Guessing Your Password
The simplest way to hack a password is to guess common passwords like "1234" or "password" or names of friends/spouses/children/pets such as "Claire" or "Fluffers". Defense: avoid using any names. Read Strong Passwords That Are Easy to Remember, Hard to Crack for password security tips.
Dictionary Hack
Hackers can use common dictionary text files with an automated tool which tries each dictionary word. Dictionary hack tools now try adding numbers or special characters to the end of the word such as "kitten123". Defense: avoid dictionary words and use a passphrase (e.g, My-kitten-is-black).
Dictionary Plus Leet Hack
If you've ever used number for letters in your password, then you've used leet. Common leet substitutions are, 1 for i, 4 for a, etc. So "Jim" with leet would be "J1m." A Dictionary Plus Leet hack uses a dictionary and employs leet substitutions so to hack the password "admin" it would try: admin, adm1n, 4dm1n. Defense: Use a complex passphrase (e.g., Optimus*Prime*rules)
Brute Force Hack
This is a more computationally intensive technique where random characters and numbers are used to crack a password. This technique may take a long time because it will try every conceivable combination of letters, numbers and special characters. Defense: use a long, complex password or passphrase of 12-characters or more.
Rainbow Tables
This is a newer and more sophisticated technique which requires a hacker to infiltrate your network and steal the password hashes generated by your operating system. The technique requires a lot of memory, storage and CPU power but can crack any complex 14 character password in minutes. Defense: high network security (firewall/VPN), physical security (locked doors/restricted access) and long 20+ character complex password or passphrase.
Keylogger
A hacker can easily plant a keylogger on your PC if your antivirus expires and is not renewed, if you get a zero-day virus (a virus which is unknown to your antivirus program) or if you have a weak firewall. Then they can easily steal your password no matter how long and complex it is. Defense: gateway/firewall antivirus and intrusion prevention plus desktop antivirus/anti-spyware.
Password Reset
Don't think that hackers aren't interested in your email or that your inbox doesn't have anything interesting to a hacker. If a hacker compromises your email (e.g., Gmail, Yahoo, Hotmail), then they can easily find messages from your bank which tells them which bank you use then they can request a password reset from your bank to gain access to your account. Defense: make your email password as strong as your bank password and use a complex passphrase.
Phishing
You've most likely received email (spam) requesting that you click on a link to login to your bank account or else your account will be deactivated. That is a cyber-criminal using a phishing technique to get you to give up your password and other information. Defense: use a good anti-spam service or program; be suspicious of email asking for your personal information even if it comes from someone you know and trust.
This sounds very scary but there are key actions you can take to protect yourself from a determined hacker:
- Use a complex passpharase (e.g., An*ounce*of*prevention*451).
- Use a good antivirus program and keep the subscription always active. Never let it lapse. Recommendations: AVG, Trend Micro, Eset, Avast!, or Symantec
- Run a virus and spyware scan each day: use a support service that offers automated daily maintenance.
- Use a good firewall with intrusion prevention. Recommendation: Sonicwall with Comprehensive Gateway Security Suite
- Configure security policies to lockout user accounts after 10 failed attempts.
- Keep servers and sensitive PCs and notebooks behind locked doors.
- Limit physical access to servers to only those personnel who require access.
- Consider encrypting hard drive especially in notebooks with sensitive data. Use a complex passphrase for the encryption key for maximum security.
- Use a good anti-spam service or program to protect against phishing scams.
Posts
0 comments:
Post a Comment