18 hacking
-
Upload
sai-srinivas -
Category
Technology
-
view
923 -
download
3
description
Transcript of 18 hacking
CONTENTSCONTENTS
What is HACKING?What is HACKING? Area’s affectedArea’s affected Password crackingPassword cracking Principle attack methodsPrinciple attack methods PMP solutionPMP solution How to protect our selfHow to protect our self conclusionconclusion
INTRODUCTION
Hacking became a buzzword for the world of security.
Unauthorized access of informationHacker: enthusiastic and intelligent
programmerCracker: misuser of his knowledge
AREA’S AFFECTED
PASSWORD CRACKING
Process of retrieving passwordsWhat a cracker do?
Concentrating on infrastructure and applications
Common approach: Brute-force Vulnerability of passwordsDisadvantages
Password management
Way of storingFor a single systemFor an organization or in the web
In single system
In an organization or web
Approach of attacker
BACKGROUND FOR PASSWORD CRACKING
Trojan horse attack
Trojan horse attackVirus program
Social engineering
Reading password verification database
Intercepting hashed passed over an open network
Gaining access to hashed passwords
PRINCIPLE ATTACK METHODS
Weak encryptionGuessingDictionary attackBrute-force attackPre-computationsalting
An example cracking sesssion
• SQL> alter user scott identified by gf4h7;• User altered.• SQL> select password from dba_users where
username='SCOTT';• PASSWORD• ------------------------------• EF2D6ED2EDC1036B• D:\orabf>orabf EF2D6ED2EDC1036B:SCOTT –c 3 –m 5• orabf v0.7.2, (C)2005 [email protected]• ---------------------------------------• Trying default passwords• Starting brute force session• press 'q' to quit. any other key to see status• password found:SCOTT:GF4H7• 29307105 passwords tried. elapsed time 00:00:40.
t/s:715700
PMP solution
Need for thispasswords at various levels.Mismanagement of privileged passwords.
Features
Secure, Centralized Repository of Passwords. Manage shared administrative passwords. Role based access control for users. Ad/ldap integration. Enforcement of password policies. Remote password synchronization. Auditing all user access to passwords. Personal password management for users. Access through any web browser.
Look after….
Use good passwords and keep them secure Backup your data Report incidents/vulnerabilities Secure your workplace Keep your Anti-Virus software up-to-date Keep your operating system and application software
patched Use e-mail carefully Don’t download indiscriminately or run “unknown”
programs Classify all documents containing sensitive information Dispose of sensitive information appropriately Ensure you comply with all legal requirements
CONCLUSION
Who ever the cause for this problem whether user, organization, or cracker we should secure our-self with the un authorized activity of cracking.
http://www.toolcrypt.orghttp://www.passwordcrackers.comhttp://www.google.co.in