Re: Cracking Passwords in Mere Seconds
From: dave wahl (dwahl_at_speakeasy.net)
Date: 08/01/03
- Next message: Marty Strasser: "Internet Explorer Security Problem"
- Previous message: Lars M. Hansen: "Re: Virtual Private Network - Beware it's a Hackers Secret"
- In reply to: Steven L Umbach: "Re: Cracking Passwords in Mere Seconds"
- Next in thread: Steven L Umbach: "Re: Cracking Passwords in Mere Seconds"
- Reply: Steven L Umbach: "Re: Cracking Passwords in Mere Seconds"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Jul 2003 15:04:34 -0700
thanks for replies. luckily i have no down level clients, so kerberos is in
full effect (hell, so is ipsec). i forgot about the insider angle, which is
prob very common on a business LAN (mine is home-based, and my wife is not a
hacker ;>). i have exchange server with https, which seems to be pretty
secure.
renaming the administrator account should handle the admin no lockout
problem...
with all the latest patches & serv paks installed, a firewall or 2, high sec
GPOs (with complex passwords), renaming the admin account, monitoring event
viewer and router logs, etc...the LAN should be protected. of course i only
have a SOHO lan, so may be a bit EZer than say, a multi site/domin business.
thanks again.
dave
***
"Steven L Umbach" <sumbach@ameritech.net> wrote in message
news:bTeWa.30091$BM.9743125@newssrv26.news.prodigy.com...
> I need to add that the firewall is an absolute must to protect
against
> these attacks remotely [and extracting user/ group names], though they can
> also be launched from inside the network by a maliciuos user. Auditing of
> account and logon events success/failure must also be part of a system to
> detect and respond to such attacks - at least on domain controllers and
> computers with sensitive data. Also keep in mind that "the" administrator
> account by default can not be locked out. Passprop is supposed to allow
> administrator account to be locked out to remote attempts though. ---
Steve
>
> "Steven L Umbach" <sumbach@ameritech.net> wrote in message
> news:tIeWa.30087$BM.9741309@newssrv26.news.prodigy.com...
> > Apparently they are doing this against a local sam file that they
> had
> > physical access to. Anytime somebody has unfetterd physical access to a
> > computer there is great risk in cracking/resetting passwords, and this
is
> > why physical access to domain controllers must be prevented. Password
> hashes
> > can also be sniffed off of a network which again requires an "ear" on
your
> > network. It is also possible to capture a hash unknowingly sent over the
> > internet. There are different types of authentication methods for MS -
lan
> > manager, nt lan manager, nt lan managerv2, and kerberos. The ancient lan
> > manager [ lm] is apparently what the article is about and is used for
> > Windows 95, 98, ME. Ntlmv2 is much harder to crack and kerberos even
more
> > secure.
> >
> > To answer your question - yes account policies that include account
> > lockout and complex passwords will effectively thwart this kind of
attack
> > againt a computer remotely. To reduce risk of hashes being sniffed off
of
> > the network and cracked, use at least ntlmv2 authentication if you have
> > downlevel clients and use complex passwords, particularly for sensitive
> > accounts such as domain administrator. I wonder how long it would thake
> them
> > to crack [H69!!kk32*?8f as a password using ntlmv2? Domain
administrator
> > and those on machines with sensitive information should change there
> > passwords on a regular basis. Those accounts should also only be used
when
> > absolutely necessary and only on specific trusted/hardened machines [no
> > cameras watching or keyboard loggers]. --- Steve
> >
> > "dave wahl" <dwahl@speakeasy.net> wrote in message
> > news:xnOdnT-h3KEF87SiXTWJkg@speakeasy.net...
> > > This article below discusses an advanced method of cracking Win
> passwords
> > > (supposedly). It's a good article, but I have a simple question: will
> > > someone who is attempting a crack be denied access if strong group
> > policies
> > > are applied to a domain? For example, I have a SOHO LAN I administer,
> with
> > > one policy locking users out after 3 failed attempts. How exactly are
> they
> > > attempting this crack? At a logon screen? If so, although they can try
> for
> > a
> > > long time on a solo Win 98 PC which uses a simple DSL connection,
> wouldn't
> > > it be near impossible to crack a Win 2K/XP system/domain account which
> is
> > > either a) behind a firewall, b) connected with strong GPO, c) locking
> the
> > > accounts after a few failed attempts, d) requiring complex passwords
> > or....
> > > all of the above?
> > >
> > > It's a serious question, because otherwise the method described here
> seems
> > > too EZ.
> > >
> > > http://www.msnbc.com/news/943000.asp?0cl=cR&cp1=1
> > >
> > > [apologies if this issue was already discussed here]
> > >
> > > Dave
- Next message: Marty Strasser: "Internet Explorer Security Problem"
- Previous message: Lars M. Hansen: "Re: Virtual Private Network - Beware it's a Hackers Secret"
- In reply to: Steven L Umbach: "Re: Cracking Passwords in Mere Seconds"
- Next in thread: Steven L Umbach: "Re: Cracking Passwords in Mere Seconds"
- Reply: Steven L Umbach: "Re: Cracking Passwords in Mere Seconds"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
