Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIS 450 – Network Security Chapter 10 – UNIX Password Crackers.

Published byCoral Bates Modified over 9 years ago

Similar presentations

Presentation on theme: "CIS 450 – Network Security Chapter 10 – UNIX Password Crackers."— Presentation transcript:

1 CIS 450 – Network Security Chapter 10 – UNIX Password Crackers

2 Easiest way to identify weak passwords in a UNIX environment is to utilize UNIX password cracker tools Where are Passwords stored in UNIX? Non-sensitive information in /etc/passwd, which is world readable The hashed passwords stored in /etc/shadow with only those with root access can read the shadow file

3 How Does UNIX Encrypt Passwords Uses an encryption algorithm called Crypt to encrypt its passwords http://fooassociates.com/phpfer/html/rn58re1161.ht ml http://fooassociates.com/phpfer/html/rn58re1161.ht ml Uses DES, Blowfish, and MD5 algorithmsDES BlowfishMD5

4 UNIX Password Cracking Programs Master List http://neworder.box.sk/box.php3?gfx=neworder&prj=neword er&key=passhack&txt=Unix%20password%20crackers http://neworder.box.sk/box.php3?gfx=neworder&prj=neword er&key=passhack&txt=Unix%20password%20crackers Crack http://www.crypticide.com/users/alecm/security/c50a.txt John the Ripper http://www.openwall.com/john/ XIT http://neworder.box.sk/codebox.search.php?srch=xit Slurpie Similar to John The Ripper and Crack except it is designed to run on multiple computers simultaneously, creating a distributed password cracking attack. http://www.ussrback.com/distributed.htm

5 Protecting Against UNIX Password Crackers Have a strong password policy – pages 377 - 378 Use shadow files – page 378 Use one-time passwords – passwords change every time use logs on – page 379 Use biometric authentication – authenticates a user based on human factors – page 380 Use UNIX Password Programs to enforce strong passwords General information – page 380 http://www.foobargeek.com/docs/epasswd.html Passwd+ http://www.securityfocus.com/tools/1065 Npasswd http://www.utexas.edu/cc/unix/software/npasswd/doc/ Epasswd http://www.nas.nasa.gov/Groups/Security/epasswd/

6 Protecting Against UNIX Password Crackers Audit access to key files – normally only way to detect the attack is to catch them when the password or shadow file is being accessed - page 381 Scan for cracking tools – page 381 Keep inventory of active accounts – company should have a policy for checking active accounts & removing accounts that are no longer active – page 381 Limit who has access to root – page 382

Download ppt "CIS 450 – Network Security Chapter 10 – UNIX Password Crackers."

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Password CrackingSECURITY INNOVATION ©2003 1 Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.

Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 Intruders.

1 Ola Flygt Växjö University, Sweden Intruders.
Anti-Hacker Tool Kit Password Cracking Brute-Force Tools Chapter 9

Anti-Hacker Tool Kit Password Cracking Brute-Force Tools Chapter 9
Chapter 3 Passwords Principals Authenticate to systems.

Chapter 3 Passwords Principals Authenticate to systems.
Password Attacks Mike. Guessing Default Passwords Many applications and operating systems include built-in default passwords. Lazy administrators Database.

Password Attacks Mike. Guessing Default Passwords Many applications and operating systems include built-in default passwords. Lazy administrators Database.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Linux Security.

Linux Security.
Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.

Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
CSE 461 INTEGRITY CHECKING AND HASHING. JOKE: TELNET.

CSE 461 INTEGRITY CHECKING AND HASHING. JOKE: TELNET.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
FORESEC Academy FORESEC Academy Security Essentials (II)

FORESEC Academy FORESEC Academy Security Essentials (II)
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Similar presentations

Ads by Google