Lesson 3: Authentication

The malware used in the Sony breach had a hard-coded password that granted access to all Sony systems. In this video, Mike Chapple explains how strong authentication practices would limit the impact of a similar breach in the future.

- [Instructor] The final lesson that we can draw…from the Sony breach is a common one…from security incidents.…Implement strong authentication.…The malware used in the Sony attack…was extremely successful because it contained…a hard-coded password that was used to make…SMB connections between systems on the Sony network.…We don't know how the attackers obtained this password,…but it served as the skeleton key…that allowed them to quickly infiltrate…the entire Sony network.…

They might've obtained it through a preliminary attack,…through social engineering,…or with inside information.…But the way that they obtained it…doesn't really matter.…What does matter is that we understand…the importance of implementing…strong authentication systems.…The first way that we can strengthen…our authentication systems against this type of attack…is by implementing multifactor authentication.…We've talked about multifactor authentication before.…And you can learn more about it…by watching the state-sponsored university breach episode…

Resume Transcript Auto-Scroll

Author

Mike Chapple

Skill Level Intermediate

3h 5m

Duration

42,074

Views

Show More Show Less

Related Courses

Introduction
- Inside the breach
  58s
The 2017 Equifax Breach
- The Equifax breach
  2m 41s
- Inside the Equifax breach
  3m 22s
- Lesson 1: Patch and vulnerability management
  4m 33s
- Lesson 2: Move quickly!
  2m 36s
- Lesson 3: Implement an incident response plan
  5m 15s
- Aftermath of the Equifax breach
  2m 26s
The 2013 Target Breach
- The Target breach
  2m 43s
- Inside the Target breach
  4m 55s
- Lesson 1: Vendor management
  4m 21s
- Lesson 2: Network segmentation
  3m 19s
- Lesson 3: Log monitoring
  5m 6s
- Aftermath of the Target breach
  1m 46s
The 2006 VA Laptop Theft
- The Veterans Affairs (VA) breach
  3m 8s
- Inside the VA breach
  5m 42s
- Lesson 1: Standardize incident escalation and notification
  3m 13s
- Lesson 2: Encryption is essential
  4m 51s
- Lesson 3: Security policy
  4m 42s
- Aftermath of the VA breach
  2m 45s
The 2018 Atlanta Ransomware Breach
- The Atlanta ransomware breach
  2m 19s
- Inside the Atlanta ransomware breach
  3m 6s
- Lesson 1: Perform regular backups
  2m 51s
- Lesson 2: Consider ransom demands
  2m 53s
- Lesson 3: Maintain malware prevention
  4m 8s
- Aftermath of the Atlanta ransomware breach
  2m 31s
The 2005 TJX Breach
- The TJX breach
  2m 8s
- Inside the TJX breach
  4m 3s
- Lesson 1: Control physical access
  3m 24s
- Lesson 2: Secure wireless networks
  2m 46s
- Lesson 3: Limit data retention
  5m 51s
- Aftermath of the TJX breach
  2m 27s
The 2013 Bowman Dam Breach
- The Bowman Dam breach
  3m 12s
- Inside the Bowman Dam breach
  5m 51s
- Lesson 1: Secure the Internet of Things
  2m 44s
- Lesson 2: Segment SCADA networks
  2m 36s
- Lesson 3: Control removable media
  4m 23s
- Aftermath of the Bowman Dam breach
  2m 9s
The State-Sponsored University Breach
- The state-sponsored university breach
  4m 22s
- Inside the state-sponsored university breach
  2m 35s
- Lesson 1: Multifactor authentication
  3m 51s
- Lesson 2: Understand advanced persistent threats
  1m 32s
- Lesson 3: Social engineering
  6m 19s
- After the state-sponsored university breach
  2m 4s
The Maersk Breach
- The Maersk breach
  2m 43s
- Inside the Maersk breach
  3m 37s
- Lesson 1: Protect admin accounts
  3m 32s
- Lesson 2: Apply patches promptly
  3m 40s
- Lesson 3: Test backups
  4m 8s
- After the Maersk breach
  2m 38s
The Sony Breach
- The Sony breach
  3m 24s
- Inside the Sony breach
  2m 42s
- Lesson 1: Defense in depth
  2m 11s
- Lesson 2: Offense is risky
  2m 23s
- Lesson 3: Authentication
  2m 13s
- After the Sony breach
  3m 24s

Show MoreShow Less

Take notes with your new membership!

Type in the entry box, then click Enter to save your note.

1:30Press on any video thumbnail to jump immediately to the timecode shown.

Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.

Start My Free Month

Skills covered in this course

Security IT

Lynda.com is now LinkedIn Learning!

To access Lynda.com courses again, please join LinkedIn Learning

How does my subscription work?

Can I use a different payment method?

Categories

3D + Animation Topics

3D + Animation Software

3D + Animation Learning Paths

Audio + Music Topics

Audio + Music Software

Audio + Music Learning Paths

Business Topics

Business Software

Business Learning Paths

Business Guides

CAD Topics

CAD Software

CAD Learning Paths

Design Topics

Design Software

Design Learning Paths

Developer Topics

Developer Software

Developer Learning Paths

Education + Elearning Topics

Education + Elearning Software

Education + Elearning Learning Paths

IT Topics

IT Software

IT Learning Paths

Marketing Topics

Marketing Software

Marketing Learning Paths

Photography Topics

Photography Software

Photography Learning Paths

Video Topics

Video Software

Video Learning Paths

Web Topics

Web Software

Web Learning Paths

Web Guides

Lesson 3: Authentication

Author

Skill Level Intermediate

Duration

Views

Related Courses

IT Security Careers and Certifications: First Steps

Insights from a Cybersecurity Professional

IT Security: Key Policies and Resources

Introduction

The 2017 Equifax Breach

The 2013 Target Breach

The 2006 VA Laptop Theft

The 2018 Atlanta Ransomware Breach

The 2005 TJX Breach

The 2013 Bowman Dam Breach

The State-Sponsored University Breach

The Maersk Breach

The Sony Breach

Take notes with your new membership!

Skills covered in this course

Continue Assessment

Start My Free Month