CHECK LIST FOR PROTECTION

A protection check list

Here is a checklist of things you can do to make password cracking more difficult:

1. Audit your organization! Do a walk through and make sure passwords are not stuck to monitors or under keyboards.
2.  Set up dummy accounts. Get rid of the administrator (or admin) account or set it up as a trap and audit it for attempts.
3.  Use strong, difficult to guess passwords, and never leave a console unlocked.
4.  Backups are necessary in case you are compromised. You need a working set of data, so make sure you have it. Keep the tapes secure too, or the data there will be compromised as well.
5.  Prevent dumpster diving. Don't throw sensitive information away; shred it or lock it up.
6.  Check IDs and question people you don't know. When you have visitors, check them out and make sure they belong.
7. Educate your end users. Make sure they aren't prone to social engineering and educate and remind internal users of the company's security policies.

ABOUT HACKING TOOLS

Tools of the trade

One of the most popular tools is L0phtCrack (now called LC4). L0phtCrack is a tool that allows an attacker to take encrypted Windows NT/2000 passwords and convert them to plain text. NT/2000 passwords are in cryptographic hashes and cannot be read without a tool like L0phtCrack. It works by attempting every alphanumeric combination possible to try to crack passwords.

METHODS OF HACKING

Password cracking doesn't always involve sophisticated tools. It can be as simple as finding a sticky note with the password written on it stuck right to the monitor or hidden under a keyboard. Another crude technique is known as "dumpster diving," which basically involves an attacker going through your garbage to find discarded documentation that may contain passwords.

Of course attacks can involve far greater levels of sophistication. Here are some of the more common techniques used in password cracking: