CISSP考试指南笔记:5.11 针对访问控制的攻击

2021-03-02 10:51:44 浏览数 (3)

Dictionary Attack


Crack program hashes the dictionary words and compares the resulting message digest with the system password file that also stores its passwords in a one-way hashed format. If the hashed values match, it means a password has just been uncovered.

Countermeasures

To properly protect an environment against dictionary and other password attacks, the following practices should be followed:

  • Do not allow passwords to be sent in cleartext.
  • Encrypt the passwords with encryption algorithms or hashing functions.
  • Employ one-time password tokens.
  • Use hard-to-guess passwords.
  • Rotate passwords frequently.
  • Employ an IDS to detect suspicious behavior.
  • Use dictionary-cracking tools to find weak passwords chosen by users.
  • Use special characters, numbers, and upperand lowercase letters within the password.
  • Protect password files.

剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记:5.11 针对访问控制的攻击

0 人点赞