Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
CYBERSECURITY:ESSENTIALSDanielMedina—[email protected]
BillDorney—[email protected]
INTERMISSION
[5-minutebreak]
RECAP
Lotsoflaws,regula?ons,andmore
ADMINISTRATION
Havetotalkabout
finalprojectsmake-upclass
ACCESSCONTROLS
I+AAA
Iden?fica?onAuthen?ca?onAuthoriza?onAccoun?ng
ASIDE:NYUID
NYUPolicyonPIN
Whatisthisdata?
CODABARbarcode
HIDCard
AUTHENTICATION
Proveyouare$idPasswords
Biometrics(manykinds)TOTP/rota?ngtoken
Cer?ficates(w/passphrase)
UGH,PASSWORDS
NEWGUIDANCECOMING
SP800-63-3 NISTDigitalIden?tyGuidelines
Sophos:NIST’snewpasswordrules
ASIDE:LANMANBruteForceSearchofaDESKeyspace:
Defea?ngLMHashes
ASIDE:LANMAN
“compromised”
sinceabout1997
disabledbydefaultin2008
KERBEROS
WindowsAc?veDirectory
KERBEROS
ATAPlaybook
Realworlda1acksusingmimikatzandothersfor
creden?althejandforgery
OATH-TOTP
RFC6238:Time-BasedOne-TimePasswordAlgorithm
Roughly:H(secrettoken⊕?mestamp)
OATH-TOTP
RSASECURID
PIN+ProprietaryTOTP(Somethingyouknow+Somethingyouhave)FailedLoginCounter,ClockDrijAdjustment,otherfeatures
2011RSATokenSeedCompromiseh1p://arstechnica.com/security/2011/06/rsa-finally-comes-clean-securid-is-compromised/
FIDO
h1p://fidoalliance.org
Supplementoreliminatepasswords
public/privatekeypairregisterpublickey
use“localverifica?on”useprivatekeytosignchallengeusepublickeytoverifychallenge
FIDOINACTION
WHATAREYOURSECURITYSETTINGS?
h1ps://security.google.com/selngs/security/secureaccount
INTERMISSION
[5-minutebreak]
AUTHORIZATION
Whatcan$iddo?a.k.a,
Permissions,Roles,ACLsEn?tlement,Access
AUTHORIZATION
GoogleDrivefile-sharingexample
Getshardat“enterprisescale”
AUTHORIZATION
ACCOUNTING
Whatdid$iddo?When?Where?
Gulp:UnifiedLoggingAc?vitymonitoring
ATTACKING
Iden?fica?onAuthen?ca?onAuthoriza?onAccoun?ng
ATTACKING
Brute-forceDic?onaries
RainbowTablesManInTheMiddle(MITM)
OfflinevsOnline,Ac?vevsPassive
CRACKERS
JohntheRipper,h1p://www.openwall.com/john
#c/s="combinationspersecond"$run/johncryptedLoaded6passwordhasheswith5differentsalts(DES)test(test)daniel2(medinad)medina1(medina)password(utility)guesses:4time:0:00:02:02(3)c/s:1355Ktrying:dmorai7-dmokOUM
ForWindows:h1p://ophcrack.sourceforge.net/
WEBSECURITY
CookiesandTLS
COOKIES
Sessioniden?fier
“Thisclientisalreadyloggedon”
Stateacrossstatelessrequests
ASIDE:ENTERPRISESSO
SAML/Shibboleth(NYUuses)OpenIDConnect
OAuth2(Google,Facebook,etc.)
SAML2.0
COOKIES
Let’sgetsomecookies
“CopyascURL”