Introduction
With the right amount of encrypted data, as well as time and processing power, it is possible for attackers to compromise virtually any system. It is possible to stop these attacks from being successful by making it difficult to crack the password.
Topics
There are two important strategies that can be used to achieve this, and one is to make sure users use passwords which are complex, and to require the users to change their password every so often. This can stop the attackers from having enough time to bypass the encryption code.
The next thing that you will want to become familiar with is complex passwords. Passwords are comprised of a specifc combination of both lowercase and uppercase letters, as well as numbers and symbols. At the very minimum, the passwords should be six characters for every account, and this includes the administrative accounts.
Having a solid password policy will allow you to determine whether or not the password matches the complexity specifications. It is possible to create password specifications that are more complex, but these can increase the costs to the organization.
The costs to the organization can become higher when users are obligated to pick passwords which are hard to remember. For example, the users may need to contact the help desks should they forget their passwords, and they could also write down their passwords as well, which makes them susceptible to falling in the wrong hands. When you create password policies, it is important to find a balance between strong security along with making the password easy for the users to remember.
Working with Older Operating Systems
Some older operating systems are not capable of handling passwords which are longer than 14 characters. For example, using older operating systems such as Windows 2000 can be challenging when you are trying to use passwords which are longer than 14 characters. This is quite true when you are utilizing the automated login settings for the Client Connection Manager. The reason why this will occur is because the Client Connection Manager in older versions of Windows has a 14 character limit. To get around this issue, you will need to enter the password manually that you want to use for the connection.
It is also possible to bypass this problem on older operating systems by altering the password which is used for the Client Connection Manager, and for your domain, and it will be no more than 14 characters in length. With the newer operating systems, it should be much easier to go beyond the 14 character length.
Many of these problems can be solved quite simply by adding the newest service packs for the operating systems. If your enterprise is comprised of client running forms of the OS, you will want to be sure to account for these issues once the password policy is established.
There are also a number of options you can pick for the password policy. The policy can be set where all the users are required to pick passwords which are strong. The creation of a password policy, particularly in Windows, will involve setting a number of options for the Default Domain Group Policy.
The policies, other than the settings which are connected to the lifetime of the password, will be enforced on every user within a domain. This next brings me to the subject of the password age. The password age is a setting which determines the amount of time that the passwords can be used before the user is required to alter it.
Setting the Password Age Policy
The password age is one of the best defenses when it comes to some impersonating another by using their password. It takes time for unauthorized users to crack certain passwords, and the password age will require the password to be changed before this can be accomplished.
Even if the password should become stolen, it will immediately become invalidated. The standard password age is 42 days, but many IT departments have reduced this time span down to 30 days. It is also important to make sure the password history has been enforced.
This setting is responsible for determining the amount of fresh passwords that must be connected to the user account prior to the old password being reused. It may also block new passwords that are too closely related to older passwords. This feature can stop users from bypassing the password restrictions through the reuse of the old password. While the standard value will be 1, many of the IT departments increase this to 10.
Another setting that you will want to keep in mind is the minimum password age. This setting is responsible for specifying the number of days which have to pass before the password can be changed. Setting the minimum password age will stop users from bypassing the policy for the password history.
Developing a Security Policy
Users and Administrators Role in the Security Policy
The entire network, files and security policy all depends on the ability of the user to be cautious. In a purely business use of the network, users might be able to prevent network attacks since anything that are not business related are used. However, network attacks do not only come from bad websites. Trojans, phishing techniques are not necessarily built in very bad websites. Usually they are lodged in a safe looking application or a website. The only way to prevent this is for the network developers build a security policy or protocol for their network.
The following are the specific policies that should be built by network administrators. This is just logical since they will ultimately be the ones who will be responsible if anything bad that will happen to the network. Knowledge of network protocols is required before any policies are made. They have to implement strong measures while keeping in mind the productivity of those who will be using the network.
User Policy – Network administrators should create a security policy for users to follow at all times. Among them is the password policy. Passwords in the network should not just be any name or date of birth. Network administrators should fully implement alphanumeric type of password security.
The lifespan of a password should also be implied as well as the number of times the password could be used. These could be easily written on paper but what is more important is that network administrators should implement them by installing parameters in their network. It is also important to outline specific steps for users to monitor their account against unauthorized access effectively.
System Administrator’s Network Policy – Aside from user policy additional network policy should be observed by the administrator. Since they are in-charge of the network they should be able to have more privilege but would have to monitor more users and the actual network connections. Monitoring the network connection is their primary task of administrators so their policy is usually based on controlling who can access certain types of information. Application filtering wherein they control what type of application should be able to run in most users.
Network Privileges – Network administrators does not have to let anyone use the network because it is there. Network administrators have to think about the practicality of the network. There are users who will never have the practical use of the network except for using the internal email of the company.
More access to the network increases its vulnerability. It is also additional work for administrators if they give everyone an easy access to the network. Although it is quite rare, network attacks might be unleashed from the inside. More users will also present a higher risk of being accessed from the outside.
Internet Policy – Network administrators have to think about providing internet access to different users. Most of the time, companies offer free internet access for their employees primarily for business reasons. However, they are also used for personal reasons. Network administrators should make sure that internet access is only limited to those who are authorized and certain websites should not be accessed. The reason of course is network security and the prevention of dangerous files from coming to the network, affecting different users. Network administrators might encounter a few complaints about this but this is for the company and its security.
Protocol Against Attacks
All of these security policies are very important and should be implemented at all times. In addition to the security policy that should be followed by users and network administrators it is very important for network developers to create additional policy for everyone to consider whenever they find something suspicious.
Of course the usually reaction for users is to contact the network administrator about the problem. The network administrators on the other hand should create the specific protocol on how they would address specific problem. As much as possible the security protocol should be based depending on the attack.
The security policy will always be just a piece of paper, an e-mail or a memo. As previously indicated, network security is based on the people and it is up to the users if the network will ultimately be secured or not. On the other hand network administrators should be ready for any attack. This could be easily done as long as they have outlined the preventive measures for each type of attack as well as the protocols as to how the problems will be addressed. Through the cooperation of the users and the network administrators, these policies could be easily implemented and the network will always be secured. The company’s interest, employees’ productivity and client’s safety will always be there as long as these policies are observed up to the last letter.
