Password guessing against single user: The attacker attempts to gain knowledge about the account holder and system password policies and uses that knowledge to guess the password. Workstation hijacking : The attacker waits until a logged-in workstation is unattended. Exploiting user mistakes: If the system assigns a password, then the user is more likely to write it down because it is difficult to remember. This situation creates the potential for an adversary to read the written password. A user may intentionally share a password, to enable a colleague to share files, for example. Also, attackers are frequently successful in obtaining passwords by using social engineering tactics that trick the user or an account manager into revealing a password. Many computer systems are shipped with preconfigured passwords for system administrators. Unless these preconfigured passwords are changed, they are easily guessed. Exploiting multiple password use. Attacks can also become much more effective or damaging if different network devices share the same or a similar password for a given user. Electronic monitoring: If a password is communicated across a network to log on to a remote system, it is vulnerable to eavesdropping. Simple encryption will not fix this problem, because the encrypted password is, in effect, the password and can be observed and reused by an adversary. C HAPTER 3 U SER A UTHENTICATION
You've reached the end of your free preview.
Want to read all 69 pages?
- Spring '10
- Computer Security, .........