Passwords and Authentication - Get Up to Speed on Attacks and Defenses

  • Tuesday, 27 Nov 2018 10:30AM EST (27 Nov 2018 15:30 UTC)
  • Speaker: Chris Dale

What about passwords and authentication? They are the very core and first line of defense for many of our solutions out there today. How should they be defended in this first line of defense? And how could it be broken?

We will look at how attackers manage to break into companies with very little efforts, leveraging gigantic databases of previous compromises, utilizing online services to create lists of usernames and launching password spraying attacks against these defenses. Very often, once the attacker has one foot inside of a system, things are just so much more insecure and vulnerable, compared to what they are on the unauthenticated side of things.

What about passwords? When asked how they should be stored I normally get the reply of \hashed and salted". Is this entirely true? Is that good enough? We'll look at how to do it. Furthermore, how does a proper hacker store their passwords? With more than 1,000 accounts online, can we practice what we preach in terms of having strong and unique passwords across all services? We will find out in this webcast.

Finally, what about defenses and detection? How can our operations detect successful attacks against our users? And how can we stay one step ahead of the attackers and effectively and securely protect our users before they are even compromised? Solutions coming now...

Hope to see you in this webcast, for some very much needed updates on how to make things right, in terms of passwords and authentication.

Chris Dale is a SANS Instructor and teaches our most popular training course, SANS SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling all throughout the EMEA region.