Your security is worth checking!
Homepage
Spoofing attacks Sniffing Port scanning Denial of Service Social engineering Zombie computers Brute-force attacksThreats
Newsletter
If you want to subscribe newsletter please add your e-mail address.
Dictionary and brute-force attacks
Dictionary attack is one of the techniques used for brute-force searching for weak cryptographic keys and application passwords.
It is quite similar to general brute-force attacks, featuring examination of all consecutive possible and admissible combinations of the given password to guess the right combination of letters, providing access to information or system.Dictionary attacks are a more subtle method of gaining access to computer systems and limiting significantly the overall time to concoct this time of attack. This particular form of attack features testing a smaller subset of all possible passwords - for example a list of words existing in the given language or a database with the most probable passwords (in statistical terms).
Counteraction:
Prevention of brute force and dictionary attacks is much simpler in practice than it is typically perceived. What is recommended is first and foremost an implementation of methods limiting the range of characters which can be introduced into secret character strings (login, password, pin etc.). It is also worth making sure that the employees do not introduce their personal data - i.e. surname, telephone numbers, personal identification number etc. Quite frequently, special trainings covering the methods of selecting passwords become indispensable, connected with trainings covering other aspects of security in companies.
Technical protection:
When it comes to technical aspects of brute-force attacks - it is worth making sure that all passwords are verified before accepted by the data storage system for future use. Protection systems should also include mechanisms protecting against already ongoing brute-force attacks - such methods typically are fully automated and do not require any activity from the network administrator while effectively preventing any attempts to break passwords via brute-force attacks.
All necessary information related with the application of technical protection methods can be found on the sub page [audit of network technologies].