How a dictionary attack works

How a dictionary attack works

A dictionary attack is a common way to steal a password. Here’s how a dictionary attack works, in layperson’s terms. More importantly, here’s how to beat the attack.

A dictionary attack is a much more efficient alternative to brute force hacking, but it requires a local copy of the user database to work. That usually means stealing the database first, if a bad guy is doing it. But nothing stops a company from doing a dictionary attack on its own user accounts to make sure people aren’t using insecure passwords. It’s unusual, but not unheard of.

Read more

The workstation events you want to be logging in Splunk

Every once in a while the NSA or another government agency releases a whitepaper with a lot of really good security advice. This paper on spotting adversaries with Windows event logs is a fantastic example. It’s vendor-neutral, just talking about Windows logs and how to set up event forwarding, so you can use the advice with any log aggregation system or SEIM. I just happen to use and recommend Splunk. But whatever you use, these are the workstation events you want to be logging.

I want to call your attention to a couple of items in the paper. Most breaches begin on workstations, and this paper has the cure.

Read more

Application whitelisting on Windows, even home editions

One of the very best things security measures you can take is application whitelisting–limiting the apps that are allowed to run on your computer.

The Australian Signals Directorate–the Australian counterpart to the NSA–says doing four things cuts security incidents by a whopping 85 percent. You probably do three of the things. The fourth is application whitelisting.

  • use application whitelisting to help prevent malicious software and unapproved programs from running
  • patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office
  • patch operating system vulnerabilities
  • restrict administrative privileges to operating systems and applications based on user duties.

Read more

Don’t e-mail yourself a list of all your passwords and bank account numbers to yourself from work

So my buddy, we’ll call him Bob, runs Data Loss Prevention (DLP) for a big company. DLP is software that limits what you can do with sensitive information, in order to block it from going out of the company. The NSA wasn’t using DLP back when Ed Snowden was working for them; they probably are now.

Sometimes DLP blocks people from sending their own personal information. Doing so is their right–it’s their information–but from a security point of view, I’m really glad DLP kept them from e-mailing their entire life around in plaintext.

Read more

WordPress Appliance - Powered by TurnKey Linux