Cybersecurity - control access to your resources

on


should adhere to the policy detailed. Minimum length of 8 characters, 4 character sets, and does not allow the password to include the username. This password filter is available upon request. Passwords are a primary method used to control access to resources. Because authenticated access is seldom logged, a compromised password is a way to explore a system without causing suspicion. An attacker with a compromised password can access any resource available to that user. Poor passwords or blank passwords are still a common occurrence on many networks. Many users still use dictionary words, hybrids, names, and default passwords. Additionally passwords less than 8 characters and passwords that are the same as the username are also frequently used. These types of passwords can be cracked within minutes or even seconds using any number of publicly available password crackers.

Scan passwords monthly to identify problems with weak passwords and to determine if the password policy is being followed. Password-guessing programs identify those users having easily guessed passwords. Passwords should be changed regularly (every 30 to 90 days). Set up password aging via Account Policy for Windows systems.

Passwords for privileged accounts should be at least 14 characters long and contain at least four different types of characters. Services should be run under their own Non-privileged accounts, as opposed to using the built-in SYSTEM or Administrator accounts. These service accounts should also have strong passwords. The Guest account should be disabled. Ensure that all accounts have passwords regardless if the account is enabled or disabled.

Passwords should be 12 or more characters in length on Windows systems, Users should not transmit passwords in cleartext and users should never share their passwords nor keep written passwords in an easily- accessible place. Passwords should be difficult to guess and include uppercase. Also lowercase, special character, punctuation, extended and numeric characters. They should not include dictionary words or names.

Location: Ontario, Canada

Comments

Anonymous said…
Ziggo webmail is een e-mailomgeving dat je met ieder apparaat met internet verbinding kan bereiken. Je kunt dus met je iPhone
December 3, 2020 at 11:44 PM
Anonymous said…
kan geen mail verzenden in nieuwe vorm. ligt aan mij, maar het ‘pijltje’ uit de vorige mailvorm vind ik niet.
December 3, 2020 at 11:45 PM
Anonymous said…
This comment has been removed by a blog administrator.
December 5, 2020 at 9:48 PM
Anonymous said…
This comment has been removed by a blog administrator.
December 5, 2020 at 9:50 PM
Anonymous said…
This comment has been removed by a blog administrator.
December 5, 2020 at 9:50 PM
Post a Comment

Popular Posts

Linux Professional Institute

Tactical malware infection process Script kiddies, scammers and hacker are implementing new ways and strategic advancements on customers, businesses and the corporate world, searching for bits and bytes. The most recent technique observed by our researchers is the “hijacking” of legitimate invoices sent by companies so that the account number is changed to that of the scammers. Some cases we have seen involved scammers attacking the email server to change the details on the invoices. Others were just fake invoices emails sent without the need to hack the email server, but which were effective provided they went out before the legitimate invoices." First, the user will receive an email disguised as routine notification, most commonly an INVOICE, BILL or RECEIPT. Unfortunately this email normally includes attachments, typically JavaScript (JS) file or Office file containing malicious macros. After the user Open the email with the attachment, it then executes a PowerShell script to ...

Computer_Systems_Display_Divices

Who let the gamers out ❤, is a phase only for the elite of gaming. Whether you are PC gamer or a content creator rendering is your forte. If you live or die for speed when it comes to graphic acceleration then you might have some gamer in you. Vide cards are like essential service to gamers, because at the end of the day it’s who can lustily brag.  How can we evaluate when a video card is good 👲, we can advise you on the best video card for you PC. But, do you retain the knowledge it takes to purchase and upgrade your video card; let’s touch some trends, information can affect which card you chose. Ok, let’s spend; most consumer video cards starts around fifty dollars and can range up-to thousands of dollars. It’s easy to over or under pay as a consumer. So, first off what does GPU cards do. And how can they make or brake you.  🔎 If you are searching for a new PC system and you are not a gamer a IGP system is good for you. But, if you be a gamer IGP’s are out the door in p...

Recent_appetites_are_emeals_and_credential_stuffing_with_password_combination

Shadow companies been operating a large RDP shop online, under covers for time now. its a market selling remote desktop protocol accesses to hacked machines. The online under-ground market have gathered and selling access to about 70,000 machines already hacked.  Do not allow RDP connections over the open Internet Use Complex Passwords Use Multi-Factor Authentication Use an RDP Gateway Lock out users and block or timeout IPs that have too many failed logon attempts Use a Firewall to restrict access Enable Restricted Admin Mode Encryption Enable Network Level Authentication (NLA) Restrict users who can logon using RDP Minimize the Number of Local Administrator Accounts Ensure that Local Administrator Accounts are Unique Limit Domain Administrator Account Access Consider using an account-naming convention that does not reveal organizational information

A_more_intelligent_Internet_of_Things (IoT)

"Intel Corporation" was founded on July 18, 1968 The company's name was conceived as portmanteau of the words integrated and electronics. The fact that "intel" is the term for intelligence information also made the name appropriate. Intel was an early developer of SRAM and DRAM memory chips, which represented the majority of its business until 1981. Although Intel created the world's first commercial microprocessor chip in 1971, it was not until the success of the personal computer (PC) that this became its primary business. Today the Intel Corp. serves a wide variety of products including: Its processors, its boards and kits, its Memory & Storage, its Power Solutions and more. Intel is worth 77.5 billion dollars up-to-date, on staff they are responsible for 110,000 employees with and operating income of 22 billion dollars. Because, during the 90s, Intel invested heavily in new microprocessor designs fostering the rapid growth of the computer industry. ...

The IoT - i9 or M1 to 4K and 5G

The Intel Corporation was founded on July 18, 1968 The company's name was conceived as portmanteau of the words integrated and electronics. The fact that "intel" is the term for intelligence information also made the name appropriate. Intel was an early developer of SRAM and DRAM memory chips, which represented the majority of its business until 1981. Although Intel created the world's first commercial microprocessor chip in 1971, it was not until the success of the personal computer (PC) that this became its primary business. Today the Intel Corp. serves a wide variety of products including: Its processors, its boards and kits, its Memory & Storage, its Power Solutions and more. Intel is worth 77.5 billion dollars up-to-date, on staff they are responsible for 110,000 employees with and operating income of 22 billion dollars. Because, during the 90s, Intel invested heavily in new microprocessor designs fostering the rapid growth of the computer industry. During t...

Cybersecurity, why is it a growing profession

Cybersecurity A Global PandemicDuring pandemics it is important to consider internet security, heighten concerns, and precautions that must be taken. Protect yourself and your place of work. Because oft: malicious electronic messages, malware and scams. Hacker groups are reaping the havoc surrounding high profile events. especially the fear which is associated with the current pandemic. Hackers have implemented a number of click baits or call to action scripts with the goal to get their victim to comply with the intent to lure them to malicious links or attachment. Threats of these nature where design to by-pass security settings. Exposing personal or unauthorized information on computer system and mobile devices. Before accessing your emails, ensure there are no redundancy. Check if the address and attachment is valid. Make sure it’s from a reputable sender. Scan for mistakes. Ensure the mail is from a valid address and domain name space. Be vigilant and practice extra caution. Verif...

We-Chat_or_What'sApp

The "WhatsApp" ❤ group and "Weixin" ✌, are both technology companies who launched their App around the same time. "Weixin", a project started by the Tencent research group in China launched the app in 2011.  Then the government of china swiftly endorsed the project; allowing the App to grow to 1 billion active users.  While, WhatsApp the American freeware which released 11 years ago today was endorsed by FaceBook providing these services: Voice Over IP, text messages and voice messages. Allowing "WhatsApp" to make: voice, video calls, share images, documents, user locations, and other media.  The what’s App groups coming to an end, in other word are the investors investments secure.  The "WhatsApp" application was shutdown by Governing forces because they refused to place wiretap on accounts. Making investors unease on their investment; because, the South American government forcibly placed sanctions on the "WhatsApp" company...

The key to cyber attack countermeasures as the cloud and IoT.

On November 11, 2020, nCipher, which implements digital security measures such as encryption technology, is a public key authentication infrastructure (PKI) that is the key to cyber attack countermeasures in the development of digital applications such as the cloud and IoT (Internet of Things). ) Has been released. The report showed that the number of companies using PKI has increased rapidly worldwide in recent years, and the security trends in Japan among them. The survey was conducted on 2000 IT and IT security personnel in companies in 17 countries including France, Germany, Australia, and South Korea, in addition to Japan. The survey was conducted in January 2020. This is a time when the impact of the new coronavirus infection (COVID-19) on industry is still small. For this reason, Jiro Shindou, marketing director of Digital Security Solutions at Entrust, which owns nCipher, said about the survey results, "If you conduct the survey again in 2021 the following year, the surve...

Backdoor_Trojan_known_as_SpeakUp

A memory flaw covered by time was exposed by "hackers"; the flaw enabled the group to gain control over their target's system remotely. A remote access is a feature within the "Windows operating system". Design to allow administrators access via remote. The attackers exploited a memory corruption flaw (CVE-2017- 11882), which—in "Microsoft Office" 2007, 2010, 2013, and 2016—downloads malicious HTML applications (HTA) file with the final payload being a Remote Access Trojan. The buffer overflow defect lies in the "Microsoft" Equation Editor component in "Microsoft Office", when, exploited, the result is a remote arbitrary code execution. Details about two campaigns that exploited an older flaw in Microsoft SUIT classified under CVE-2016-7262 and CVE02017- 0199 . The campaign delivered under CVE2017-0199 was a malicious "Microsoft PowerPoint" document, which exploited the defect in the codes. The exploitation of the securi...