Possible Attacks on Windows and Countermeasures – Part 1

It’s been a great week with so much news in the world of security. Of course Security both in the real world and the virtual world. Today I decided to begin writing a series of articles about possible attacks and their countermeasures on Windows operating systems whether client or server including the latest ones such as Windows 7 and Windows Server 2008 R2.

In this series I will try to put a little bit of my experiences into words and in easy words explain to you different types of hacking techniques used by attackers to penetrate into your network. I will try to get it started with the most common ones to the most advanced like those causing millions of dollars loss; and then I will dig into different ways of defense against such hacking techniques and will show you how to keep your network services and servers secure against them.

Password Cracking Attacks:

This is one of the most common types of attacks used at least once by every attacker. It always seems the dummiest but honestly this has shown to be one of the most effective way to find a way into somebody’s computer if not protected against such attacks.

This type of cracking has a pretty long history and I really cannot count the number of softwares developed to crack password by different hacking groups or even security companies. The only difference between these two is that the second one believe their software is only purposed for a so-called act of Ethical Hacking but who knows what is being done by those tools and softwares.

There are different ways to perform password cracking among which Brute Force attacks are the most popular. Brute Forcing is simply finding a computer’s password by trying different combinations of letters, numbers and even characters. The time required for it to work depends on the complexity of passwords. However more complex the password, the longer it takes to be cracked.

A single computer can try from one to fifteen million passwords per second against a password hash (That is true) for weaker algorithms like DES (Which is very commonly used nowadays) using a fairly good password cracking tool and if let’s say you choose an 8-character password of letters (both cases), numbers and symbols, we could say that it would take something like 16 minutes for it to be cracked. So you feel pretty unsafe.. huh???

Attackers nowadays could easily find pre-computed password hashes for different algorithms stored in database files called Rainbow Tables and it would take a matter of minutes to crack almost any passwords in a network.

There are other techniques used as well such as dictionary or words-list attacks that are usually tried before the Brute Force to kind of guess the user’s password if the user has used common dictionary words or things like 123456 or anything like that as passwords.

L0pht Crack:

One of the most famous password cracking tools is l0pht Crack developed by a famous group of expert hackers called l0pht who officially joined @stake which itself was later on announced to be an acquisition of Symantec corporation. You can download the latest version of L0pht Crack from their website. Below is a screenshot of this tool:

Any operating system could be the target of this tool even Windows Server 2008 R2 and could really well work on almost any operating system to target the other hosts on the network. You can get more information on their website.

John the Ripper:

John the Ripper is another well-known name among password cracking tools. This is a tool firstly developed to be run on Unix-based operating system but now it supports Windows as well. You can download this tool from their website.

John the Ripper truly is one of the fastest password cracking tools I have ever seen. It is being used by a lot of penetration testers and of course hackers every day.

Countermeasures:

Protecting your network against password cracking is completely dependent on the policies on your network and your servers and clients. Whether you have a very small environment and operating a workgroup of computers or you have a big domain network you should have policies and more specifically account and password policies.

Password policies can be defined in Group Policies in Windows and Active Directory. So if you open up the Group Policy Editor either locally (By typing gpedit.msc in thr Run) or on the domain using the Group Policy Management console, you need to go to:

Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy

Below you can see a screenshot of the password policies settings:

Now let’s go one by one with what they mean:

Enforce Password History: You can set how many passwords for each user is stored in the history. If we set this number to 10, it means the user is not able to choose any of the past 10 passwords for his new password.

Maximum Password Age: The maximum time a user can keep a password and after it comes to an end, they should change it.You could use it to force the users to change their passwords every now and then.

Minimum Password Age: The minimum time a password must be used before a user changes that. You can use it to stop users from changing their passwords every hour.

Minimum Password Length: The number of characters that a user must have in a password. Do not let it be less than 8.

Password must meet complexity requirements: You can decide whether or not you want to force the user to choose a password including letters (Both cases), numbers and symbols. You must definitely enable it.

Store passwords using reversible encryption: Let it be disabled as it is used by some protocols rarely used and enabling it is equal to storing the passwords plain-text.

The other settings that you need to configure is Account Lockout policies which are more important if you want to protect against the brute force attacks:

So in order to access the policies you need to open the Group Policy Editor and go to this address:

Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Account Lockout Policies

Account Lockout Duration: How long do you want the account to be locked out after a number of invalid logon attempts.

Account Lockout Threshold: How many invalid logon attempts are needed to lock the account. If you set it to a number, then the password cracking tools can not try millions of passwords on your computer since the account is going to get locked.

Reset Account Lockout Counter After: If you set it to 30 minutes for example, in 30 minutes if there are more than 4 invalid logon attempts are made, then the account gets locked. If it takes more than 30 minutes for the number of invalid logon attempts specified in the previous settings, then the account does not get locked and the policy will not apply so you must be really careful when defining your policies.

Usually 30 minutes will be the best since it can block all kinds of password cracking tools even the slowest ones.

Here we come to the end of this first article and I hope you liked it. If you had any question, please leave me a comment and I will answer that almost in no time.

You want to learn more? Check out my new book below and have access to great and practical tutorials and step-by-step guides all in one book: 

To get more information about the book click on the book below:

1

Cheers