CRACKING PASSWORDS
Types of passwords :
Password that contain only letters :: HJKL
Password that contain only numbers :: 2545
Password that contain only special characters :: $#%^
Password that contain letters and numbers :: jdsh563
Password that contain only letters and special characters :: js$#ZD
Password that contain only special characters :: ^#%456$
Password that contain letters special characters and numbers :: E$f$56
There four types of password attacks ::
Passive online attack :
Wire Sniffing
Man in the middle
Active online attack ::
Password Guessing
Offline attacks ::
Tools for Attacks ::
NAT :: NetBIOS Auditing TOOL
BFT :: Brute Force Tool
:: KerbCrack
Password Sniffing ::
Password Cracking Tools::
Countermeasures for Password Hacking
How to keep STRONG PASSWORD :: Try to use full keyboard means use alphabets, numbers and characters :: Use capital letters too :: for example P.r.#.a.S.O.$.o.n
Changer your password :: Change your password every after 10 days of 15 days :: This will more good for you to be safe and try to keep strong password ::
Use different passwords for different accounts. Everybody knows this but nobody cares to follow this. I know remembering a dozen cryptic passwords is very difficult but still I will suggest you to use different passwords for the accounts having sensitive informations.
Check your Security Question. Usually people keep some cryptic password but their security question is too simple to guess. For example, many people keep the security question as the name of their pet or first school
Threats and Countermeasures
Threat Countermeasures
Spoofing user identity Use strong authentication.
Do not store secrets (for example, passwords) in plaintext.
Do not pass credentials in plaintext over the wire.
Protect authentication cookies with Secure Sockets Layer (SSL).
Tampering with data Use data hashing and signing.
Use digital signatures.
Use strong authorization.
Use tamper-resistant protocols across communication links.
Secure communication links with protocols that provide message integrity.
Repudiation Create secure audit trails.
Use digital signatures.
Information disclosure Use strong authorization.
Use strong encryption.
Secure communication links with protocols that provide message confidentiality.
Do not store secrets (for example, passwords) in plaintext.
Types of passwords :
Password that contain only letters :: HJKL
Password that contain only numbers :: 2545
Password that contain only special characters :: $#%^
Password that contain letters and numbers :: jdsh563
Password that contain only letters and special characters :: js$#ZD
Password that contain only special characters :: ^#%456$
Password that contain letters special characters and numbers :: E$f$56
There four types of password attacks ::
- Passive online attacks
- Active online attacks
- Offline attacks
- Non-electronic attacks
Passive online attack :
Wire Sniffing
- Access and record the raw network traffic
- Wait until the authentication sequence
- Brute force credentials
Man in the middle
- Somehow get access to the communications channel
- Wait until the authentication sequence
- No need to brute force
Active online attack ::
Password Guessing
- Try different password until one works
- Bad password
- Open authentication points
Offline attacks ::
- Offline attacks are time
- Web services are available
- Distributed password cracking techniques are available
Tools for Attacks ::
NAT :: NetBIOS Auditing TOOL
BFT :: Brute Force Tool
:: KerbCrack
Password Sniffing ::
- Password guessing is a tough task
- If an attacker is able to eavesdrop on NT/2000 logins, then this approach can spare lot of random guesswork
Password Cracking Tools::
- Access PassView
- Crack
- LCP
- Keyloggers
Countermeasures for Password Hacking
How to keep STRONG PASSWORD :: Try to use full keyboard means use alphabets, numbers and characters :: Use capital letters too :: for example P.r.#.a.S.O.$.o.n
Changer your password :: Change your password every after 10 days of 15 days :: This will more good for you to be safe and try to keep strong password ::
Use different passwords for different accounts. Everybody knows this but nobody cares to follow this. I know remembering a dozen cryptic passwords is very difficult but still I will suggest you to use different passwords for the accounts having sensitive informations.
Check your Security Question. Usually people keep some cryptic password but their security question is too simple to guess. For example, many people keep the security question as the name of their pet or first school
Threats and Countermeasures
Threat Countermeasures
Spoofing user identity Use strong authentication.
Do not store secrets (for example, passwords) in plaintext.
Do not pass credentials in plaintext over the wire.
Protect authentication cookies with Secure Sockets Layer (SSL).
Tampering with data Use data hashing and signing.
Use digital signatures.
Use strong authorization.
Use tamper-resistant protocols across communication links.
Secure communication links with protocols that provide message integrity.
Repudiation Create secure audit trails.
Use digital signatures.
Information disclosure Use strong authorization.
Use strong encryption.
Secure communication links with protocols that provide message confidentiality.
Do not store secrets (for example, passwords) in plaintext.
0 comments:
Post a Comment