Figure 4. Using L0phtCrack to break the Administrator password
--------------------------------------------------------------------------------
Back to top
A protection check list
Here is a checklist of things you can do to make password cracking more difficult:
Audit your organization! Do a walk through and make sure passwords are not stuck to monitors or under keyboards.
Set up dummy accounts. Get rid of the administrator (or admin) account or set it up as a trap and audit it for attempts.
Use strong, difficult to guess passwords, and never leave a console unlocked.
Backups are necessary in case you are compromised. You need a working set of data, so make sure you have it. Keep the tapes secure too, or the data there will be compromised as well.
Prevent dumpster diving. Don't throw sensitive information away; shred it or lock it up.
Check IDs and question people you don't know. When you have visitors, check them out and make sure they belong.
Educate your end users. Make sure they aren't prone to social engineering and educate and remind internal users of the company's security policies.
--------------------------------------------------------------------------------
Back to top
Summary
In this article I've described some of the psychology behind an attacker's motivation and some of the low-tech and high-tech methods used to crack passwords. You've looked at several attack scenarios, including attacks against major companies by a veteran administrator, a help desk technician, and an outside vandal. You also saw how password crackers use techniques both internally and externally to your infrastructure. Finally, some ideas on how to properly secure yourself and your systems from the possibility of a password cracking attack were offered. Combating these attacks ultimately requires a conscious effort, trained individuals, useful tools, and sound security policies. Hopefully, as a proactive security analyst, you can make a difference in helping to slow down this malicious activity within your organizations as well as outside of them. Otherwise, you may find Jon in your server room with a smirk on his face and your data in his hands.
Resources
Read the developerWorks article Protecting Passwords: authenticating users, this article is a great read to get your mind around how to protect your passwords in the first place.
See also the developerWorks article Setting up a security policy, also a must read.
The CERT Coordination Center is a center of Internet security expertise at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. They study Internet security vulnerabilities, handle computer security incidents, and publish security alerts.
Check out the following article available from the CERT organization on Protecting Yourself from Password File Attacks.
Password Cracking Activity discovered by the CERT organization can be researched at http://www.cert.org/incident_notes/IN-98.03.html.
Password cracking tools are available worldwide over the Internet. Check out http://www.pwcrack.com for security and cracking resources available on the Internet.
Sans.org is the leading source of Internet and Network security administration worldwide. You can research many topics in their extensive library of information.
General Security information can be found and researched on the Security Focus Web site.
See also IBM Security Solutions site.
About the author
Robert J. Shimonski (Truesecure TICSA, Cisco CCDP, CCNP, Nortel NNCSS, Microsoft MCSE, MCP+I, Novell Master CNE, CIP, CIBS, IWA CWP, Prosoft CIW, SANS GSEC, GCIH, CompTIA Server+, Network+, Inet+, A+, e-Biz+, Symantec SPS and NAI Sniffer SCP) is a Lead Network and Security Engineer for a leading manufacturer company. Robert's specialties include network infrastructure design with the Cisco and Nortel product line, network security design and management with CiscoSecure and PIX firewalls, network management and troubleshooting with CiscoWorks, CiscoSecure, Sniffer-based technologies, and HPOV. Robert is the author of many security-related articles and published books, including the upcoming Sniffer Network Optimization and Troubleshooting Handbook from Syngress Media, Inc. You can contact Robert at dipshiiiht@gmail.com.
No comments:
Post a Comment
thanks for visiting