1. windows Security and Protection(Logon and Authentication) 2. windows密码强制安全策略 3. PAM(Pluggable Authentication Modules) 4. linux密码强制安全策略配置
1. windows Security and Protection(Logon and Authentication)
This page lists resources for logon and authentication in Windows Server 2003, which includes passwords, Kerberos, NTLM, Transport Layer Security/Secure Sockets Layer (TLS/SSL), and Digest. In addition, some protocols are combined into authentication packages, such as Negotiate and Schannel, as part of an extensible authentication architecture.
0x1: Create an extensive defense model
1. Educate your users about how to best protect their accounts from unauthorized attacks https://technet.microsoft.com/en-us/library/cc784090#BKMK_UserBP 2. Use the system key utility (Syskey) on computers throughout your network. The system key utility uses strong encryption techniques to secure account password information that is stored in the Security Accounts Manager (SAM) database. 1) The system key utility: https://technet.microsoft.com/en-us/library/cc783856 2) create or update a system key: 3. Define password policy that ensures that every user is following the password guidelines that you decide are appropriate https://technet.microsoft.com/en-us/library/cc784090#BKMK_PasswordPolicy 4. Consider whether implementing account lockout policy is appropriate for your organization. https://technet.microsoft.com/en-us/library/cc784090#BKMK_AccountLockout