Datasheet
1042
Identifying Types of Attacks
✦ One text file contains the most popular user accounts found on net-
works, such as administrator, admin, and root.
✦ The second text file contains a list of all the words in the English dic-
tionary, and then some. You can also get dictionary files for different
languages.
The program then tries every user account in the user account file with
every word in the dictionary file, attempting to determine the password for
the user account.
To protect against a dictionary attack, be sure employees use strong pass-
words that mix letters and numbers. This way, their passwords are not
found in the dictionary. Also, passwords are normally case sensitive, so
educate users on the importance of using both lowercase and uppercase
characters. That way, a hacker not only has to guess the password but also
the combination of uppercase and lowercase characters.
Also remind users that words found in any dictionary are unsafe for pass-
words. This means avoiding not only English words, but also French,
German, Hebrew . . . even Klingon!
Hackers can also perform a brute force attack. With a brute force attack,
instead of trying to use words from a dictionary, the hacker uses a program
that tries to figure out your password by trying different combinations of
characters. Figure 1-1 shows a popular password-cracking tool known as
LC4. Tools like this are great for network administrators to audit how strong
their users’ passwords are.
Figure 1-1:
Cracking
passwords
with LC4.
49_487389-bk09ch01.indd 104249_487389-bk09ch01.indd 1042 9/10/09 11:03 PM9/10/09 11:03 PM