hands on network security practical tools methods
play

Hands-On Network Security: Practical Tools & Methods Security - PowerPoint PPT Presentation

Jan 07, 2023 •427 likes •750 views

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength & Cracking Roadmap Password

  1. Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012

  2. Hands-On Network Security Module 4 Password Strength & Cracking

  3. Roadmap • Password Authentication • How Passwords are Cracked • Countermeasures 04/12 cja 2012 3

  4. Password Authentication

  5. Password Representations • UNIX  DES “ Hashes ”  Old technology, but still around • Linux  Hashes  Salted SHA-512, SHA-256, MD5, Blowfish • Mac OS X  Hashes  Salted SHA-1 04/12 cja 2012 5

  6. UNIX “ Hash ” Generation • Password length 8 characters or less • 7 bits of each character used to generate 56-bit key • Key used to encrypt a constant using a variation of the DES algorithm MGoBlue1 Key DES ’ Constant (0x00000000) UNIX Hash zvktPWeeFzCVA 04/12 cja 2012 6

  7. UNIX “ Hash ” Considerations • It’s not a hash • Keyboard character set  Common alphanumeric set only  Character variations ≈ 126 • Maximum entropy ≈ 6.3*10 16 passwords • Salted 04/12 cja 2012 7

  8. Linux Hash Generation • Hash the password • Store it MGoBlue1 SHA-512 SHA-512 Hash $6$dmk52gd$TWOWIDs1q6/uZ.t49s.YkFQr3zeTGzrYwN33Ep2pdTKw � HekN/O2hK0QuSTtUYNmS5Homqtp9lA/jf0hWRE7Bb/ � 04/12 cja 2012 8

  9. Linux Hash Considerations • Keyboard character set  Common alphanumeric set only  Character variations ≈ 126 • Maximum length = 256 characters • Entropy for 256-character password ≈ 4.9*10 538 • Entropy for 20-character password from 126 character set ≈ 1.0*10 42 • Entropy for 20-character password from 69 “ keyboard ” character set ≈ 6.0*10 36 • Salted 04/12 cja 2012 9

  10. Linux Passwords • Passwords stored in  /etc/shadow readable only by root • Other per-user information stored in  /etc/passwd world readable • UNIX stored both in /etc/passwd ! 04/12 cja 2012 10

  11. Linux Hashes • Several hashes available • Use SHA-512! ID Method $1$ MD5 $2a$ Blowfish (some distros) $5$ SHA-256 $6$ SHA-512 (default) 04/12 cja 2012 11

  12. SHA-3 Hash Contest Update • MD5 broken, SHA-1&2 suspect • NIST competition for a SHA-3  Timeframe 2008-2012  51 candidates submitted for Round 1  14 candidates in Round 2  BLAKE, Blue Midnight Wish, CubeHash, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein  Final candidates announced December 10, 2010  BLAKE, Grøstl, JH, Keccak, and Skein  Final SHA-3 candidate conference held March 2012  http://csrc.nist.gov/groups/ST/hash/sha-3/Round3/March2012/index.html  SHA-3 standard to be published 2012 04/12 cja 2012 12

  13. Choosing A Password • Good • Bad  Pass phrases (much  people ’ s names longer than 8  dictionary/technical characters) words or phrases  miX cAsE  birth dates  places  digits/punctuation  common acronyms  control characters  backwards spelling  easy to remember  simple permutations  no words in any  8 characters or less language 04/12 cja 2012 13

  14. Choosing A Password 2012 • Good • Bad  Pass phrases (much  Everything else longer than 8 characters) 04/12 cja 2012 14

  15. How Passwords are Cracked

  16. Passive Online Attacks Man-in-the-Middle and Replay Attacks • Somehow get access to communications channel • Wait for authentication sequence • Proxy authentication-traffic • No need to brute-force • Considerations  Relatively hard to perpetrate  Must be trusted by one or both sides  Some tools widely available  Anyone remember MarketScore? 04/12 cja 2012 16

  17. Active Online Attacks Password guessing • Try different passwords until one works • Made easier by Bad passwords  Excessive information from server  Lack of password guessing controls  • Considerations Assuming good passwords, is this even feasible?   Common 8 character password space (69^8)  Password Expires in 90 days  Need to guess 3,964,493,629 pwds/sec  Need throughput of 253,727,592,310 bits/sec  Gigabit Ethernet = 1B bits/sec Easily detected and stopped  Core problem: Bad passwords  04/12 cja 2012 17

  18. Offline Attacks • Attacker has password database  Not that hard: Need to be admin (or steal the box) • Can attack at leisure – Attack types:  Dictionary attack  Very Fast  Core Problem: Bad Passwords  Brute Force attack  AlphaNumerics then AlphaNumerics + Upper Row Symbol, etc  Slow, but will eventually find all passwords  Hybrid  Start with Dictionary, Insert Entropy  Pre-computed Hashes  Rainbow tables  Time-space tradeoff • Considerations  Moore ’ s law 04/12 cja 2012 18

  19. John the Ripper • http://www.openwall.com/john/ • Fast, open-source password cracker  Created by Solar Designer  Active development group • Runs on Linux, Mac OS X, Solaris, Android, … • Handles DES, BSDI DES, FreeBSD MD5, OpenBSD Blowfish, Kerberos AFS DES, and LM DES hashes • Runs well on HPC clusters using Open MP • No GPU support yet  But see http://www.elcomsoft.com/edpr.html?r1=Openwall 04/12 cja 2012 19

  20. Lab: Crack Passwords 1. Install John the Ripper  cd; tar zxf /usr/local/lab/john/john-1.7.9.tar.gz; cd ~/john-1.7.9/doc Follow directions in INSTALL & README  2. Create test account with a weak password using MD5 hashing  sudo vi /etc/pam.d/system-auth  Change string sha512 to md5 in third paragraph  sudo useradd sucker sudo passwd sucker  3. Undo the change to system-auth you made in step 2. 4. Create test account with a weak password using SHA-512 hashing  sudo useradd trout sudo passwd trout  5. Obtain password hashes  cd ~/john-1.7.9/run; sudo ./unshadow /etc/passwd /etc/shadow >passwd.1 6. Crack  ./john passwd.1 04/12 cja 2012 20

  21. Lab: Crack Passwords • You can interrupt at any time, and restart with  ./john –restore • If you want to start over  rm john.pot restore • To display all passwords found so far  ./john --show /tmp/passwd.1 • To see how fast John is on your machine  ./john --test • When done, delete the test accounts and the local password and crack files!  sudo userdel sucker; sudo userdel trout  /bin/rm ~/john-1.7.9/run/{john.pot,passwd.1} 04/12 cja 2012 21

  22. Rainbow Tables • What if you precomputed the password hashes?  All Windows LM Hashes: 166 Terabytes  All Windows NT Hashes < 15 chars: 140,959,235,198 Exabytes • This would result in faster cracking, at the cost of storing all those hashes  This is the Time-Memory tradeoff  Implemented using hash chains  Clever way to link the hashes into chains  Only store 1 in 10,000 hashes • Rainbow tables improve on hash chains  Reduce collisions (overlapping chains) • Ineffective against salted hashes  Unix, Linux, and Mac OS X hashes are salted  Windows NT hashes are not 04/12 cja 2012 22

  23. Rainbow Tables • http://ophcrack.sourceforge.net/  Windows password cracker that uses rainbow tables  Cracks LM and NT hashes  Live CD support  Free tables for Windows XP and Vista (dictionary based)  For-fee tables for Vista (NTLM)  Seems to be moribund • http://www.freerainbowtables.com/  “Folding@home” distributed cracking model  Terabytes of tables  Free tables  For-fee tables  Seems to be quite active 04/12 cja 2012 23

  24. Countermeasures

  25. Policy-Based Mitigation • Develop a password policy  Require pass phrases  Greater than 15 mixed characters  Password expiration for all accounts  No password reuse (temporal and spatial)  Account lockout (where appropriate) • Physical security policy  Cornerstone for any security  No physical security = no security • No policy = no enforcement 04/12 cja 2012 25

  26. Pass Phrases v. Passwords • Pass phrases are long strings  “ I wish we’d use 2Factor authentication instead of passwords ”  Very strong protection against attacks  Easy to remember, a bit longer to type • Passwords are short complex strings  “ @Rag0Rnrul3z ”  Hard to remember  Often difficult to type  Not resistant against current attacks  Obvious substitutions are quickly broken • Take-away: Long easily-remembered phrases are better than short complex passwords http://xkcd.com/936/ 04/12 cja 2012 26

  27. Technology-Based Mitigation Multi-factor authentication • Why use passwords at all? • Smart cards  Two-factor authentication  Very difficult to thwart  High cost of initial deployment  Smart cards, tokens, readers, software, …  Long-term cost benefit  Idea: use your smartphone as your token  http://www.duosecurity.com/ 04/12 cja 2012 27

  28. Technology-Based Mitigation Multi-factor authentication • Biometrics  Measure some physical characteristic  Fingerprint, iris color distribution, retinal pattern, …  Usually defeated with non-technical attacks  Historically unreliable  False positives - bad guy authenticated  False negatives - legitimate user refused  Can be stolen  Iris scanners popular Courtesy WIkipedia 04/12 cja 2012 28

  29. Summary • Bad passwords get broken, even when using good storage and authentication methods! • Solutions 1. Use better passwords 2. Don ’ t let bad guys get the hashes • Combination of policy and technology 04/12 cja 2012 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 1 Fundamental Tools Roadmap Review of generally useful tools

592 views • 35 slides
Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 6 Firewalls &amp; VPNs Topics Firewall Fundamentals Case

881 views • 51 slides
Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Introduction Introduction Welcome to the course! Instructor: Dr.

678 views • 10 slides
Practical Network Security: Basic Tools &amp; Techniques Guevara Noubir Northeastern University

Practical Network Security: Basic Tools &amp; Techniques Guevara Noubir Northeastern University

Practical Network Security: Basic Tools &amp; Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu G. Noubir Tools 1 1 Lesson Outcomes: you need to be able to Describe and discuss the various security threats to

1.04k views • 39 slides
Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I Practical Formal Methods: 1 Need: Growing Importance and Cost of

278 views • 12 slides
Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for

Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for

Extrae &amp; Paraver Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for most of the hands on from the web site https://tools.bsc.es/tools-hands-on. No binaries are provided, but you can follow the

633 views • 24 slides
Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for

Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for

Clustering Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for most of the hands on from the web site https://tools.bsc.es/tools-hands-on. Clustering has to be executed on a Linux machine. &gt; ls

389 views • 6 slides
Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

www.liberouter.org Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST Regional Symposium for Europe Security Tools as a Service Flow monitoring overview Flow monitoring extended by application layer

1.99k views • 184 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

693 views • 45 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

1.71k views • 60 slides
Basic Tools &amp; Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu Counter

Basic Tools &amp; Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu Counter

Practical Network Security: Basic Tools &amp; Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu Counter Hack Reloaded, Ed Skoudis, 2005, Prentice-Hall. Threats to Communication Networks Security was an add-on to many network

456 views • 10 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Social Engineering Techniques, Methods, Tools &amp; Mitigation Panagiotis Gkatziroulis, Security

Social Engineering Techniques, Methods, Tools &amp; Mitigation Panagiotis Gkatziroulis, Security

Social Engineering Techniques, Methods, Tools &amp; Mitigation Panagiotis Gkatziroulis, Security Consultant Agenda Social Engineering Methodology Attacks &amp; Techniques Demos Tools of the trade Prevention Methods and Advice

502 views • 27 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 02/13 cja 2013 2 02/13 cja 2013 3 Introduction Welcome to the course! Instructor: Dr. Charles J.

1.24k views • 55 slides
Lecture #7 Eutrophication, limiting nutrients and the Mill River David A. Reckhow CEE 577 #7 1

Lecture #7 Eutrophication, limiting nutrients and the Mill River David A. Reckhow CEE 577 #7 1

Updated: 28 September 2017 Print version Lecture #7 Eutrophication, limiting nutrients and the Mill River David A. Reckhow CEE 577 #7 1 Cultural Eutrophication Many correlated WQ problems Floating mats of algae Low DO High P?

390 views • 7 slides
Mountain Cartography Workshop Banff, Alberta, Canada 2014 BackBone Cartographics WHERE

Mountain Cartography Workshop Banff, Alberta, Canada 2014 BackBone Cartographics WHERE

Mountain Cartography Workshop Banff, Alberta, Canada 2014 BackBone Cartographics WHERE MAPS ARE MADE Michael J. Fisher Cartographer Mountain Cartography Topographical Survey of Canada Forty Mile Creek Sheet - 1890 Ronald

701 views • 32 slides
An Experimental Comparison of Classification Algorithms for the Hierarchical Prediction of

An Experimental Comparison of Classification Algorithms for the Hierarchical Prediction of

An Experimental Comparison of Classification Algorithms for the Hierarchical Prediction of Protein Function Part of the BIASPROFS Project : www.cs.kent.ac.uk/projects/biasprofs Andy Secker, Alex Freitas (University of Kent) Matthew Davies,

763 views • 37 slides
r srt t t

r srt t t

r srt t t r srt t g ( x ) = w t x + 0 x s t t w s t t

91 views • 6 slides
Introduction CS 111 Operating System Principles Peter Reiher Lecture 1 CS 111 Page 1 Fall

Introduction CS 111 Operating System Principles Peter Reiher Lecture 1 CS 111 Page 1 Fall

Introduction CS 111 Operating System Principles Peter Reiher Lecture 1 CS 111 Page 1 Fall 2016 Outline Administrative materials Introduction to the course Why study operating systems? Basics of operating systems Lecture 1

1.15k views • 72 slides
Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work

Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work

Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work with Erik Riedel (Seagate Research), Ram Swaminathan (HP Labs), Qian Wang (Penn State), Kevin Fu (MIT) March 31 2003 Why care about storage

399 views • 27 slides
Webinar Overview ! ! Partnership between the Pennsylvania Department of Education and

Webinar Overview ! ! Partnership between the Pennsylvania Department of Education and

Our Agenda Topic Speaker Webinar Overview and Instructions Hilary Hunt Online Games that Teach Personal Finance and/ Hilary Hunt or Economics Understanding Interest Rate Andrew Hill Survey of Teachers Hilary Hunt February 19, 2014

342 views • 9 slides
Minor International PCL Minor International PCL 2Q06 Analyst Meeting Michael Sagild, COO Four

Minor International PCL Minor International PCL 2Q06 Analyst Meeting Michael Sagild, COO Four

M M M M I NT I NT I NT I NT s s Br ands New Day Br ands New Day Br ands New Day Br ands New Day Minor International PCL Minor International PCL 2Q06 Analyst Meeting Michael Sagild, COO Four Seasons Hotel Bangkok Pratana

1.31k views • 54 slides

More recommend