Category Archives: Password

A few posts that are related to passwords, e.g., password generation, key safe, entropy of passphrases, etc.

Intro to NetworkMiner

This is a guest blogpost by Erik Hjelmvik, an expert in network forensics and network security monitoring at NETRESEC.

Wireshark is the default goto tool for analyzing captured network traffic for most network engineers. But there are a few other free and open source alternatives that are sometimes overlooked, one of which is NetworkMiner (disclaimer: I’m the creator of NetworkMiner).

Continue reading Intro to NetworkMiner

File Blocking Shootout – Palo Alto vs. Fortinet

We needed to configure the Internet-facing firewall for a customer to block encrypted files such as protected PDF, ZIP, or Microsoft Office documents. We tested it with two next-generation firewalls, namely Fortinet FortiGate and Palo Alto Networks. The experiences were quite different…

TL;DR: While Fortinet is able to block encrypted files, Palo Alto fails since it does not identify encrypted office documents! [UPDATE: Palo Alto has fixed the main problem, see notes below.]

Continue reading File Blocking Shootout – Palo Alto vs. Fortinet

FortiGate 2-Factor Authentication via SMS

Two-factor authentication is quite common these days. That’s good. Many service providers offer a second authentication before entering their systems. Beside hardware tokens or code generator apps, the traditional SMS on a mobile phone can be used for the second factor.

The FortiGate firewalls from Fortinet have the SMS option built-in. No feature license is required for that. Great. The only thing needed is an email-to-SMS provider for sending the text messages. The configuration process on the FortiGate is quite simple, however, both the GUI as well as the CLI are needed for that job. (Oh Fortinet, why aren’t you improving your GUI?)

Here is a step-by-step configuration tutorial for the two-factor authentication via SMS from a FortiGate firewall. My test case was the web-based SSL VPN portal.

Continue reading FortiGate 2-Factor Authentication via SMS

Password Policies – Appropriate Security Techniques

How are passwords stolen? What are common password flaws? What are the security techniques to enhance the security of passwords respectively the security of the login-services? What authentication methods provide long-term security? How often should a password be changed? Which methods achieve good security while not being too complicated to be used by end-users?

This blog post discusses several methods of how passwords are stolen and provides approaches of how login-services can be secured.

Continue reading Password Policies – Appropriate Security Techniques

Sichere Passwörter erzeugen & merken

Wie dem auch sei: Wir kommen nicht um die Benutzung von Passwörtern herum und es ist nach wie vor wichtig, sichere (= komplexe) Passwörter zu verwenden. Dabei ist es vor allem schwierig, einen Mittelweg aus *sehr schwierigem Passwort* und *trotzdem merkbar* zu finden. Ich möchte hier eine Methode erläutern, bei der man sich ein komplexes Passwort so erzeugt, dass es sich durch eine Eselsbrücke einfach merken lässt.
Continue reading Sichere Passwörter erzeugen & merken

Password Strength/Entropy: Characters vs. Words

This is a mathematical post which is related to the xkcd 936 comic about password strength. The central question is: What is better for passwords? A password containing a few random characters or a passphrase containing a (less) few random words? Here comes a mathematical discussion.

Continue reading Password Strength/Entropy: Characters vs. Words

Password Generator Options for KeePass

This is a short post in which I show the options I am using when generating random passwords with the Password Generator that ships with the password safe KeePass. The character set should be as big as possible while not containing letters that could confuse the end-user. Of course, all upper- & lower-case alphabetic characters as well as the digits are included. For all other symbols, I chose those which are inside the ASCII table as well as writeable with the keyboard layouts for US and German keyboards.

Continue reading Password Generator Options for KeePass

KeePass Passwort-Speicher Einführung

Mit der häufigste Tipp, den ich meinen Freunden und Bekannten gebe, ist: Benutzt sichere Passwörter! Am besten noch verschiedene für alle Services, also Dienste/Homepages/E-Mail/etc. im Internet und Co. Und uns ist allen klar: Das macht keiner… ;) Außer man hat einen vernünftigen Passwortspeicher den man auch flexibel und von verschiedenen Orten aus benutzen kann. In einem solchen Programm kann man alle verschiedenen Passwörter eingeben und verschlüsselt in einer Datei speichern. Das heißt, man braucht zwar ein sehr gutes (= langes & komplexes) Passwort um den Passwortspeicher zu öffnen, erspart sich aber das Merken von allen anderen Passwörtern. Sprich: Man muss sich fortan nur noch ein Passwort merken und hat dann einen sicheren Zugriff auf alle möglichen anderen Passwörter. Ich empfehle den KeePass Password Safe und möchte hier eine komplette Einführung für ihn geben:

Continue reading KeePass Passwort-Speicher Einführung