Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,360 --> 00:00:07,440
In our next section we will talk about password policies elements and passwords.
2
00:00:07,460 --> 00:00:08,680
Elton Matthews
3
00:00:11,160 --> 00:00:19,800
so most systems in an enterprise network use some form of authentication to grant or deny user access
4
00:00:20,370 --> 00:00:27,990
when users access a system a user name and password are usually invoked as you know at the most of the
5
00:00:27,990 --> 00:00:35,730
time it is like that and it might be fairly easy to guess someone's user name based on that person's
6
00:00:35,760 --> 00:00:36,730
real name.
7
00:00:37,170 --> 00:00:46,680
If the user's password is set to some default value or to a word or text text string that is easy to
8
00:00:46,710 --> 00:00:52,220
guess an attacker might easily gain access to the system too.
9
00:00:52,320 --> 00:01:00,870
So guys think like an attacker for a moment and see if you can make some guesses about passwords you
10
00:01:00,870 --> 00:01:05,310
might try if you want to log in to a random system.
11
00:01:05,490 --> 00:01:14,540
Perhaps you told totes of passports like Password password 1 3 1 2 3 4 5 6 and so on right.
12
00:01:14,970 --> 00:01:23,940
And perhaps you could try a username as admin and password like admin an attacker can launch an online
13
00:01:24,000 --> 00:01:27,300
attack by actually entering each password.
14
00:01:27,360 --> 00:01:31,620
Yes as the system prompts for user credentials.
15
00:01:31,620 --> 00:01:39,960
In contrast to an offline attack occured when the attacker is able to retrieve the encrypted or hashed
16
00:01:39,960 --> 00:01:50,370
passwords ahead of time then goes off line to an external computer and uses software there to repeatedly
17
00:01:50,370 --> 00:01:53,790
attempt to recover the actual password.
18
00:01:53,790 --> 00:02:02,740
So attackers can also use software to perform dictionary attacks to discover a user's password.
19
00:02:02,940 --> 00:02:12,120
The software will automatically attempt to log in with passwords taking from a dictionary or worthless.
20
00:02:12,120 --> 00:02:20,880
In this meta guys and it's might be a I'm sorry it's mine I have to go through thousands or millions
21
00:02:20,880 --> 00:02:25,130
of attempts before discovering the real password.
22
00:02:25,140 --> 00:02:33,990
In addition the software can perform a brute force attack by trying every possible combination of letter
23
00:02:34,050 --> 00:02:43,290
number and symbols strings and brute force brute force attacks Rick are really very power powerful computing
24
00:02:43,290 --> 00:02:52,830
resources and a large amount of time and to mitigate password attacks an enterprise should implement
25
00:02:52,880 --> 00:02:56,600
a password policies for all users guys.
26
00:02:56,730 --> 00:03:04,590
Such a policy might include guidelines that require a long password string made up of a combination
27
00:03:04,590 --> 00:03:11,220
of upper and lower case characters along with numbers and some special characters.
28
00:03:11,220 --> 00:03:20,760
Maybe the goal is to require all passwords to be complex strings that are difficult to guess or reveal
29
00:03:20,760 --> 00:03:24,290
by a password attack as well.
30
00:03:24,300 --> 00:03:32,790
Password management should require all passwords to be changed periodically so that even length the
31
00:03:32,940 --> 00:03:39,300
brute force attacks would not be able to recover a password before it is changed again.
32
00:03:41,070 --> 00:03:42,390
And yes.
33
00:03:42,750 --> 00:03:51,180
Passports have some vulnerabilities sometimes and for critical systems enterprises mostly consider to
34
00:03:51,180 --> 00:04:00,450
use passwords alternatives and they are multi factor authentication physical access control certificates
35
00:04:00,480 --> 00:04:01,820
and their biometrics.
36
00:04:01,830 --> 00:04:06,710
And let's take a look to these alternatives and learn about them.
37
00:04:09,040 --> 00:04:17,230
As simple passwords passwords string in the single factor that a user must enter to be authenticated
38
00:04:18,010 --> 00:04:26,440
because a password should be remembered and not written down to anywhere you might think of your password
39
00:04:26,530 --> 00:04:32,290
as something you know hopefully nobody else knows this too.
40
00:04:32,410 --> 00:04:40,620
Otherwise they could use it to impersonate when you authenticating right multi factor authentication.
41
00:04:40,960 --> 00:04:49,990
Which is also known as MFA is an authentication method in which a computer user is granted access only
42
00:04:49,990 --> 00:05:00,110
after successfully persisting two or more pieces or of evidence or factors to an authentication mechanism.
43
00:05:00,190 --> 00:05:10,090
No Lich and something the user and only the user knows that means and possession something the user
44
00:05:10,120 --> 00:05:22,120
and the only the user has and inherits something the user and the only the user s and two factor authentication
45
00:05:22,120 --> 00:05:30,700
for example also known as to FAA is at type or subset of multi factor authentication.
46
00:05:30,700 --> 00:05:38,380
It is a method of confirming users claimed identities by using a combination of two different factors
47
00:05:38,980 --> 00:05:51,010
one something they know 2 something they have or 3 something they are a good example of two factor authentication
48
00:05:51,340 --> 00:05:56,350
is the throwing of money for and 18 for example.
49
00:05:56,350 --> 00:05:58,680
All of us do this right.
50
00:05:59,290 --> 00:06:07,510
Then only the correct combination of a bank card and PIN number allows the transaction to be carried
51
00:06:07,510 --> 00:06:08,570
out.
52
00:06:08,590 --> 00:06:17,380
Two other examples are supplement a user controlled password with a one time password to a OTP or code
53
00:06:17,410 --> 00:06:20,770
generated or received by an authenticator.
54
00:06:20,770 --> 00:06:31,710
For example like it may be a security token or a smartphone that only the user possesses let's go ahead
55
00:06:31,710 --> 00:06:40,050
with the digital certificates at digital certificate can serve as one alternative factor because it
56
00:06:40,050 --> 00:06:50,790
serves as a trusted form of identification and adherence to a standardized format and contains encrypted
57
00:06:50,850 --> 00:06:52,520
information guys.
58
00:06:52,590 --> 00:07:03,330
If an enterprise support certificate to use then a user must request and be granted a unique certificate
59
00:07:03,390 --> 00:07:13,680
to use for specific purposes for example certificates used for authenticating users must be approved
60
00:07:13,680 --> 00:07:17,570
for authentication in order to be trusted.
61
00:07:17,580 --> 00:07:27,600
Certificates must be granted to and digitally signed by a trusted certificate authority known as S.A..
62
00:07:27,840 --> 00:07:36,810
As long as these services used by these sent enterprise gnome and the trust to see a then individual
63
00:07:36,810 --> 00:07:41,330
certificate signed by that S.A. can be trusted as well.
64
00:07:44,110 --> 00:07:53,590
Biometric credentials are another password alternative can be used and biometric credentials carry this
65
00:07:53,600 --> 00:08:00,190
scheme even further by providing a factor that represents something you are.
66
00:08:01,090 --> 00:08:10,800
The idea is to use some physical attribute from a user's body to uniquely identify that person physical
67
00:08:10,830 --> 00:08:20,040
attributes are usually unique to each individual's body structure and cannot be easily stolen or duplicate
68
00:08:20,040 --> 00:08:29,700
that right and for example a user's fingerprint can be scanned and used as an authentication factor.
69
00:08:29,700 --> 00:08:41,070
Other examples include face recognition palm prints and voice recognition iris recognition and retinal
70
00:08:41,070 --> 00:08:42,660
scans.
71
00:08:42,660 --> 00:08:51,960
As you might expect some methods can be trusted more than others and sometimes facial recognition systems
72
00:08:51,960 --> 00:09:00,300
can be fooled when presented with photographs or masks of trusted individuals.
73
00:09:00,480 --> 00:09:08,940
Injuries and the aging process can also alter biometric patterns such as fingerprints facial shapes
74
00:09:08,970 --> 00:09:14,970
and iris patterns to help mitigate potential weaknesses.
75
00:09:14,970 --> 00:09:22,280
Multiple biometric credentials can be collected and used to authenticate so users as well.
8907
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.