Date post: | 18-Jul-2015 |
Category: |
Internet |
Upload: | tutun-juhana |
View: | 205 times |
Download: | 0 times |
ATTACKS#1
T U T U N J U H A N A T E L E C O M M U N I C A T I O N E N G I N E E R I N G
S C H O O L O F E L E C T R I C A L E N G I N E E R I N G & I N F O R M A T I C S
I N S T I T U T T E K N O L O G I B A N D U N G
ET4045Telecommunication Network Security
Password Guessing3
Hackers can use information he knows about us to guess our password can be combined with Social Engineering
Brute Force Attack4
Every combination of character is tried until the password is broken
It can take very long time depending upon the complexity of the password
Dictionary Attack5
Password cracking using a dictionary
Dictionaries (wordlists) are raw text files consisting of one word or phrase per line Each line is a candidate match
The difference between a Dictionary and a brute-force attack is that a Dictionary contains a list of probable matches rather than all possible string combinationshttp://packetstormsecurity.com/Crackers/wordlists/
Rainbow table attack6
It trades off the time-consuming process of creating all possible password hashes by building a table of hashes in advance of the actual crack.
After this process is finished, the table, called a rainbow table, is used to crack the password, which will then normally only take a few seconds
In order for Rainbow Tables to be successful with large passwords, we need storage that is too big to be realisticRainbow Tables can only be used for passwords of up to a certain size, usually 10 characters
7
To combat rainbow table attack, saltsis used
A Salt is a randomly generated string that is appended to each password before hashing it
Salting makes Rainbow Tables unusable because identical passwords result in a different hash every time with the addition of the salt and therefore all pre-computed tables cannot be used anymore
However, not all systems have incorporated salting so Rainbow Tables might still be usable in those cases
SALTING
Phishing8
A phishing email leads the unsuspecting reader to a faked online banking, payment or other site in order to login
E-mail in my Zimbra inbox
Keystroke Loggers (keyloggers)9
Keyloggers intercept the target’s keystrokes and either save them in a file to be read later, or transmit them to a predetermined destination accessible to the hacker