Join Lisa Bock for an in-depth discussion in this video Understanding the threat of password attacks, part of IT Security Foundations: Network Security.
- A password is something you know. It's a series of numbers and characters and it provides access control. If you obtain someone's password you will have the same rights as the user. Now there are a number of different password attacks. We'll talk about a few of them and then I'll show you some examples. One way to do a password attack is using a keystroke logger. A keystroke logger is either a physical device or even software. A keystroke logger captures keystrokes, well with the goal of obtaining information.
You'll probably get a lot of information, but you might capture a username and password. A brute force attack. Brute force is trial-and-error and method. All possible combinations are tried. A dictionary attack is a subset of a brute force attack, where all common passwords are tried. Now, you shouldn't use a common password, you should use a complex password. But let's take a look at 25 of the most common passwords of 2014.
I'm at this website here, and it lists 25 of the most popular passwords of 2014. I'll scroll down and here you can see these are the passwords that most likely would be tried first. So again, you want to add complexity and length to your passwords to keep them strong. Well it's easier to reset a password than to guess or crack, so password resetting might be an option. Password sniffing is actually pulling that password or hash, via packet analysis.
Let's take a look. I'm at this website where I'm going to get a precaptured packet off the wireshark.org sample captures page. You can follow along if you like. I'm going to open it. It will open in WireShark, a free protocol analysis tool. I'm not going to show you how to use WireShark, if you're interested you can check out my course Troubleshoot Your Network with WireShark, but I'm going to show you one thing.
All this is a Telnet capture. Telnet is a utility used for terminal emulation. It's deprecated in Windows Operating machines today, meaning it is no longer active. You would actually have to physically go in and activate it. You can still use it, but you should protect your data by using encryption, such as Secure Shell, by using PuTTY. I'm going to right click and follow the TCP stream. But as we see here, this is unencrypted and the username and password are in plain text.
Note: This training maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). See https://www.microsoft.com/learning/en-us/exam-98-367.aspx for more information.
- Implementing secure content management (SCM)
- Implementing unified threat management (UTM)
- Introducing VLANs
- NAT addressing
- Network sniffing
- Understanding common attack methods, such as password attacks
- Protecting clients with antivirus software
- Implementing physical security