CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [38]
The event log located at c:\\windows\system32\config\Sec. Event. Evt contains the trace of an attacker's brute-force attempts.
4. Never use a password related to your hobbies, pets, relatives, or date of birth.
5. Use a word that has more than 21 characters from a dictionary as a password.
This subject is discussed further in the section "Monitoring Event Viewer Logs."
You cannot completely block brute-force password attacks if the hacker switches the proxy server where the source packet is generated. A systems administrator can only add security features to decrease the likelihood that brute-force password attacks will be useful.
Understanding Different Types
of Passwords
Several types of passwords are used to provide access to systems. The characters that form a password can fall into any of these categories:
■ Only letters
■ Only numbers
■ Only special characters
■ Letters and numbers
■ Only letters and special characters
■ Only numbers and special characters
■ Letters, numbers, and special characters
A strong password is less susceptible to attack by a hacker. The following rules, proposed by the EC Council, should be applied when you're creating a password, to protect it against attacks:
■ Must not contain any part of the user's account name
■ Must have a minimum of eight characters
■ Must contain characters from at least three of the following categories:
■ Nonalphanumeric symbols ($,:"%@!#)
■ Numbers
■ Uppercase letters
■ Lowercase letters
A hacker may use different types of attacks in order to identify a password and gain further access to a system. The types of password attacks are as follows:
Passive online Eavesdropping on network password exchanges. Passive online attacks include sniffing, man-in-the-middle, and replay attacks.
Active online Guessing the Administrator password. Active online attacks include automated password guessing.
Offline Dictionary, hybrid, and brute-force attacks.
Nonelectronic Shoulder surfing, keyboard sniffing, and social engineering.
We'll look at each of these attacks in more detail in the following sections.
Passive Online Attacks
A passive online attack is also known as sniffing the password on a wired or wireless network. A passive attack is not detectable to the end user. The password is captured during the authentication process and can then be compared against a dictionary file or word list. User account passwords are commonly hashed or encrypted when sent on the network to prevent unauthorized access and use. If the password is protected by encryption or hashing, then special tools in the hacker's toolkit can be used to break the algorithm.
Another passive online attack is known as man-in-the-middle (MITM). In a MITM attack, the hacker intercepts the authentication request and forwards it to the server. By inserting a sniffer between the client and the server, the hacker is able to sniff both connections and capture passwords in the process.
A replay attack is also a passive online attack; it occurs when the hacker intercepts the password en route to the authentication server and then captures and resends the authentication packets for later authentication. In this manner, the hacker doesn't have to break the password or learn the password through MITM but rather captures the password and reuses the password-authentication packets later to authenticate as the client.
Active Online Attacks
The easiest way to gain Administrator-level access to a system is to guess a simple password assuming the administrator used a simple password. Password guessing is an active online attack. It relies on the human factor involved in password creation and only works on weak passwords.
In Chapter 3, when we discussed the Enumeration phase of system hacking, you learned the vulnerability of NetBIOS enumeration and null sessions. Assuming that the NetBIOS TCP 139 port is open,