Dictionary Attack
Crack program hashes the dictionary words and compares the resulting message digest with the system password file that also stores its passwords in a one-way hashed format. If the hashed values match, it means a password has just been uncovered.
Countermeasures
To properly protect an environment against dictionary and other password attacks, the following practices should be followed:
- Do not allow passwords to be sent in cleartext.
- Encrypt the passwords with encryption algorithms or hashing functions.
- Employ one-time password tokens.
- Use hard-to-guess passwords.
- Rotate passwords frequently.
- Employ an IDS to detect suspicious behavior.
- Use dictionary-cracking tools to find weak passwords chosen by users.
- Use special characters, numbers, and upperand lowercase letters within the password.
- Protect password files.
剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记:5.11 针对访问控制的攻击
