Dictionary Attack
Crack program hashes the dictionary words and compares the resulting message digest with the system password file that also stores its passwords in a one-way hashed format. If the hashed values match, it means a password has just been uncovered.
Countermeasures
To properly protect an environment against dictionary and other password attacks, the following practices should be followed:
-
Do not allow passwords to be sent in cleartext.
-
Encrypt the passwords with encryption algorithms or hashing functions.
-
Employ one-time password tokens.
-
Use hard-to-guess passwords.
-
Rotate passwords frequently.
-
Employ an IDS to detect suspicious behavior.
-
Use dictionary-cracking tools to find weak passwords chosen by users.
-
Use special characters, numbers, and upperand lowercase letters within the password.
-
Protect password files.
剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记:5.11 针对访问控制的攻击