What is Password Cracking?
What is Password Cracking?
Password cracking or forgotten password solving is a phrase used to describe the penetration of a computer, network, system or resource, with or without tools to unlock a resource that has been locked with a password.
What is a Hacker?
A hacker is any person with an inherent interest in computer technology. Hackers are not necessarily someone who wants to do harm, just someone who wants to ‘beat a system’.
What is an Attacker?
The Attacker is someone with the same interests as a Hacker, but this time, that person wants to cause damage. Motivations for Attackers can range from disgruntled employees trying to get revenge on a former company, a student simply trying to exploit large organisations with their computer systems, or simply the personal satisfaction of attacking a well secured network.
What is a White Hat?
A White Hat is a Hacker who works in the field of security. Security Hacking is more commonly known as Penetration Testing, (penetrating the security of a network, normally for large corporate organisations, the military, governments or law enforcement agencies).
What is a Black Hat?
An Attacker is called a Black Hat.
What is a Grey Hat?
An Attacker turned Security Hacker is called a Grey Hat, (poacher turned gamekeeper).
How do the Attackers Attack?
There are many ways of attacking a network. Some include the following:
1. Bin, (or dumpster), diving – literally going through the rubbish to find possible information that could be a password.
2. Finding a Post-It note on a monitor or underneath a keyboard.
3. Contacting the IT department, stating that you have lost your log-in hoping that they will give it to you.
4. Dictionary Attack – Using a simple dictionary attack, (a text file, full of words from one or more dictionary’s). This is generally the fastest way of ‘breaking a code’. Using a cracking application, (PRTK, LC4), load the dictionary(s) and let the software do its thing. This system works because the most common passwords are simplistic, and can often be found in a dictionary.
5. Hybrid Attack – This system will use the Dictionary Attack technology, and incorporate a selection of numbers at the beginning, and/or the end.
6. Brute Force Attack – This is the most common approach to password cracking used, although not necessarily the best. It will ensure that every possible variation of password is attempted, but this system can take literally years.
Password Attack Prevention Check List:
1. Shred any paper waste – this all but guarantees that bin diving, (dumpster diving), won’t reap any rewards for the Attacker.
2. Simple Spot Checks – go around the users, checking that their password is not displayed anywhere, (under the keyboards, in drawers, stuck to monitors).
3. Change passwords frequently – Make the staff change their password whenever an employee leaves the company, and preferably, weekly.
4. Use difficult to guess passwords. Give your employees passwords that have 3 or 4 numbers in the middle of it. Make sure that they are 8+ characters long.
5. Make your staff aware that there are people out there who want their passwords. People may be approached in bars, in sports clubs, on the journey to work. Let your employees be aware of these potential ‘leak’ opportunities.
6. Use Dummy Accounts. Don’t use Administrator for the Administrator. Any Attacker worth their salt would start by looking at the Administrator account. Keep this account empty, but use your logs to check attempted log-ins.
