...Lab Assignment 1 Questions 1. Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective and why? Cain and Abel is a MS operating password recovery instrument made for administrators and security professionals. Brute Force and Dictionary attacks through LM via Lan Manager and NTLM via NT LAN Manager hashes were used in the following assignment. Brute Force attack “is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies” (Rouse, 2006). This method is considered time consuming because it goes through all possible combinations of characters. Dictionary attack “is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password” (Rouse, 2005). In addition Cain and Abel has the ability to use Cryptanalysis attacks to break passwords, it is considered the fastest [time memory trade off method], being faster than brute force attacks while also not needing as much memory as dictionary attacks (Gates, 2006). During the lab assignment I found that Dictionary attack with NTLM was the most effective. It allows the user to select more search options like reverse, lowercase and uppercase…etc. It was the fastest method in cracking the passwords...
Words: 957 - Pages: 4
...1) Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective and why? For the assignment we utilized Cain & Abel password recovery tool for Microsoft Operating Systems. For this lab assignment we utilized Brute Force NT LAN Manager (NTUM) and LAN Manager (LM) and Dictionary NTLM and LM hashes. (Features overview, n.d.) Brute Force is a password cracking -technique that tries every combination of numeric, alphanumeric, and special characters until the password is broken or the user is locked out. Dictionary is a technique that runs a given password against each of the words in a dictionary (file of words) until a match is found or the end of the dictionary is reached. (p. 13) Cain and Abel couples Brute Force and Dictionary with LM and NTLM hash. Based on my lab experience, my assessment is that the Dictionary NTLM Manager is the better of the processes. The table below reveals that Dictionary NTLM delivered more favorable results over LM because this process uncovered the passwords in the shortest amount of time and recovered the passwords in their entirety. Table | Brute Force LM | Brute Force NTLM | Dictionary LM | Dictionary NTLM | User1 | No password, 6-8 hours | No password, estimated time 10 years | yes, 75 seconds | yes, 40 | User2 | No password, 6-8 hours | No password, estimated time 10 years | yes, 30 | yes, 25 | User3 | No password, 6-8 hours...
Words: 971 - Pages: 4
...iTrust Database Software Security Assessment Security Champions Corporation (fictitious) Assessment for client Urgent Care Clinic (fictitious) Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root University of Maryland University College Author Note Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root, Department of Information and Technology Systems, University of Maryland University College. This research was not supported by any grants. Correspondence concerning this research paper should be sent to Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root, Department of Information and Technology Systems, University of Maryland University College, 3501 University Blvd. East, Adelphi, MD 20783. E-mail: acnwgirl@yahoo.com, rogalskibf@gmail.com, kzhang23@gmail.com, sscaramuzzino86@hotmail.com and Chad.Root@gmail.com Abstract The healthcare industry, taking in over $1.7 trillion dollars a year, has begun bringing itself into the technological era. Healthcare and the healthcare industry make up one of the most critical infrastructures in the world today and one of the most grandiose factors is the storage of information and data. Having to be the forerunner of technological advances, there are many changes taking place to streamline the copious amounts of information and data into something more manageable. One major change in the healthcare industry has been the implementation...
Words: 7637 - Pages: 31