Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.

Published byBarnaby Elmer Howard Modified over 9 years ago

Similar presentations

Presentation on theme: "The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley."— Presentation transcript:

1 The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley

2 Outline Trojan Horses Trojan Horses Buffer Overflow Buffer Overflow Login Scripting Login Scripting Password Cracking Password Cracking LC4 (L0phtCrack) LC4 (L0phtCrack)

3 Types of Attacks Dictionary Attack: Guessing every single word from an electronic dictionary Dictionary Attack: Guessing every single word from an electronic dictionary Syllable Attack: Used when a password is transformed into a nonexistent word and the cracker can combine the syllables to get such a word. Syllable Attack: Used when a password is transformed into a nonexistent word and the cracker can combine the syllables to get such a word. Rule-based Attack: Used in any case when the cracker obtains some information about the password he wants to crack. This information can decrease the number of possible passwords by 20-30 times. This method includes all - brute force, dictionary and syllable attacks. Rule-based Attack: Used in any case when the cracker obtains some information about the password he wants to crack. This information can decrease the number of possible passwords by 20-30 times. This method includes all - brute force, dictionary and syllable attacks.

4 Protecting Your Password Choose software that uses strong cryptography and implements it correctly. Choose software that uses strong cryptography and implements it correctly. Choose non-words, mixed-case letters and digits Choose non-words, mixed-case letters and digits Do not use the same password for different systems or for different internet sites. Do not use the same password for different systems or for different internet sites. Do not write down your password and leave it near your desktop. Do not write down your password and leave it near your desktop.

5 Trojan Horses The name comes from a story in Homer’s Iliad The name comes from a story in Homer’s Iliad Trojan horse is defined as a "malicious, security- breaking program that is disguised as something benign." Trojan horse is defined as a "malicious, security- breaking program that is disguised as something benign."defined Rely on users to install them, or they can be installed by intruders who have gained unauthorized access by other means Rely on users to install them, or they can be installed by intruders who have gained unauthorized access by other means They hook themselves into the victim’s operating system and always come packaged with two files – the client file and the server file They hook themselves into the victim’s operating system and always come packaged with two files – the client file and the server file

6 Well Known Trojan Functions Managing files on the victim computer Managing files on the victim computer Managing processes Managing processes Remote activation of commands Remote activation of commands Intercepting keystrokes Intercepting keystrokes Restarting and closing down infected hosts Restarting and closing down infected hosts

7 Protecting Against Trojans System administrators should verify software installed System administrators should verify software installed Use cryptographically strong validation for all software Use cryptographically strong validation for all software Use lowest priority Use lowest priority Install and configure a tool such as Tripwire Install and configure a tool such as Tripwire Bring awareness Bring awareness Use firewalls and virus products that are aware of popular Trojan horses Use firewalls and virus products that are aware of popular Trojan horses Do not rely on timestamps, file sizes, or other file attributes when trying to determine if a file contains a Trojan horse Do not rely on timestamps, file sizes, or other file attributes when trying to determine if a file contains a Trojan horse

8 Buffer Overflow A buffer is a contiguous allocated chunk of memory, such as an array or a pointer in C. In C and C++, there are no automatic bounds checking on the buffer, which means a user can write past a buffer. A buffer is a contiguous allocated chunk of memory, such as an array or a pointer in C. In C and C++, there are no automatic bounds checking on the buffer, which means a user can write past a buffer. Malicious programs attempt to write beyond the allocated memory for the buffer, which might result in unexpected behavior. Malicious programs attempt to write beyond the allocated memory for the buffer, which might result in unexpected behavior.

9 Login Scripting Guess passwords by using brute force methods. Guess passwords by using brute force methods. These programs attempt to guess the correct password by running some form of text file, such as an online dictionary file, as the password, and using the guess in combination with a username to log in These programs attempt to guess the correct password by running some form of text file, such as an online dictionary file, as the password, and using the guess in combination with a username to log in Simple, can be written in as few as 40 lines of PERL code. Simple, can be written in as few as 40 lines of PERL code.

10 Drawbacks Login timeouts Login timeouts Very time consuming Very time consuming Locks on accounts Locks on accounts

11 Password Cracking Password files would have to be obtained beforehand in order for this method to work Password files would have to be obtained beforehand in order for this method to work A password cracking program takes a dictionary text file, and performs the hash on all of the words in the file. These hashed words are then compared with the values in the encrypted password file. A password cracking program takes a dictionary text file, and performs the hash on all of the words in the file. These hashed words are then compared with the values in the encrypted password file. Can be run on the hacker’s local machine Can be run on the hacker’s local machine Efficient, no login has to take place. Efficient, no login has to take place.

12 @stake’s LC4 Formerly known as L0phtCrack Formerly known as L0phtCrack LC4 is available free to the public for a 15-day trial period LC4 is available free to the public for a 15-day trial period Cracks Windows NT/2000 passwords Cracks Windows NT/2000 passwords LC4 uses brute force, dictionary cracking, and hybrid cracking features to guess passwords LC4 uses brute force, dictionary cracking, and hybrid cracking features to guess passwords LC4 offers the option of cracking the newer NT hashes, or the older LanManager hashes, which can be done much quicker because the algorithm has been reverse engineered LC4 offers the option of cracking the newer NT hashes, or the older LanManager hashes, which can be done much quicker because the algorithm has been reverse engineered

13 @stake’s LC4 According to @stake, in a technology corporation where password policy required that users passwords contained a minimum of 8 characters, including both lower and upper cases, and either numbers or special symbols. Running LC4 on a Pentium II/300 system, 18% of the company’s passwords were gathered in as little as 18 minutes, and 90% of the passwords were obtained within 48 hours. Even the system administrator and most domain administrator passwords were cracked. According to @stake, in a technology corporation where password policy required that users passwords contained a minimum of 8 characters, including both lower and upper cases, and either numbers or special symbols. Running LC4 on a Pentium II/300 system, 18% of the company’s passwords were gathered in as little as 18 minutes, and 90% of the passwords were obtained within 48 hours. Even the system administrator and most domain administrator passwords were cracked.

14 How LC4 works User must gain access to the NT Security Accounts Manager (SAM), which contains the usernames and encrypted passwords of all users on the system User must gain access to the NT Security Accounts Manager (SAM), which contains the usernames and encrypted passwords of all users on the system The passwords in the SAM file are encrypted using a one way hash cryptographic function The passwords in the SAM file are encrypted using a one way hash cryptographic function LanManager LanManager NT hashing NT hashing

15 Ways to obtain the SAM The SAM is locked and protected by the operating system; however, there are vulnerabilities in the NT system that will allow access to the file The SAM is locked and protected by the operating system; however, there are vulnerabilities in the NT system that will allow access to the file Boot the system to an alternate OS, such as DOS Boot the system to an alternate OS, such as DOS The SAM file will then be open for anyone to access. The SAM file will then be open for anyone to access.

16 Ways to obtain the SAM Whenever the NT repair disk utility is executed, a compressed version of the SAM is stored in the system root repair directory Whenever the NT repair disk utility is executed, a compressed version of the SAM is stored in the system root repair directory This backup copy of the SAM is left in the open. This backup copy of the SAM is left in the open. LC4 can extract and uncompress this backup copy. LC4 can extract and uncompress this backup copy.

17 Ways to Obtain the SAM If a user has administrative access to a system, he can extract the hashes from the SAM If a user has administrative access to a system, he can extract the hashes from the SAM Force another process with system administrator privileges to load and execute the malicious DLL code into its own address space Force another process with system administrator privileges to load and execute the malicious DLL code into its own address space Gain access to the password hashes without having to do decrypt any of the passwords Gain access to the password hashes without having to do decrypt any of the passwords

18 Protecting Against LC4 Maintain a strong password! Maintain a strong password! LanManager hash – passwords are stored into two seven character segments. LanManager hash – passwords are stored into two seven character segments. Keep your password either 7 characters, or 14 characters Keep your password either 7 characters, or 14 characters

19 John the Ripper Popular UNIX password cracking program Popular UNIX password cracking program Similar to LC4, uses brute force, dictionary cracking, and hybrid cracking techniques Similar to LC4, uses brute force, dictionary cracking, and hybrid cracking techniques Can configure itself to detect the kind of encryption function used in hashing for that particular version of UNIX Can configure itself to detect the kind of encryption function used in hashing for that particular version of UNIX

20 Password Sniffing Work across networks Work across networks Can obtain any information passed across the data link layer Can obtain any information passed across the data link layer Majority of popular applications pass cleartext passwords across the network, such as FTP, telnet, HTTP Majority of popular applications pass cleartext passwords across the network, such as FTP, telnet, HTTP

21 Dsniff A free popular sniffing program A free popular sniffing program Runs on UNIX platforms Runs on UNIX platforms Can sniff data by: Can sniff data by: Overloading the LAN Overloading the LAN Manipulate the Address Resolution Protocol (ARP) Manipulate the Address Resolution Protocol (ARP) Spoofing fake DNS responses Spoofing fake DNS responses “Monkey in the middle” attacks “Monkey in the middle” attacks

22 Dniff: Overloading the LAN Method 1: Method 1: Overloading the LAN with random MAC addresses Overloading the LAN with random MAC addresses The network switch will try to store all of the incoming MAC addresses The network switch will try to store all of the incoming MAC addresses Since it won’t be able to, it will forward data onto all the links connected to the switch Since it won’t be able to, it will forward data onto all the links connected to the switch Dsniff can then gather the data as it is being forwarded out from the links Dsniff can then gather the data as it is being forwarded out from the links

23 Dsniff: ARP manipulation The Address Resolution Protocol (ARP) maps IP addresses to MAC addresses. The Address Resolution Protocol (ARP) maps IP addresses to MAC addresses.

24 Dsniff: ARP manipulation Dsniff tool: Arpspoof Dsniff tool: Arpspoof Change the mappings associated with IP and MAC addresses to reroute data Change the mappings associated with IP and MAC addresses to reroute data Dnsspoof Dnsspoof Generates fake DNS responses to track people into entering information into what they believe is a legitimate website. Generates fake DNS responses to track people into entering information into what they believe is a legitimate website.

25 Dsniff Webmitm Webmitm Used in conjunction with Dnsspoof to send the user to another website Used in conjunction with Dnsspoof to send the user to another website Can generate fake digital certificates to trick the victim into creating an SSL or SSH connection Can generate fake digital certificates to trick the victim into creating an SSL or SSH connection Make sure you read the digital certificates before you accept! Make sure you read the digital certificates before you accept!

26 The End

Download ppt "The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley."

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Password CrackingSECURITY INNOVATION ©2003 1 Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.

Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.

Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.
Computer Viruses.

Computer Viruses.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Similar presentations

Ads by Google