The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.

Slides:



Advertisements
Similar presentations
Ethical Hacking Module VII Sniffers.
Advertisements

Chapter 17: WEB COMPONENTS
Password Cracking Lesson 10. Why crack passwords?
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
Cryptography and Network Security Chapter 20 Intruders
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.
Computer Viruses.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Hacking Web Server Defiana Arnaldy, M.Si
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Networks and Security Monday, 10 th Week. Types of Attacks/Security Issues  Viruses  Worms  Macro Virus  Virus  Trojan Horse  Phishing 
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
CIS 450 – Network Security Chapter 8 – Password Security.
CIS 450 – Network Security Chapter 16 – Covering the Tracks.
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.
Types of Electronic Infection
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Hacking Windows and Windows Security Lesson 10. Windows 9X/Me/NT There are still some folks out there using Windows 95 and 98, ME, 2000, and NT. Remote.
CHAPTER 9 Sniffing.
Security CS Introduction to Operating Systems.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Topic 5: Basic Security.
1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.
Chapter 9 Intruders.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
Role Of Network IDS in Network Perimeter Defense.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,
COMP1321 Digital Infrastructure Richard Henson March 2016.
By Collin Donaldson Man in the Middle Attack: Password Sniffing and Cracking.
1 Web Technologies Website Publishing/Going Live! Copyright © Texas Education Agency, All rights reserved.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Chapter 9 Intruders.
I have edited and added material.
Configuring Windows Firewall with Advanced Security
Password Cracking Lesson 10.
SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH
Security.
Chapter 9 Intruders.
Security.
Intrusion.
Operating System Concepts
Crisis and Aftermath Morris worm.
Test 3 review FTP & Cybersecurity
Presentation transcript:

The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley

Outline Trojan Horses Trojan Horses Buffer Overflow Buffer Overflow Login Scripting Login Scripting Password Cracking Password Cracking LC4 (L0phtCrack) LC4 (L0phtCrack)

Types of Attacks Dictionary Attack: Guessing every single word from an electronic dictionary Dictionary Attack: Guessing every single word from an electronic dictionary Syllable Attack: Used when a password is transformed into a nonexistent word and the cracker can combine the syllables to get such a word. Syllable Attack: Used when a password is transformed into a nonexistent word and the cracker can combine the syllables to get such a word. Rule-based Attack: Used in any case when the cracker obtains some information about the password he wants to crack. This information can decrease the number of possible passwords by times. This method includes all - brute force, dictionary and syllable attacks. Rule-based Attack: Used in any case when the cracker obtains some information about the password he wants to crack. This information can decrease the number of possible passwords by times. This method includes all - brute force, dictionary and syllable attacks.

Protecting Your Password Choose software that uses strong cryptography and implements it correctly. Choose software that uses strong cryptography and implements it correctly. Choose non-words, mixed-case letters and digits Choose non-words, mixed-case letters and digits Do not use the same password for different systems or for different internet sites. Do not use the same password for different systems or for different internet sites. Do not write down your password and leave it near your desktop. Do not write down your password and leave it near your desktop.

Trojan Horses The name comes from a story in Homer’s Iliad The name comes from a story in Homer’s Iliad Trojan horse is defined as a "malicious, security- breaking program that is disguised as something benign." Trojan horse is defined as a "malicious, security- breaking program that is disguised as something benign."defined Rely on users to install them, or they can be installed by intruders who have gained unauthorized access by other means Rely on users to install them, or they can be installed by intruders who have gained unauthorized access by other means They hook themselves into the victim’s operating system and always come packaged with two files – the client file and the server file They hook themselves into the victim’s operating system and always come packaged with two files – the client file and the server file

Well Known Trojan Functions Managing files on the victim computer Managing files on the victim computer Managing processes Managing processes Remote activation of commands Remote activation of commands Intercepting keystrokes Intercepting keystrokes Restarting and closing down infected hosts Restarting and closing down infected hosts

Protecting Against Trojans System administrators should verify software installed System administrators should verify software installed Use cryptographically strong validation for all software Use cryptographically strong validation for all software Use lowest priority Use lowest priority Install and configure a tool such as Tripwire Install and configure a tool such as Tripwire Bring awareness Bring awareness Use firewalls and virus products that are aware of popular Trojan horses Use firewalls and virus products that are aware of popular Trojan horses Do not rely on timestamps, file sizes, or other file attributes when trying to determine if a file contains a Trojan horse Do not rely on timestamps, file sizes, or other file attributes when trying to determine if a file contains a Trojan horse

Buffer Overflow A buffer is a contiguous allocated chunk of memory, such as an array or a pointer in C. In C and C++, there are no automatic bounds checking on the buffer, which means a user can write past a buffer. A buffer is a contiguous allocated chunk of memory, such as an array or a pointer in C. In C and C++, there are no automatic bounds checking on the buffer, which means a user can write past a buffer. Malicious programs attempt to write beyond the allocated memory for the buffer, which might result in unexpected behavior. Malicious programs attempt to write beyond the allocated memory for the buffer, which might result in unexpected behavior.

Login Scripting Guess passwords by using brute force methods. Guess passwords by using brute force methods. These programs attempt to guess the correct password by running some form of text file, such as an online dictionary file, as the password, and using the guess in combination with a username to log in These programs attempt to guess the correct password by running some form of text file, such as an online dictionary file, as the password, and using the guess in combination with a username to log in Simple, can be written in as few as 40 lines of PERL code. Simple, can be written in as few as 40 lines of PERL code.

Drawbacks Login timeouts Login timeouts Very time consuming Very time consuming Locks on accounts Locks on accounts

Password Cracking Password files would have to be obtained beforehand in order for this method to work Password files would have to be obtained beforehand in order for this method to work A password cracking program takes a dictionary text file, and performs the hash on all of the words in the file. These hashed words are then compared with the values in the encrypted password file. A password cracking program takes a dictionary text file, and performs the hash on all of the words in the file. These hashed words are then compared with the values in the encrypted password file. Can be run on the hacker’s local machine Can be run on the hacker’s local machine Efficient, no login has to take place. Efficient, no login has to take place.

@stake’s LC4 Formerly known as L0phtCrack Formerly known as L0phtCrack LC4 is available free to the public for a 15-day trial period LC4 is available free to the public for a 15-day trial period Cracks Windows NT/2000 passwords Cracks Windows NT/2000 passwords LC4 uses brute force, dictionary cracking, and hybrid cracking features to guess passwords LC4 uses brute force, dictionary cracking, and hybrid cracking features to guess passwords LC4 offers the option of cracking the newer NT hashes, or the older LanManager hashes, which can be done much quicker because the algorithm has been reverse engineered LC4 offers the option of cracking the newer NT hashes, or the older LanManager hashes, which can be done much quicker because the algorithm has been reverse engineered

@stake’s LC4 According in a technology corporation where password policy required that users passwords contained a minimum of 8 characters, including both lower and upper cases, and either numbers or special symbols. Running LC4 on a Pentium II/300 system, 18% of the company’s passwords were gathered in as little as 18 minutes, and 90% of the passwords were obtained within 48 hours. Even the system administrator and most domain administrator passwords were cracked. According in a technology corporation where password policy required that users passwords contained a minimum of 8 characters, including both lower and upper cases, and either numbers or special symbols. Running LC4 on a Pentium II/300 system, 18% of the company’s passwords were gathered in as little as 18 minutes, and 90% of the passwords were obtained within 48 hours. Even the system administrator and most domain administrator passwords were cracked.

How LC4 works User must gain access to the NT Security Accounts Manager (SAM), which contains the usernames and encrypted passwords of all users on the system User must gain access to the NT Security Accounts Manager (SAM), which contains the usernames and encrypted passwords of all users on the system The passwords in the SAM file are encrypted using a one way hash cryptographic function The passwords in the SAM file are encrypted using a one way hash cryptographic function LanManager LanManager NT hashing NT hashing

Ways to obtain the SAM The SAM is locked and protected by the operating system; however, there are vulnerabilities in the NT system that will allow access to the file The SAM is locked and protected by the operating system; however, there are vulnerabilities in the NT system that will allow access to the file Boot the system to an alternate OS, such as DOS Boot the system to an alternate OS, such as DOS The SAM file will then be open for anyone to access. The SAM file will then be open for anyone to access.

Ways to obtain the SAM Whenever the NT repair disk utility is executed, a compressed version of the SAM is stored in the system root repair directory Whenever the NT repair disk utility is executed, a compressed version of the SAM is stored in the system root repair directory This backup copy of the SAM is left in the open. This backup copy of the SAM is left in the open. LC4 can extract and uncompress this backup copy. LC4 can extract and uncompress this backup copy.

Ways to Obtain the SAM If a user has administrative access to a system, he can extract the hashes from the SAM If a user has administrative access to a system, he can extract the hashes from the SAM Force another process with system administrator privileges to load and execute the malicious DLL code into its own address space Force another process with system administrator privileges to load and execute the malicious DLL code into its own address space Gain access to the password hashes without having to do decrypt any of the passwords Gain access to the password hashes without having to do decrypt any of the passwords

Protecting Against LC4 Maintain a strong password! Maintain a strong password! LanManager hash – passwords are stored into two seven character segments. LanManager hash – passwords are stored into two seven character segments. Keep your password either 7 characters, or 14 characters Keep your password either 7 characters, or 14 characters

John the Ripper Popular UNIX password cracking program Popular UNIX password cracking program Similar to LC4, uses brute force, dictionary cracking, and hybrid cracking techniques Similar to LC4, uses brute force, dictionary cracking, and hybrid cracking techniques Can configure itself to detect the kind of encryption function used in hashing for that particular version of UNIX Can configure itself to detect the kind of encryption function used in hashing for that particular version of UNIX

Password Sniffing Work across networks Work across networks Can obtain any information passed across the data link layer Can obtain any information passed across the data link layer Majority of popular applications pass cleartext passwords across the network, such as FTP, telnet, HTTP Majority of popular applications pass cleartext passwords across the network, such as FTP, telnet, HTTP

Dsniff A free popular sniffing program A free popular sniffing program Runs on UNIX platforms Runs on UNIX platforms Can sniff data by: Can sniff data by: Overloading the LAN Overloading the LAN Manipulate the Address Resolution Protocol (ARP) Manipulate the Address Resolution Protocol (ARP) Spoofing fake DNS responses Spoofing fake DNS responses “Monkey in the middle” attacks “Monkey in the middle” attacks

Dniff: Overloading the LAN Method 1: Method 1: Overloading the LAN with random MAC addresses Overloading the LAN with random MAC addresses The network switch will try to store all of the incoming MAC addresses The network switch will try to store all of the incoming MAC addresses Since it won’t be able to, it will forward data onto all the links connected to the switch Since it won’t be able to, it will forward data onto all the links connected to the switch Dsniff can then gather the data as it is being forwarded out from the links Dsniff can then gather the data as it is being forwarded out from the links

Dsniff: ARP manipulation The Address Resolution Protocol (ARP) maps IP addresses to MAC addresses. The Address Resolution Protocol (ARP) maps IP addresses to MAC addresses.

Dsniff: ARP manipulation Dsniff tool: Arpspoof Dsniff tool: Arpspoof Change the mappings associated with IP and MAC addresses to reroute data Change the mappings associated with IP and MAC addresses to reroute data Dnsspoof Dnsspoof Generates fake DNS responses to track people into entering information into what they believe is a legitimate website. Generates fake DNS responses to track people into entering information into what they believe is a legitimate website.

Dsniff Webmitm Webmitm Used in conjunction with Dnsspoof to send the user to another website Used in conjunction with Dnsspoof to send the user to another website Can generate fake digital certificates to trick the victim into creating an SSL or SSH connection Can generate fake digital certificates to trick the victim into creating an SSL or SSH connection Make sure you read the digital certificates before you accept! Make sure you read the digital certificates before you accept!

The End

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.