Talking about the defense strategy of the collision library

2014 12306 hit the vault attack, 130,000 data leakage; 2015 Cloud Internet posted netease mailbox over billion user data due to the leakage of the library; Data leaks are intensifying, and database login becomes a major security threat to the website.today, we will discuss with you how we can effectively prevent the attack of the pool. The common saying knows, Baizhanbudai, small make up on the net to find a collision library tutorial organized to everyone to see, understand how hackers hit the library.

first find a target website, enter a set of user name and password, test whether its verification code can be bypassed. The password is clear, submit the correct verification code, repeater a bitEcho is the account and password errors, and then repeater, or display account and password errors. The verification code does not need to request again, can directly carry on the collision library. sets the Rainbow table. start the pool, minutes 1000+ the available user name and password to get it. Yes, that's how we were exposed. Of course not all sites can be so easy to hit the library, that the security of this site does not really good. What is a crash library? hackers generate the corresponding dictionary tables by collecting information about the Internet's leaked trailers, especially the user name and password information of the registered user. Bulk attempt to log in to other websites through malicious programs and dictionary tables to get a list of available real user information. What is the reason for the success of the pool?

1. The vast number of network users in order to facilitate memory, all sites use the same set of user name and password.

2. There is not enough security for website login.

What are the hazards of the crash?

1. In terms of enterprise protection of user information security is one of the basic responsibility, the disclosure of user information will be missing credibility, damage the company's brand image.

2. Personally, the small harassment of the telephone every day, the large personal property disappeared.

the impact of such a large pool of harm, as the enterprise and website owners should be how to prevent the attack of the pool? As we can see from the above example, blocking the vault login is a way for hackers not to be able to use the script for bulk login. There are several common ways to do this: limit the number of requests and the frequency of requests for the same IPThis is a method, but because of the presence of IP agents, the role is not particularly large. using Cookie,flash cookies and canvas fingerprintsat present, there are many websites in the use of this strategy, has a certain role, but can also be erased. Add Verification CodeOf course, it is not possible to use the verification code and authentication mechanism in the example website, like this, no use. Why is it useless?

1. Authentication mechanism, once the request can be bypassed directly.

2. Even if every login requires a verification code, the security of this code is also low and easy to identify.

Unlike the verification code in the example above, the verification code based on the behavioral verification technique is introduced to solve the problem that the verification code is bypassed from the following three points.

1. We use machine learning and deep learning to conduct a large number of analysis of human behavioral characteristics. A security model was established to distinguish between human and machine programs.

(through the model analysis, red is a malicious program, Green is a normal user, we can clearly distinguish out, the human and machine programs in the network World behavior is a big gap.) )

2. Dynamic update, when the site is suspicious, we are able to perform the most rapid network-wide verification model updates.

3. The neural network constructed by deep learning is capable of continuous self-learning, constantly learning new features in the process of continuous verification, and has been making progress in the network.

in general, the site will use the above three strategy combination to protect against the attack, can be enough to prevent, verification code plays a key role. and, of course, some other advanced defense methodsbiometric identification, that is to say, does not use our traditional password, of course, this is a matter of heavy and long way;The use of mobile phone verification code, price is not high, the impact of physical factors will be very large, there is the existence of the platform is also a serious threat to its security;restrictions on user settings and more advanced algorithm encryption, as well as the user's login environment to monitor, but this for many enterprises and websites, it is difficult to achieve. so the use of verification code is to prevent the site is hit the most cost -effective method, simple and easy to achieve, but we should choose a security high verification code, otherwise the form with a dummy, no substantive role.

Talking about the defense strategy of the collision library