In the next few blogs I’ll be covering a very interesting area of computing that deals with security and security related vulnerabilities. BUT first off lets cover the basics and answer the question at hand – What is security? And to answer this we’ll look at various definitions surrounding the question of computer security…
Computer security is a branch of computer technology known as Information Security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. The term computer system security means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively. – wikipedia computer security
I think the best way to approach such a broad spectrum is on a attack method and solution approach, and ending off with ‘security best practices’ in summary. So…
Computer attacks or hacks come in many forms and formats and this one is no stranger to the list… the inevitable password attack.
Security and Password Attack
This is the practice of breaking, cracking or guessing the password for a given application, operating system, encrypted file or website etc… There are two main types or common methods of password attacks that you’ll find:
- Brute Force Attack
The brute force attack is exactly what the name says, it forcefully tries every possible combination of attack known to the application being used in the attack. In a brute force attack longer passwords containing alpha numeric characters mixed with special characters will force this type of attack into a lengthy and timely process.If you think of a four digit password there are around 410 possible combinations to try in order to obtain the given password. However if you were to at alpha characters to the list you now increase the power increment by 26 not to mention if you had a character case sensitivity password rule this figure would grow extremely high. So you can see that the more complex the password the less likely the password would be brutally extracted by any application within a short period of time.
- Dictionary Attack
The dictionary attack is using a word list of preset passwords which is usually edit by the user to narrow down the possible combinations for a given attack. For example the user may want to use geographical or local names, landmarks, acquaintances or social slurs, names, places etc found on a social site to include on the word list for a dictionary attack.
It would my guess that more thought would have gone into this kind of attack as the user would have observed more closely the movements of the victim in order to refine the word list for better possible combinations.
So knowing how these attacks occur what are the sort of prevention methods could we use in making it problematic for the attacker to be successful.
- In the case of any password attack the best policy in terms of operating systems or applications is to have a lockout mechanism. This would prevent the password attack from achieving the goal within any short time period, in fact it would certainly become a good deterrent as the time factor vs goal factor would come into play, in other words the inevitable question would pose to the attacker – is it worth pursuing?
- In the case of brute force attacks, keeps your passwords long and complex as a deterrent. Remember though the downside to this is you’ll now have to try to remember them, or develop a system in which you can access them.
- NEVER use the same password for different applications and or different login systems or websites, as its pretty obvious what the downside will be.
- In the case of dictionary attacks, well try not be to obvious in your password selection. For example using the name of a spouse, a sibling or your favorite drink, birth year, anniversary etc… as a password as this would be the most logical starting point for any attacker building up a list of dictionary words to use in his attack. Try this go to Google for example and search something like ‘most common passwords’ which at the time of this article was searched 22 200 times/month.
Bottom line, try to be savvy when you deal with your passwords. Don’t try to give away clues to your passwords or to make it to easy for someone to guess your password. Stay safe – use your head…
Next up I’ll chat about Spoofing… ouch!
More on security issues soon as well as mobile security from Imaginet.
And our uncapped ADSL offers.
View our Site Creator Hosting package