1. User submits password change. All password changes go to a Domain Controller. 2. LSA calls nFront Password Filter. NPF consults password policy. 3. nFront Password Filter may check dictionary. 4. nFront Password Filter tells LSA if password is acceptable. Password change accepted or rejected.
  • 9. NPF Group Policy These settings are pushed to registry of all domain controllers and tell the filter the policy rules.
  • 10. NPF Configuration • MPE has a Default Policy plus 5 others. • Each policy has many granular settings that cover not only character types but also rules like rejecting passwords with vowels, etc. • Each policy is linked to one or more security groups.
  • 11. DEMO - configuration • Create GPO • Configure GPO for one policy
  • 12. Versions • Multipolicy Edition – Runs on Domain Controllers – Up to 6 password policies in 1 domain • Single Policy Edition – Runs on Domain Controllers – 1 password policy per domain • Member Server Edition – runs on Member Servers – Filters local pw changes. Controlled via GPO that targets OU where servers are. – Can filter passwords for SQL users if you run SQL Server 2005 on Windows 2003.
  • 13. Performance / Scalability • DLL is only 150 KB in size! • No Network API calls that leave the Domain Controller and add latency. • The PasswordFilter() routine completes in milliseconds. • Sprint tested the DLL with over 11,000 password changes per minute (dictionary not used). • Can check password against 2.5 million passwords in dictionary in less than 1 second.
  • 14. DEMO • Two Policies • Dictionary Scanning
  • 16. Thank you. Thank you for your time.

Notes de l'éditeur

  1. SOX suggests the disallowance of weak passwords. PCI affects companies that accept credit cards. PCI explicity states that passwords must contain a numeric character. HIPPA affects healthcare companies and suggests the use of strong passwords and measures to protect people’s healthcare data. The IRS 1075 Guidelines contains 18 password management guidelines and is very descriptive of what is required in passwords.