AAU Student Projects - visit Aalborg University's student projects portal
A master thesis from Aalborg University

Filter Frenzy: Towards Assessing Active Directory Filters

Author(s)

Juncker, Jonathan Hartvigsen ; Møller, Mads Lykkeberg

Term

4. semester

Education

Cyber Security, Master

Publication year

2024

Submitted on

2024-05-31

Pages

94 pages

Abstract

I de senere år er der udviklet adskillige adgangskodefiltre til Microsofts Active Directory. Historisk set har disse filtre primært været tredjepartsimplementeringer. Microsoft har dog indført sit eget password-filter i form af Microsoft Entra Password Protection. Da adgangskoder fortsat er den mest udbredte form for adgangskontrol, og Microsofts Active Directory er fundamental i Identity and Access Management, er det afgørende at vurdere effektiviteten af disse adgangskodefiltre. Dette rejser spørgsmålet om, hvorvidt disse filtre forbedrer adgangskodesikkerheden, og hvordan Microsofts filter kan sammenlignes med tredjepartsmuligheder. Dette kandidatspeciale præsenterer en omfattende litteratur søgning og review om adgangskodepolitikker, adgangskodestyrke og adgangskodegætteangreb. Den introducerer også en ny metode til at evaluere effektiviteten af adgangskodefiltre til Active Directory. Evalueringen involverer test af tre forskellige adgangskodefiltre ved hjælp af cirka 88 millioner adgangskoder, avancerede adgangskodestyrkemålere og forskellige adgangskodegætteangreb.

In recent years, several password filters for Microsoft's Active Directory have been developed. Historically, these filters have primarily been third-party implementations. However, Microsoft has introduced its own password filter in the form of Microsoft Entra Password Protection. Given that passwords remain the most prevalent form of access control and Microsoft's Active Directory is a cornerstone of Identity and Access Management, it is crucial to assess the effectiveness of these password filters. This raises the question of whether these filters enhance password security and how Microsoft's filter compares to third-party options. This master's thesis presents an extensive literature review on password policies, password strength, and password guessing attacks. It also introduces a novel method for evaluating the effectiveness of password filters for Active Directory. The evaluation involves testing three different password filters using approximately 88 million passwords, state-of-the-art password strength meters, and various password guessing attacks.

Documents

Download
View record in AAU Student Projects

Colophon: This page is part of the AAU Student Projects portal, which is run by Aalborg University. Here, you can find and download publicly available bachelor's theses and master's projects from across the university dating from 2008 onwards. Student projects from before 2008 are available in printed form at Aalborg University Library.

If you have any questions about AAU Student Projects or the research registration, dissemination and analysis at Aalborg University, please feel free to contact the VBN team. You can also find more information in the AAU Student Projects FAQs.