Password cracking and Prevention Measures

Source: Internet
Author: User

Comments: Effective use of passwords and user accounts is one of the biggest problems in network security. In this article, Rob Shimonski will study password cracking: how and why the password is cracked. Rob will only show how simple the penetration network is, how attackers can access the network, the tools they use, and how they can combat it. Attacks against computer systems of companies or organizations include various forms of passwords and the effective use of user accounts, which is one of the biggest problems of network security. In this article, Rob Shimonski will study password cracking: how and why the password is cracked. Rob will only show how simple the penetration network is, how attackers can access the network, the tools they use, and how they can combat it. Attacks against computer systems of companies or organizations may take various forms, such as electronic spoofing, smurf attacks, and other DoS attacks. These attacks are designed to damage or interrupt the use of your operating system. This article discusses a widely spread attack form called password cracking. Password cracking is a term used to describe the penetration of networks, systems, or resources to unlock password-protected resources when using or without tools. This article will study what is password cracking, why attackers do this, how they achieve their goals, and how to protect yourself. I will briefly study the attackers themselves: their habits and motivations. Through research on several solutions, I will describe some of the technologies they deploy, the tools that help them attack, and how the password cracker infringes on the company's infrastructure from inside and outside. Finally, the document provides a checklist to help you avoid password cracking. Before studying these methods, let's first understand what attackers think and why they want to access your network and system. Attackers: the definition of how and why they launch attacks on hackers remains controversial. Hackers can be anyone who has a strong interest in computer-based technology; they may not define the person who wants to do harm. Word attackers can describe malicious hackers. Another term used by attackers is black hat ). Security Analysts are often referred to as white hats. white hat analysis is a password cracking method used for defense purposes. The motivations of attackers vary greatly. Some hackers who declare wolf nationality are high school students who are looking for ways to exploit computer system vulnerabilities in front of computers in the basement. Other attackers are dissatisfied employees seeking revenge against the company. There are also other attackers who want to penetrate well-protected systems for the purpose of seeking for irritating challenges. Attack methods password cracking does not necessarily involve complex tools. It may be as simple as finding a sticker with a password, and the paper is pasted on the monitor or hidden under the keyboard. Another brute-force technology, called dumpster diving, basically refers to an attacker who searches for obsolete documents that may contain passwords. Of course, attackers can involve more advanced complex technologies. Here are some more common techniques used in password cracking: Dictionary attack (Dictionary attack) So far, a simple Dictionary attack is the fastest way to break into the machine. A dictionary file (a text file filled with dictionary text) is loaded into an application (such as L0phtCrack) and runs based on the user account located by the application. Because most passwords are usually simple, running dictionary attacks is usually sufficient. Another well-known form of Hybrid attack is Hybrid attack. The hybrid attack adds numbers and symbols to the file name to successfully crack the password. Many people only add a number after the current password to change the password. In this mode, the password for the first month is "cat", the password for the second month is "cat1", the password for the third month is "cat2", and so on. Brute force attack is the most comprehensive form of attack. Although it usually takes a long time to work, it depends on the complexity of the password. Depending on the complexity of the password, some brute-force attacks may take a week. L0phtcrack can also be used in brute force attacks. Next, we will study some tools that attackers use to break into the system. One of the most commonly used professional tools is L0phtCrack (now called LC4 ). L0phtCrack is a tool that allows attackers to obtain encrypted Windows NT/2000 passwords and convert them into plain text. The NT/2000 password is in the password hash format and cannot be read without tools such as L0phtCrack. It uses a combination of letters and numbers to try to crack the password. Another common tool is the protocol analyzer (preferably known as a network Sniffer, such as Sniffer Pro or Etherpeek), which can capture each piece of data on the network segment it connects. When running this tool in a hybrid manner, it can "sniff out" everything that happens on this network segment, such as login and data transmission. As you will see later, this may seriously damage network security and allow attackers to capture passwords and sensitive data. Let's study some solutions to analyze how attackers initiate attacks and how to stop or prevent them. I will first describe two solutions involving internal attacks (that is, attacks initiated within the Organization), and then study two solutions involving external attacks. Internal attackers are the most common source of decryption attacks because they have direct access to the organization system. The first solution is to study the situation where attackers are dissatisfied employees. The attacker, an experienced System Administrator, encountered a problem at work and vented the attack with the system she managed and protected.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.