Reconnaissance is somewhat analogous to a thief investigating a neighborhood for
vulnerable homes, such as an unoccupied residence or a house with an easy-to-open door
or window. In many cases, intruders look for vulnerable services that they can exploit later
when less likelihood that anyone is looking exists.
30 Chapter 1: Building a Simple Network
Access Attacks
Access attacks exploit known vulnerabilities in authentication services, FTP services, and
web services to gain entry to web accounts, con?¬?dential databases, and other sensitive
information.
Password Attacks
A password attack usually refers to repeated attempts to identify a user account, password,
or both. These repeated attempts are called brute-force attacks. Password attacks are
implemented using other methods, too, including Trojan horse programs, IP spoo?¬?ng, and
packet sniffers.
A security risk lies in the fact that passwords are stored as plaintext. You need to encrypt
passwords to overcome risks. On most systems, passwords are processed through an
encryption algorithm that generates a one-way hash on passwords. You cannot reverse a
one-way hash back to its original text. Most systems do not decrypt the stored password
during authentication; they store the one-way hash.
Pages:
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63