The reality is this: if your computer is connected to the Internet, people will attempt to hack it. Across the ever-growing spectrum of hacking techniques, there is none more common than cracking passwords. It seems like every day, we read about the user names, passwords, and logins of individuals or corporations being stolen and their data being compromised. Just recently, hackers lifted the logins for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others.
The reality is this: if your computer is connected to the Internet, people will attempt to hack it. Across the ever-growing spectrum of hacking techniques, there is none more common than cracking passwords. It seems like every day, we read about the user names, passwords, and logins of individuals or corporations being stolen and their data being compromised. Just recently, hackers lifted the logins for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others.
There are a number of ways hackers crack passwords. One of the more popular methods is via a brute force attack on an SSH server. Cracking SSH logins is an ideal target for an attacker, because people (foolishly) think that passwords are safe, and SSH logins to remote computers give the attacker full access to the computer and its data from a command line interface.
Knowing how this type of attack is executed is important to its prevention. In this brief video, you’ll learn how to use Hydra 7.5 to install SSH libraries and brute force a SSH login. Hydra is a tool that makes cracking SSH relatively easy. This video will not only show you how hackers accomplish this type of attack, it will also show you how to apply this technique to your organization’s system in order to determine where weak passwords exist.
As you can see, it is quite easy to perform a brute force attack on an SSH server. (Hydra works with much more than SSH; you can use Hydra to perform a brute force attack on FTP, Telnet, and POP3 servers, just to name a few.) Passwords are often the weakest link in most systems. And unfortunately, they are often the only security measure between cyber thieves and your data.
Testing for weak passwords is an important part of security assessments. The best way to defend against this attack is to have a robust password policy in place. It’s important to change passwords every 90 days. When creating them, be sure to include characters, case-sensitive letters – both upper and lower case – numbers, and symbols. Also use lockout limits, so if the password is being brute forced, the account will lock out after a certain number of missed attempts.
Remember, knowing how the bad guys work, is often the best way to defend against them. Check out more hacking tutorials like this here.