Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Password Cracking programs?
- Thread starter fenstrat
- Start date
If you are talking about someone booting from a floppy or CD and attempting to crack, you can disable all boot devices except for the HD and password protect the BIOS.
I don't have a good answer on a running machine other than limiting user rights and file permission on the Winnt folder.
I don't have a good answer on a running machine other than limiting user rights and file permission on the Winnt folder.
Sensibilium
Programmer
Unfortunately BIOS passwords are the easiest of passwords to crack. Just take the battery out for 10 seconds, and hey presto! No BIOS password.
An extra level of protection... Security Auditing. If you find a lot of successive failed logon attempts in the Event log, someone is trying to crack your password(s). Not amazingly helpful, but at least you get a heads up.
Ahdkaw
An extra level of protection... Security Auditing. If you find a lot of successive failed logon attempts in the Event log, someone is trying to crack your password(s). Not amazingly helpful, but at least you get a heads up.
Ahdkaw
NickFerrar
MIS
With complex passwords enabled you are already pretty well protected, brute force attacks can still be successful but it would take a huge amount of time and CPU power.
The other main protection is auditing as the guy above said, with management software you can take this a step further and have automated alert notifications when suspicious activity occurs.
We also enable account lock-outs after 3 invalid attempts which makes brute force cracking a lot harder although it does increase the admin overhead.
The other main protection is auditing as the guy above said, with management software you can take this a step further and have automated alert notifications when suspicious activity occurs.
We also enable account lock-outs after 3 invalid attempts which makes brute force cracking a lot harder although it does increase the admin overhead.
If you are using Win2k, NT, or XP. Make sure the user doesn't have rights to install software. Also remove access to the default Microsoft backup utility in win2k/xp and the rdisk command in NT4. There isn't much you can do for 95/98. The backup utility and rdisk allow the user to make a copy of the local account database (SAM) and crack it on another machine they have access to install software on. Lopht crack works this way.
It should be metioned that the backup of the SAM created with the MS backup utility on Win2k and XP is encrypted with SYSKEY. Therefore they are pretty safe. Untill someone comes up with a way around that.
It should be metioned that the backup of the SAM created with the MS backup utility on Win2k and XP is encrypted with SYSKEY. Therefore they are pretty safe. Untill someone comes up with a way around that.
- Status
Similar threads
- Locked
- Question