Mark Shtern. Passwords are the most common authentication method They are inherently insecure.

Slides:



Advertisements
Similar presentations
Securing Passwords against Dictionary Attacks
Advertisements

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Lecture 6 User Authentication (cont)
Password Cracking Lesson 10. Why crack passwords?
Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
The Cain Tool Presented by: Sagar Chivate CS 685F.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Passwords, Encryption Forensic Tools
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.
Chapter 4 System Hacking: Password Cracking, Escalating Privileges, & Hiding Files.
Passwords Breaches, Storage, Attacks OWASP AppSec USA 2013.
Time-Memory tradeoffs in password cracking 1. Basic Attacks Dictionary attack: –What if password is chosen well? Brute Force (online version): –Try all.
ANTICLICK: INCREASING DESKTOP SECURITY Jason Petrey Computer Electronic Networking Dept. of Technology Eastern Kentucky University.
CIS 450 – Network Security Chapter 8 – Password Security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 3 – User Authentication.
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.
Lecture 11: Strong Passwords
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
System Hacking Active System Intrusion. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.
LockoutGuard Protect AD accounts from Extranet attacks Copyright ©2008 Collective Software, LLC.
How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Mark Shtern.  Secure your infrastructure using IDS, application firewalls, or honeypots  Plant your flag on opponent’s machine  Prevent intruders from.
What do you know about password? By Guang Ling Oct. 8 th,
CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.
Lecture 5 User Authentication modified from slides of Lawrie Brown.
Password cracking Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.
Ethical Hacking: Defeating Logon Passwords. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
Module 4 Password Cracking
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
CSCE 201 Identification and Authentication Fall 2015.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
CIS 450 – Network Security Chapter 10 – UNIX Password Crackers.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.
Understanding Security Policies Lesson 3. Objectives.
MIGHTY CRACKER Chris Bugg Chris Hamm Jon Wright Nick Baum We could consider using the Mighty Cracker Logo located in the Network Folder.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Password Cracking COEN 252 Computer Forensics. Social Engineering Perps trick Law enforcement, private investigators can ask. Look for clues: Passwords.
Security Risk Assessment Determine how important your computer is to your group ● Mission critical? ● Sensitive information? ● Expensive hardware? ● Service.
Hacking Windows.
Understanding Security Policies
Hash Functions Which of these problems is easier to solve:
I have edited and added material.
Jason Ewing Troy Behmer
Authentication CSE 465 – Information Assurance Fall 2017 Adam Doupé
Password Cracking Lesson 10.
Computer Security Fundamentals
CS 465 PasswordS Last Updated: Nov 7, 2017.
Security.
Kiran Subramanyam Password Cracking 1.
Authentication CSE 365 – Information Assurance Fall 2018 Adam Doupé
Security.
Exercise: Hashing, Password security, And File Integrity
Elijah Hursey & Austin Keener Academy of Science Summer Bridge 2013
Network Penetration Testing & Defense
Authentication CSE 365 – Information Assurance Fall 2019 Adam Doupé
Presentation transcript:

Mark Shtern

Passwords are the most common authentication method They are inherently insecure

Human generated passwords Come from a small domain Easy to guess – dictionary attacks Stronger passwords Computer generated or verified Not user friendly Hard to remember

Physical Access Offline password cracking Online password cracking

Boot using Linux bootable CD Mount system drive Reset Administration Password (Windows: chntpwd; Linux modify shadow file)

Collect password hashes Crack passwords

Eavesdropping (Sniffing) Password file  Windows – SAM,NTDS.dit file (pwdump[ 2-6 ] and fgdump)  Linux – shadow file (unshadow) Memory Dump (debug tools: WinDgb, gdb), System calls (APImonitor, strace) SQL database, configuration file Source code

Types  Brute Force  Dictionary  Hybrid  Rainbow The most popular crackers  Windows: Ophcrack, Cain & Abel, LCP  Linux: John the Ripper (john)

Eavesdropping: Encrypt the channel, e.g. using SSL or SSH Offline dictionary attacks: Limit access to password hashes, strong passwords, password lifetime, use salt Online dictionary attacks: Delayed answers, strong passwords, account lockouts

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.