SlideShare una empresa de Scribd logo

nFront Password Filter Overview

Descargar como PPTX, PDF
nFront Security
nFront Security

The document summarizes nFront Password Filter, which allows organizations to implement multiple granular password policies within a single Windows domain. It runs on all domain controllers and tightly integrates with Windows to filter passwords during change requests. The document outlines why weak passwords should be prevented, how nFront Password Filter works during password changes, and its capabilities like supporting multiple password policies and password dictionaries. It also notes nFront Password Filter's performance, scalability, and compliance with standards like PCI, HIPAA, and SOX.

Tecnología
1 de 16
nFront Password Filter Demo
Agenda  Why filter passwords?  What is nFront Password Filter  Configuration  Q & A
Why Prevent Weak Passwords? • Weak passwords are still on the SANS/FBI top 20 yearly list of top vulnerabilities. • Over 40% of people use passwords that contain the name of a spouse, child or pet. • Password compromise leads to data theft and not just denial of service. • Security Audits / Compliance.
Windows Password Policy • The above policy allows passwords like: aaaaa myusername qwerty january mydogsname 123456 Conclusion: The Windows Password Policy is not enough!
Compliance • Sarbanes-Oxley section 404 • Payment Card Industry (PCI) • HIPPA • IRS 1075 Guidelines
nFront Password Filter  Allows multiple granular password policies in the same Windows domain.  Runs on all domain controllers.  Tightly integrated with Windows OS.  Cannot be bypassed.  Easy to install and configure.
Password Change Overview 1. User submits password change. All password changes go to a Domain Controller. 2. LSA calls nFront Password Filter. NPF consults password policy. 3. nFront Password Filter may check dictionary. 4. nFront Password Filter tells LSA if password is acceptable. Password change accepted or rejected.
Where NPF fits
NPF Group Policy These settings are pushed to registry of all domain controllers and tell the filter the policy rules.
NPF Configuration • MPE has a Default Policy plus 5 others. • Each policy has many granular settings that cover not only character types but also rules like rejecting passwords with vowels, etc. • Each policy is linked to one or more security groups.
DEMO - configuration • Create GPO • Configure GPO for one policy
Versions • Multipolicy Edition – Runs on Domain Controllers – Up to 6 password policies in 1 domain • Single Policy Edition – Runs on Domain Controllers – 1 password policy per domain • Member Server Edition – runs on Member Servers – Filters local pw changes. Controlled via GPO that targets OU where servers are. – Can filter passwords for SQL users if you run SQL Server 2005 on Windows 2003.
Performance / Scalability • DLL is only 150 KB in size! • No Network API calls that leave the Domain Controller and add latency. • The PasswordFilter() routine completes in milliseconds. • Sprint tested the DLL with over 11,000 password changes per minute (dictionary not used). • Can check password against 2.5 million passwords in dictionary in less than 1 second.
DEMO • Two Policies • Dictionary Scanning
Questions and Answers
Thank you. Thank you for your time.

Recomendados

How a Windows Password Filters Works
How a Windows Password Filters WorksHow a Windows Password Filters Works
How a Windows Password Filters WorksnFront Security
 
PCI Password Policy Compliance
PCI Password Policy CompliancePCI Password Policy Compliance
PCI Password Policy CompliancenFront Security
 
Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...
Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...
Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...VMware Tanzu
 
Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar Rogue Wave Software
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactTom Eston
 
Core Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Security
 
Legal and practical concerns with open source software
Legal and practical concerns with open source softwareLegal and practical concerns with open source software
Legal and practical concerns with open source softwareRogue Wave Software
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsSam Bowne
 

Recomendados

How a Windows Password Filters Works
How a Windows Password Filters WorksHow a Windows Password Filters Works
How a Windows Password Filters WorksnFront Security
 
PCI Password Policy Compliance
PCI Password Policy CompliancePCI Password Policy Compliance
PCI Password Policy CompliancenFront Security
 
Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...
Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...
Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh S...VMware Tanzu
 
Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar Rogue Wave Software
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactTom Eston
 
Core Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Security
 
Legal and practical concerns with open source software
Legal and practical concerns with open source softwareLegal and practical concerns with open source software
Legal and practical concerns with open source softwareRogue Wave Software
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsSam Bowne
 
Windows Defense101
Windows Defense101Windows Defense101
Windows Defense101NickAlholinna
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
 
CNIT 128 8. Android Implementation Issues (Part 3)
CNIT 128 8. Android Implementation Issues (Part 3)CNIT 128 8. Android Implementation Issues (Part 3)
CNIT 128 8. Android Implementation Issues (Part 3)Sam Bowne
 
Software compliance
Software complianceSoftware compliance
Software complianceS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Be Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingBe Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingAmit Shirolkar
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database ServerFahri Firdausillah
 
PCI 3.0 and penetration testing
PCI 3.0 and penetration testingPCI 3.0 and penetration testing
PCI 3.0 and penetration testingMarcus Dempsey
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primeramiable_indian
 
Magento Security and Us
Magento Security and UsMagento Security and Us
Magento Security and UsLee Saferite
 
CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)Sam Bowne
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Nagaraju Repala
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge frameworkOWASP
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 
Earth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitEarth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitSelassie Networks
 
Earth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitEarth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitRasjomanny Puntorg
 
How to Create Cohesive Teams
How to Create Cohesive TeamsHow to Create Cohesive Teams
How to Create Cohesive TeamsBizSmart Select
 
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
"Redes y estructuras transversales" en el II Encuentro de Cultura y CiudadaníaEsteban Romero Frías
 
As Mãos do avô
As Mãos do avôAs Mãos do avô
As Mãos do avôguest1b6e91
 
arts / architecture / cadre juridique
arts / architecture / cadre juridiquearts / architecture / cadre juridique
arts / architecture / cadre juridiqueChristiaan Weiler
 
Magento 2 Módulo Low Stock Notifier
Magento 2 Módulo Low Stock NotifierMagento 2 Módulo Low Stock Notifier
Magento 2 Módulo Low Stock Notifiergalan83
 
Ten years of the UK web archive: what have we saved?
Ten years of the UK web archive: what have we saved?Ten years of the UK web archive: what have we saved?
Ten years of the UK web archive: what have we saved?Andy Jackson
 

Más contenido relacionado

La actualidad más candente

Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
 
CNIT 128 8. Android Implementation Issues (Part 3)
CNIT 128 8. Android Implementation Issues (Part 3)CNIT 128 8. Android Implementation Issues (Part 3)
CNIT 128 8. Android Implementation Issues (Part 3)Sam Bowne
 
Be Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingBe Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingAmit Shirolkar
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
PCI 3.0 and penetration testing
PCI 3.0 and penetration testingPCI 3.0 and penetration testing
PCI 3.0 and penetration testingMarcus Dempsey
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primeramiable_indian
 
Magento Security and Us
Magento Security and UsMagento Security and Us
Magento Security and UsLee Saferite
 
CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)Sam Bowne
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Nagaraju Repala
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge frameworkOWASP
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 

La actualidad más candente (14)

Windows Defense101
Windows Defense101Windows Defense101
Windows Defense101
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
 
CNIT 128 8. Android Implementation Issues (Part 3)
CNIT 128 8. Android Implementation Issues (Part 3)CNIT 128 8. Android Implementation Issues (Part 3)
CNIT 128 8. Android Implementation Issues (Part 3)
 
Software compliance
Software complianceSoftware compliance
Software compliance
 
Be Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingBe Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability Testing
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database Server
 
PCI 3.0 and penetration testing
PCI 3.0 and penetration testingPCI 3.0 and penetration testing
PCI 3.0 and penetration testing
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primer
 
Magento Security and Us
Magento Security and UsMagento Security and Us
Magento Security and Us
 
CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden Threat
 

Destacado

Earth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitEarth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitSelassie Networks
 
Earth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitEarth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitRasjomanny Puntorg
 
How to Create Cohesive Teams
How to Create Cohesive TeamsHow to Create Cohesive Teams
How to Create Cohesive TeamsBizSmart Select
 
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
"Redes y estructuras transversales" en el II Encuentro de Cultura y CiudadaníaEsteban Romero Frías
 
As Mãos do avô
As Mãos do avôAs Mãos do avô
As Mãos do avôguest1b6e91
 
arts / architecture / cadre juridique
arts / architecture / cadre juridiquearts / architecture / cadre juridique
arts / architecture / cadre juridiqueChristiaan Weiler
 
Magento 2 Módulo Low Stock Notifier
Magento 2 Módulo Low Stock NotifierMagento 2 Módulo Low Stock Notifier
Magento 2 Módulo Low Stock Notifiergalan83
 
Ten years of the UK web archive: what have we saved?
Ten years of the UK web archive: what have we saved?Ten years of the UK web archive: what have we saved?
Ten years of the UK web archive: what have we saved?Andy Jackson
 
English ppt on vikram seth's poem
English ppt on vikram seth's poemEnglish ppt on vikram seth's poem
English ppt on vikram seth's poemAnish Mishra
 
Get Exposure By Giving Exposure
Get Exposure By Giving ExposureGet Exposure By Giving Exposure
Get Exposure By Giving ExposureClayton Carroll
 
Comment développer votre B2B grâce au web ?
Comment développer votre B2B grâce au web ?Comment développer votre B2B grâce au web ?
Comment développer votre B2B grâce au web ?Silex
 
ITALIANI VOTATE!
ITALIANI VOTATE!ITALIANI VOTATE!
ITALIANI VOTATE!telosaes
 
arts / architecture / cadre technique
arts / architecture / cadre techniquearts / architecture / cadre technique
arts / architecture / cadre techniqueChristiaan Weiler
 

Destacado (14)

Earth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitEarth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In Toolkit
 
Earth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In ToolkitEarth Day - 2017 - Environmental Teach-In Toolkit
Earth Day - 2017 - Environmental Teach-In Toolkit
 
How to Create Cohesive Teams
How to Create Cohesive TeamsHow to Create Cohesive Teams
How to Create Cohesive Teams
 
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
"Redes y estructuras transversales" en el II Encuentro de Cultura y Ciudadanía
 
As Mãos do avô
As Mãos do avôAs Mãos do avô
As Mãos do avô
 
arts / architecture / cadre juridique
arts / architecture / cadre juridiquearts / architecture / cadre juridique
arts / architecture / cadre juridique
 
Magento 2 Módulo Low Stock Notifier
Magento 2 Módulo Low Stock NotifierMagento 2 Módulo Low Stock Notifier
Magento 2 Módulo Low Stock Notifier
 
Ten years of the UK web archive: what have we saved?
Ten years of the UK web archive: what have we saved?Ten years of the UK web archive: what have we saved?
Ten years of the UK web archive: what have we saved?
 
English ppt on vikram seth's poem
English ppt on vikram seth's poemEnglish ppt on vikram seth's poem
English ppt on vikram seth's poem
 
Get Exposure By Giving Exposure
Get Exposure By Giving ExposureGet Exposure By Giving Exposure
Get Exposure By Giving Exposure
 
Comment développer votre B2B grâce au web ?
Comment développer votre B2B grâce au web ?Comment développer votre B2B grâce au web ?
Comment développer votre B2B grâce au web ?
 
ITALIANI VOTATE!
ITALIANI VOTATE!ITALIANI VOTATE!
ITALIANI VOTATE!
 
Blogging for business
Blogging for businessBlogging for business
Blogging for business
 
arts / architecture / cadre technique
arts / architecture / cadre techniquearts / architecture / cadre technique
arts / architecture / cadre technique
 

Similar a nFront Password Filter Overview

The Windows Password Policy is Not Enough
The Windows Password Policy is Not EnoughThe Windows Password Policy is Not Enough
The Windows Password Policy is Not EnoughnFront Security
 
5 Effective M365 IT Pro Habits
5 Effective M365 IT Pro Habits5 Effective M365 IT Pro Habits
5 Effective M365 IT Pro HabitsAllison Schoner
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Teemu Tiainen
 
Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...Andrejs Prokopjevs
 
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)Nexcess.net LLC
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
Federated access management
Federated access managementFederated access management
Federated access managementMark Cairney
 
Puppet Camp London Fall 2014: Keynote
Puppet Camp London Fall 2014: KeynotePuppet Camp London Fall 2014: Keynote
Puppet Camp London Fall 2014: KeynotePuppet
 
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck HubFLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck HubBlack Duck by Synopsys
 
Kaseya Connect 2013: Templates and Policy: The Next Steps
Kaseya Connect 2013: Templates and Policy: The Next StepsKaseya Connect 2013: Templates and Policy: The Next Steps
Kaseya Connect 2013: Templates and Policy: The Next StepsKaseya
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Lumberjack: Finit's Oracle EPM - Hyperion System Monitoring Tool
Lumberjack: Finit's Oracle EPM - Hyperion System Monitoring ToolLumberjack: Finit's Oracle EPM - Hyperion System Monitoring Tool
Lumberjack: Finit's Oracle EPM - Hyperion System Monitoring Toolfinitsolutions
 
Back from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerBack from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerTeamstudio
 
Answer each question1-Describe reasons for using each of the two.docx
Answer each question1-Describe reasons for using each of the two.docxAnswer each question1-Describe reasons for using each of the two.docx
Answer each question1-Describe reasons for using each of the two.docxjustine1simpson78276
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposalDale White
 
Steve Jones - Team-based Version Control
Steve Jones - Team-based Version ControlSteve Jones - Team-based Version Control
Steve Jones - Team-based Version ControlRed Gate Software
 
Inside Solr 5 - Bangalore Solr/Lucene Meetup
Inside Solr 5 - Bangalore Solr/Lucene MeetupInside Solr 5 - Bangalore Solr/Lucene Meetup
Inside Solr 5 - Bangalore Solr/Lucene MeetupShalin Shekhar Mangar
 

Similar a nFront Password Filter Overview (20)

The Windows Password Policy is Not Enough
The Windows Password Policy is Not EnoughThe Windows Password Policy is Not Enough
The Windows Password Policy is Not Enough
 
5 Effective M365 IT Pro Habits
5 Effective M365 IT Pro Habits5 Effective M365 IT Pro Habits
5 Effective M365 IT Pro Habits
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
 
Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...
 
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
 
Federated access management
Federated access managementFederated access management
Federated access management
 
Puppet Camp London Fall 2014: Keynote
Puppet Camp London Fall 2014: KeynotePuppet Camp London Fall 2014: Keynote
Puppet Camp London Fall 2014: Keynote
 
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck HubFLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
 
Kaseya Connect 2013: Templates and Policy: The Next Steps
Kaseya Connect 2013: Templates and Policy: The Next StepsKaseya Connect 2013: Templates and Policy: The Next Steps
Kaseya Connect 2013: Templates and Policy: The Next Steps
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Firewall best-practices-firewall-analyzer
Firewall best-practices-firewall-analyzerFirewall best-practices-firewall-analyzer
Firewall best-practices-firewall-analyzer
 
Lumberjack: Finit's Oracle EPM - Hyperion System Monitoring Tool
Lumberjack: Finit's Oracle EPM - Hyperion System Monitoring ToolLumberjack: Finit's Oracle EPM - Hyperion System Monitoring Tool
Lumberjack: Finit's Oracle EPM - Hyperion System Monitoring Tool
 
Back from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerBack from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good Server
 
#1
#1#1
#1
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0
 
Answer each question1-Describe reasons for using each of the two.docx
Answer each question1-Describe reasons for using each of the two.docxAnswer each question1-Describe reasons for using each of the two.docx
Answer each question1-Describe reasons for using each of the two.docx
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposal
 
Steve Jones - Team-based Version Control
Steve Jones - Team-based Version ControlSteve Jones - Team-based Version Control
Steve Jones - Team-based Version Control
 
Inside Solr 5 - Bangalore Solr/Lucene Meetup
Inside Solr 5 - Bangalore Solr/Lucene MeetupInside Solr 5 - Bangalore Solr/Lucene Meetup
Inside Solr 5 - Bangalore Solr/Lucene Meetup
 

Último

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Último (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

nFront Password Filter Overview

  • 2. Agenda  Why filter passwords?  What is nFront Password Filter  Configuration  Q & A
  • 3. Why Prevent Weak Passwords? • Weak passwords are still on the SANS/FBI top 20 yearly list of top vulnerabilities. • Over 40% of people use passwords that contain the name of a spouse, child or pet. • Password compromise leads to data theft and not just denial of service. • Security Audits / Compliance.
  • 4. Windows Password Policy • The above policy allows passwords like: aaaaa myusername qwerty january mydogsname 123456 Conclusion: The Windows Password Policy is not enough!
  • 5. Compliance • Sarbanes-Oxley section 404 • Payment Card Industry (PCI) • HIPPA • IRS 1075 Guidelines
  • 6. nFront Password Filter  Allows multiple granular password policies in the same Windows domain.  Runs on all domain controllers.  Tightly integrated with Windows OS.  Cannot be bypassed.  Easy to install and configure.
  • 7. Password Change Overview 1. User submits password change. All password changes go to a Domain Controller. 2. LSA calls nFront Password Filter. NPF consults password policy. 3. nFront Password Filter may check dictionary. 4. nFront Password Filter tells LSA if password is acceptable. Password change accepted or rejected.
  • 9. NPF Group Policy These settings are pushed to registry of all domain controllers and tell the filter the policy rules.
  • 10. NPF Configuration • MPE has a Default Policy plus 5 others. • Each policy has many granular settings that cover not only character types but also rules like rejecting passwords with vowels, etc. • Each policy is linked to one or more security groups.
  • 11. DEMO - configuration • Create GPO • Configure GPO for one policy
  • 12. Versions • Multipolicy Edition – Runs on Domain Controllers – Up to 6 password policies in 1 domain • Single Policy Edition – Runs on Domain Controllers – 1 password policy per domain • Member Server Edition – runs on Member Servers – Filters local pw changes. Controlled via GPO that targets OU where servers are. – Can filter passwords for SQL users if you run SQL Server 2005 on Windows 2003.
  • 13. Performance / Scalability • DLL is only 150 KB in size! • No Network API calls that leave the Domain Controller and add latency. • The PasswordFilter() routine completes in milliseconds. • Sprint tested the DLL with over 11,000 password changes per minute (dictionary not used). • Can check password against 2.5 million passwords in dictionary in less than 1 second.
  • 14. DEMO • Two Policies • Dictionary Scanning
  • 16. Thank you. Thank you for your time.

Notas del editor

  1. SOX suggests the disallowance of weak passwords. PCI affects companies that accept credit cards. PCI explicity states that passwords must contain a numeric character. HIPPA affects healthcare companies and suggests the use of strong passwords and measures to protect people’s healthcare data. The IRS 1075 Guidelines contains 18 password management guidelines and is very descriptive of what is required in passwords.