CN112257057A - Method for strengthening password in windows domain based on reducible encryption mechanism - Google Patents

Method for strengthening password in windows domain based on reducible encryption mechanism Download PDF

Info

Publication number
CN112257057A
CN112257057A CN202011134173.4A CN202011134173A CN112257057A CN 112257057 A CN112257057 A CN 112257057A CN 202011134173 A CN202011134173 A CN 202011134173A CN 112257057 A CN112257057 A CN 112257057A
Authority
CN
China
Prior art keywords
password
plaintext
domain
weak
rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011134173.4A
Other languages
Chinese (zh)
Inventor
吴建亮
胡鹏
吴岸宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Jeeseen Network Technologies Co Ltd
Original Assignee
Guangzhou Jeeseen Network Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Jeeseen Network Technologies Co Ltd filed Critical Guangzhou Jeeseen Network Technologies Co Ltd
Priority to CN202011134173.4A priority Critical patent/CN112257057A/en
Publication of CN112257057A publication Critical patent/CN112257057A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords

Abstract

A method for strengthening password in windows domain based on a reducible encryption mechanism comprises the following steps: s1: setting a reducible encryption storage mechanism in the windows domain control server; s2: setting a password rule table in a windows domain, wherein the password rule table is a password set which is not allowed to be set by a user; s3: the method comprises the following steps that a windows domain manager acquires plaintext passwords of all users in a domain at intervals of delta d through a reducible encryption storage mechanism; s4: and matching the acquired plaintext password with the password in the password rule table, and prompting the user to which the successfully matched plaintext password belongs if the plaintext password is successfully matched with the password in the password rule table. The password plaintext of all users in the windows domain can be obtained through the reducible encryption storage mechanism, the obtained plaintext passwords are matched with the set weak password rules, the users are prompted to modify the plaintext passwords after the plaintext passwords are successfully matched, all weak passwords in the domain are eliminated, and the network security of the windows domain is improved.

Description

Method for strengthening password in windows domain based on reducible encryption mechanism
Technical Field
The invention relates to the technical field of network security, in particular to a method for strengthening a password in a windows domain based on a reducible encryption mechanism.
Background
In most large enterprises, windows office networks often perform longitudinal management based on domains, so that managers can conveniently and uniformly configure machines, patch issuing and other operations in the domains. However, the domain-based convenient management also brings certain harm, and hackers and other attackers can penetrate the domain through the means of guessing the domain password to acquire the domain authority and cause network security harm to enterprises, so that the domain password needs to be strengthened.
In the prior art, password strengthening in the windows domain is performed by setting a security policy of password complexity, and the security policy of password complexity includes the following points: the method comprises the steps that firstly, the account name of a user cannot be contained, and the part of more than two continuous characters in the user name cannot be contained; secondly, the characters are at least six in length; and thirdly, three characters in four types of characters, namely English capital letters, English lowercase letters, ten basic numbers and non-alphabetic characters, are contained. However, the enhanced password formed by the security policy of the above password complexity cannot exclude the novel weak passwords such as the classical weak password, the keyboard weak password and the keyword social weak password. With the increase of the number of the passwords in the domain, most people tend to set the passwords as easily remembered passwords which accord with the password complexity security policy, and novel weak passwords cannot be excluded. The novel weak password still belongs to the weak password for an attacker, cannot play a great blocking role, cannot be avoided due to the fact that harm is brought by carrying out management on the windows office network based on the domain, and is insufficient in network security of the windows domain.
In addition, the intra-domain password belongs to irreversible encrypted storage, and a manager cannot obtain the password set by the personnel in the windows office network, and cannot determine whether the intra-enterprise password is safe or not.
Therefore, it is necessary to provide a method for enhancing password in windows domain based on a recoverable encryption mechanism to overcome the shortcomings of the prior art.
Disclosure of Invention
The invention aims to avoid the defects of the prior art and provides a method for strengthening passwords in a windows domain based on a reducible encryption mechanism, which can acquire all password cleartexts in the windows domain through the reducible encryption mechanism, then match the plaintext with the set weak password rules, judge the security degree of the cleartext passwords set by users in the domain and eliminate all weak passwords in the domain, thereby improving the network security of the windows domain.
The object of the invention is achieved by the following technical measures.
The method for strengthening the password in the windows domain based on the reducible encryption mechanism comprises the following steps:
s1: and the domain control server of the windows domain is provided with a reducible encryption storage mechanism.
S2: and setting a password rule table in the windows domain, wherein the password rule table is a password set which is not allowed to be set by a user.
S3: and acquiring clear text passwords of all users in the domain once by the windows domain manager through a reducible encryption storage mechanism every delta d time period, wherein delta d is a positive number.
S4: and matching the obtained plaintext password with the password in the password rule table, and prompting the user to which the successfully matched plaintext password belongs when the plaintext password is successfully matched with the password in the password rule table.
Preferably, the reducible encrypted storage mechanism is a self-contained reducible encrypted storage mechanism in the windows domain.
Preferably, the password rule table includes at least one of a classical weak password, a keyboard weak password, a keyword social weak password, and a custom weak password.
Preferably, Δ d is set by the windows domain administrator in step S3, where Δ d is 10 days ≦ 30 days.
Preferably, the plaintext password in step S4 is matched with the password in the password rule table in a sequential search manner, the plaintext passwords obtained in step S3 are used as search objects one by one, sequential search is performed in the password rule table, and when a password identical to the plaintext password used as the search object is found in the password rule table, matching is successful.
Preferably, the keyword social type weak password and the user-defined weak password are set by a windows domain manager.
Preferably, the prompt of step S4 includes a password weak password warning or a new password modification policy.
Preferably, the prompt of step S4 includes a password weak password warning and a new password modification policy, and the user modifies the password according to the new password policy after receiving the password weak password warning.
The invention discloses a windows intra-domain password strengthening method based on a reducible encryption mechanism, which comprises the following steps: s1: setting a reducible encryption storage mechanism in the windows domain control server; s2: setting a password rule table in a windows domain, wherein the password rule table is a password set which is not allowed to be set by a user; s3: the method comprises the steps that a windows domain manager obtains plaintext passwords of all users in a domain every delta d time period through a reducible encryption storage mechanism, wherein the delta d is a positive number; (ii) a S4: and matching the obtained plaintext password with the password in the password rule table, and prompting the user to which the successfully matched plaintext password belongs when the plaintext password is successfully matched with the password in the password rule table. The password plaintext of all users in the windows domain can be obtained through the reducible encryption storage mechanism, the obtained plaintext passwords are matched with the set weak password rules, the users are prompted to modify the plaintext passwords after the plaintext passwords are successfully matched, all weak passwords in the domain are eliminated, and the network security of the windows domain is improved.
Drawings
The invention is further illustrated by means of the attached drawings, the content of which is not in any way limiting.
FIG. 1 is a schematic diagram of matching a plaintext password with a password rule table in a windows domain password strengthening method of a recoverable encryption mechanism according to the present invention.
Detailed Description
The invention is further illustrated by the following examples.
Example 1.
A method for strengthening password in windows domain based on a reducible encryption mechanism comprises the following steps: s1: and setting a reducible encryption storage mechanism in a domain control server of the windows domain. The reducible encrypted storage mechanism is a reducible encrypted storage mechanism which is carried by Microsoft in the windows domain, and is a password setting carried by Microsoft, and the setting supports an application program which uses a protocol which needs to know a user password for identity authentication. The use of recoverable encryption to store a password is essentially the same as holding a plain-text version of the password, which is required when using Challenge Handshake Authentication Protocol (CHAP) through remote access or Internet Authentication Service (IAS). This policy is also required when using digest authentication in Microsoft Internet Information Services (IIS). By means of the password setting, the password cleartext of all the persons in the domain can be acquired.
In this embodiment, windows7 is taken as an example to describe a setting process of a reducible encryption storage mechanism, specifically, a windows program of windows7 "control panel" is called, and a "system and security" icon is clicked; clicking a management tool icon, clicking a local security policy icon on a management tool window to call a local security policy program window; clicking account policy in the security setting part of the local security policy program window; clicking a sub-setting 'password policy' occurrence 'of' account policy 'to store a password' icon by reducible encryption; and finally, right clicking an icon for storing the password by using the reducible encryption by using a mouse, popping up a shortcut menu to select an attribute item, popping up a dialog box for storing the password attribute by using the reducible encryption, checking an enabled check box under the local security setting, and finishing the setting of the windows7 reducible encryption storage mechanism. It should be noted that other versions of windows may be configured to restore the encrypted storage mechanism in a manner substantially the same as that of windows7, and are well known to those skilled in the art, and therefore, will not be described herein again.
S2: and setting a password rule table in the windows domain, wherein the password rule table is a password set which is not allowed to be set by a user. The password rule table comprises at least one of a classic weak password, a keyboard weak password, a keyword social weak password and a custom weak password. Classic weak passwords are weak passwords like P @ ssw0rd and Pa $ $ w0rd, and keyboard weak passwords are weak passwords like 1qaz @ WSX! qaz2 weak passwords such as WSX and ZXC1@ ZXC, classical weak password and keyboard weak password are common weak passwords and can be acquired from the Internet. The keyword social weak password and the custom weak password are set by a windows domain manager, for an enterprise, the keyword social weak password is set by the manager according to a certain rule according to an enterprise keyword key, the keyword key can be the name of the enterprise, the variety of the name or a self-defined character string of the enterprise, the variety generally refers to the similar transformation of letters and special symbols, for example, the a variety is @, the s variety is $, the o variety is 0, the rule can be% key @123 and% key% 2020, and the like, different enterprises can be used, and a large number of keyword social weak passwords can be generated by the name of the enterprise, the variety of the name of the enterprise or the self-defined character string of the enterprise according to the rules of% key @123,% key% 2020 and the like. The user-defined weak password can be set by enterprise management personnel according to the current environment of the enterprise, for example, the location of the enterprise is Guangzhou, and the user-defined weak password can be defined as GZ% key% 123 or 0G% key% Z0, which can be easily guessed by an attacker. In this embodiment, a Baidu company is taken as an example to explain settings of a keyword social weak password and a user-defined weak password, where% key% is Baidu or Baidu, the corresponding keyword social weak password may be Bai du @123, Baidu @123, B @ idu123, or Baidu2020, and the user-defined weak password may be GZBai du123 or 0GBaidu Z0, and the user-defined weak password may be continuously updated according to an environment where an enterprise is currently located. The classic weak password, the keyboard weak password, the keyword social weak password and the user-defined weak password all meet the requirements of password complexity including numbers, letter case, special symbols and the like, but are easily guessed by an attacker in a targeted manner, so that the password still belongs to the weak password, and the enterprise security is still threatened.
S3: the method includes the steps that a windows domain manager acquires plaintext passwords of all users in a domain once through a reducible encryption storage mechanism every delta d time period, wherein the delta d is set by the windows domain manager, the delta d is more than or equal to 10 days and less than or equal to 30 days, and the delta d is specifically 30 days in the embodiment. The plaintext password of the user can be monitored regularly, so that the plaintext password belonging to the weak password can be found in time, the existence of the weak password plaintext password in the domain is reduced, and the risk that the plaintext password is cracked and an attacker permeates the windows domain is effectively avoided.
S4: as shown in fig. 1, the obtained plaintext password is matched with the password in the password rule table, and if the plaintext password is successfully matched with the password in the password rule table, the user to which the successfully matched plaintext password belongs is prompted. And matching the plaintext password with the password in the password rule table in a sequential search mode, sequentially searching the plaintext passwords acquired in the step S3 in the password rule table by taking the plaintext passwords as search objects one by one, and if the password which is the same as the plaintext password which is the search object is searched in the password rule table, successfully matching. The prompt contains a password weak password warning and a new password modification policy. It should be noted that the new password policy is set by the administrator, and may include a policy that prohibits naming by the enterprise keyword, the environment, and the like. After receiving the password weak password warning, the user modifies the password according to the new password strategy, the password in the windows domain is strengthened, and the network security of the windows domain is guaranteed.
According to the method for strengthening the password in the windows domain based on the reducible encryption mechanism, the idea of strengthening the password by using the self-contained function of the system is ingeniously utilized, the plaintext passwords of all the personnel in the domain can be obtained through the self-function reducible encryption storage mechanism of the windows domain, the plaintext passwords are matched with the password set which is not allowed to be set by the user in the domain, the user is prompted to modify the plaintext passwords after the matching is successful, the number of weak passwords in the domain is reduced, and the network security of the windows domain is improved.
Example 2.
A method for strengthening password in windows domain based on a reducible encryption mechanism has the same other characteristics as embodiment 1, except that: the embodiment specifically describes a method for strengthening a password in a windows domain based on a reducible encryption mechanism by taking a process of strengthening the password in an office of an enterprise a as an example, and the method comprises the following steps:
s1: enterprise A manager sets a reducible encryption storage mechanism in a domain control server of a windows domain where an office network of the enterprise A manager is located;
s2: the enterprise A management personnel set a password rule table in the windows domain, the password rule table is a password set which is not allowed to be set and comprises novel weak passwords such as classical weak passwords, keyboard weak passwords, keyword social weak passwords, user-defined weak passwords and the like, and the keyword social weak passwords and the user-defined weak passwords are set and generated by the enterprise A management personnel according to the name of the enterprise A and the like and according to self-defined rules.
S3: the method comprises the following steps that enterprise A managers obtain plaintext passwords set by enterprise owners once every 15 days through a reducible encryption storage mechanism set by a domain control server;
s4: and matching the obtained plaintext password with the password in the password rule table, if the plaintext password is successfully matched with the password in the password rule table, prompting the staff to which the successfully matched plaintext password belongs, and modifying the own related plaintext password by the staff after prompting. In this embodiment, the passwords in the password rule table may be stored in blocks, the storage areas are sorted, the plaintext password currently used as the matching object is initially set to match the novel weak password in the first storage sequence of the password rule table, and the next sequence is entered for comparison if the first sequence is unsuccessfully matched. No matter whether the plaintext password serving as the matching object is successfully matched or not, as long as no data mark and no password are matched in the first sequence, the next plaintext password serving as the matching object is added to serve as the matching object, and the matching speed of the plaintext password and the weak password in the password rule table is increased by adopting the mode.
According to the windows intra-domain password strengthening method based on the reducible encryption mechanism, enterprise managers can obtain plaintext passwords used in enterprises through the reducible encryption storage mechanism arranged on the domain control server of the domain where the enterprise office network is located, and can be quickly matched with the set weak password rule table, weak password plaintext passwords in the enterprise plaintext passwords are eliminated, and the network security of the enterprise office network is improved.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the present invention and not for limiting the protection scope of the present invention, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions can be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (8)

1. A method for strengthening password in windows domain based on a reducible encryption mechanism is characterized by comprising the following steps:
s1: a domain control server of the windows domain sets a reducible encryption storage mechanism;
s2: setting a password rule table in a windows domain, wherein the password rule table is a password set which is not allowed to be set by a user;
s3: the method comprises the steps that a windows domain manager obtains plaintext passwords of all users in a domain every delta d time period through a reducible encryption storage mechanism, wherein the delta d is a positive number;
s4: and matching the obtained plaintext password with the password in the password rule table, and prompting the user to which the successfully matched plaintext password belongs when the plaintext password is successfully matched with the password in the password rule table.
2. The method for password enforcement in the windows domain based on the reducible encryption mechanism of claim 1, wherein the reducible encryption storage mechanism is a self-contained reducible encryption storage mechanism in the windows domain.
3. The method of claim 1, wherein the table of cryptographic rules comprises at least one of a classic weak password, a keyboard weak password, a keyword social weak password, and a custom weak password.
4. The method for strengthening password in windows domain based on recoverable encryption mechanism of claim 1, wherein Δ d is set by the administrator of windows domain in step S3, wherein Δ d is 10 days ≦ 30 days.
5. The method for strengthening the password in the windows domain based on the recoverable encryption mechanism of claim 1, wherein the plaintext password in step S4 is matched with the password in the password rule table by sequential search, the plaintext passwords obtained in step S3 are sequentially used as the search objects, the sequential search is performed in the password rule table, and when the same password as the plaintext password used as the search object is found in the password rule table, the matching is successful.
6. The method for strengthening password in windows domain based on recoverable encryption mechanism of claim 3, wherein the keyword social weak password and the custom weak password are set by a windows domain administrator.
7. The method of claim 1, wherein the prompt of step S4 comprises a password weak password warning or a new password modification policy.
8. The method of claim 7, wherein the prompt of step S4 includes a password weak password warning and a new password modification policy, and the user modifies the password according to the new password policy after receiving the password weak password warning.
CN202011134173.4A 2020-10-21 2020-10-21 Method for strengthening password in windows domain based on reducible encryption mechanism Pending CN112257057A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011134173.4A CN112257057A (en) 2020-10-21 2020-10-21 Method for strengthening password in windows domain based on reducible encryption mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011134173.4A CN112257057A (en) 2020-10-21 2020-10-21 Method for strengthening password in windows domain based on reducible encryption mechanism

Publications (1)

Publication Number Publication Date
CN112257057A true CN112257057A (en) 2021-01-22

Family

ID=74263043

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011134173.4A Pending CN112257057A (en) 2020-10-21 2020-10-21 Method for strengthening password in windows domain based on reducible encryption mechanism

Country Status (1)

Country Link
CN (1) CN112257057A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674296A (en) * 2008-09-10 2010-03-17 北京正辰科技发展有限责任公司 EAD endpoint admission defense mechanism
US20160149755A1 (en) * 2014-11-21 2016-05-26 Belkin International Inc. System for utility usage triggering action
CN111490965A (en) * 2019-01-28 2020-08-04 顺丰科技有限公司 System and method for detecting weak password in Windows environment
CN111510463A (en) * 2020-03-07 2020-08-07 浙江齐治科技股份有限公司 Abnormal behavior recognition system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674296A (en) * 2008-09-10 2010-03-17 北京正辰科技发展有限责任公司 EAD endpoint admission defense mechanism
US20160149755A1 (en) * 2014-11-21 2016-05-26 Belkin International Inc. System for utility usage triggering action
CN111490965A (en) * 2019-01-28 2020-08-04 顺丰科技有限公司 System and method for detecting weak password in Windows environment
CN111510463A (en) * 2020-03-07 2020-08-07 浙江齐治科技股份有限公司 Abnormal behavior recognition system

Similar Documents

Publication Publication Date Title
US10135796B2 (en) Masking and unmasking data over a network
US8397077B2 (en) Client side authentication redirection
US7941836B2 (en) Secure authentication systems and methods
US7103912B2 (en) User authorization management system using a meta-password and method for same
EP2191610B1 (en) Software based multi-channel polymorphic data obfuscation
Manber A simple scheme to make passwords based on one-way functions much harder to crack
US20120151559A1 (en) Threat Detection in a Data Processing System
US20040128552A1 (en) Techniques for detecting and preventing unintentional disclosures of sensitive data
US20140165169A1 (en) Method and system for managing user login behavior on an electronic device for enhanced security
Scarfone et al. Guide to enterprise password management (draft)
US10715320B2 (en) Password generation with key and derivation parameter
US20110083172A1 (en) Increase entropy of user-chosen passwords via data management
Toxen Real world Linux security: intrusion prevention, detection, and recovery
Alonso et al. LDAP injection techniques
US20210021612A1 (en) Message platform for automated threat simulation, reporting, detection, and remediation
CN112257057A (en) Method for strengthening password in windows domain based on reducible encryption mechanism
CN111859362A (en) Multi-stage identity authentication method in mobile environment and electronic device
CN105871889B (en) A kind of login method and system
CN108737094A (en) A kind of method and relevant device of the detection of domain cipher safety
Zare et al. Cybersecurity Vulnerabilities Assessment (A Systematic Review Approach)
Schafer et al. Password Strength Estimators Trained on the Leaked Password Lists
Conorich Effective Management of UNIX Passwords
KR100925985B1 (en) User interface security apparatus and method
Borankulova et al. METHODS AND MEANS OF INFORMATION NETWORK PROTECTION.
CN112615879A (en) Network request processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination