Password Defense: Controls your users won't hate - Nathaniel Maier Bsides Cleveland 2014 (Hacking Illustrated Series InfoSec Tutorial Videos)
Password Defense: Controls your users won't hate
Nathaniel Maier

Passwords are a necessary part of nearly every information system. From your least interesting user to the highest privileged administrator, a last line of defense to protect sensitive information is a string of characters. The solution - get rid of password? Not likely. Instead, let's make them more transparent: change passwords for users, know exactly who is using those privileged/superuser and shared/service accounts, and detect problems before they result in a data breach, impact system availability, or cause compliance violations.

This talk approaches password management from a defensive perspective. Almost every system or application will have an shared administrator account. For availability, these are incredibly useful accounts that you probably don't want to disable. Other talks will go into a lot of detail about cracking passwords, exploiting systems, insider attacks, and phishing users. Those topics are important, but aren't going away. Instead, we can implement better controls to defend these highest privileged accounts.

Nathaniel Maier is a Cyber Security Analyst at FirstEnergy Corp. He implemented and administers a password management solution for shared/service accounts and works with users to automate password changes. Nathaniel also specializes in application, device, and network security assessments and consults with management and users on security and compliance requirements.


Back to Bsides Cleveland 2014 video list



If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek