And although some of the tools like wireshark / ethereal, and tcpdump aren't password auditing tools, they can all aid in the help of testing whether or not your passwords are secure. The password tools that we've utilized (john, linnt, pwdump2, wireshark, tcpdump, and especially l0pth crack – just to name a few) have their benefits. Well, the truth of the matter is if you want to defend against a hacker, you need to see your network security through the mind and eyes of a hacker. It may seem that those malicious hackers and their tools need to beat it and get lost. Again, there are ways in forcing users to use stronger passwords, but this comes with a bad cost (writing passwords down, using sticky notes, etc). Password auditing can enable a corporation to understand what types of passwords are being used, and the strength. This can also range from words found in a dictionary, to passwords such as: For more information on password security, please see the countermeasures section. I have worked in organizations where the passwords were anything from the owners name, to the business name shortened with a two digit number affixed to the ending of the password.
In some organizations, and this can range from the SOHO/SMB and all the way up, passwords are not on the fore-front of the defensive listing.
0 kommentar(er)
