CISSP考试指南笔记：5.11 针对访问控制的攻击

Dictionary Attack

Crack program hashes the dictionary words and compares the resulting message digest with the system password file that also stores its passwords in a one-way hashed format. If the hashed values match, it means a password has just been uncovered.

Countermeasures

To properly protect an environment against dictionary and other password attacks, the following practices should be followed:

• Do not allow passwords to be sent in cleartext.
• Encrypt the passwords with encryption algorithms or hashing functions.
• Employ one-time password tokens.
• Use hard-to-guess passwords.
• Rotate passwords frequently.
• Employ an IDS to detect suspicious behavior.
• Use dictionary-cracking tools to find weak passwords chosen by users.
• Use special characters, numbers, and upperand lowercase letters within the password.
• Protect password files.

剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记：5.11 针对访问控制的攻击