Online Reading 96 Hacking techniques Introduction to password cracking

Online Reading 9.6 ‘Hacking techniques: Introduction to password cracking’, - crack/password_cracking.html . Note : Read the sections on ‘Methods of attack’, ‘Tools of the trade’, and ‘A protection checklist’. Employees are often the weakest link when it comes to keeping passwords secret. Creating a password security policy and making sure that end-users read, understand and implement this policy in their day-to- day work activities offer the best protection against password cracking and social engineering attacks. Self-test 9.5 1 What is the difference between password sniffing and password cracking? 2 Revisit the password policy template that you viewed in Online Reading 9.2. What are some recommended practices that can prevent passwords from being cracked or sniffed by hackers?

30 COMP S834 Web Server Technology Access control and authorization You’ve just learned that password authentication is the most common mechanism used by Web servers and operating systems to reduce the risk of intrusion. Password authentication works hand-in-hand with access control and authorization so that users can gain access and privileges to specific resources on the system, such as files, directories and other data or programs on a host machine. Your public Web server content will likely be divided into different subdirectories, such as those containing the homepage, images and dynamic programs. Implementing individual user and group access controls at the level of these subdirectories (and below if necessary) will further protect your Web content. For example, the general public should be given permission to read webpages on the ABC Books website, but not to write or execute them. Server-side scripts and programs should be executable, but should not be read or written to. Only the order-processing department should have access to the orders placed by customers on your site, and only a select group of marketing department employees should have update and delete access to the production version of your website content. The list of authorized users should be reviewed and updated on a regular basis, particularly when an employee user leaves your organization. You can read more about access control and authorization with the Apache Web server in the next section. Online Reading 9.7 1 ‘Access control’, . 2 ‘Authentication and authorization’, . In the next activity, we’ll look at applying password protection and restricting access to specific users and groups for a particular directory on your ABC Books website.

Unit 9 31 Activity 9.5 ABC Books has built an Order Inquiry page that allows the employees in the orders department to view all online orders. These pages will be stored in a separate directory called order s under the public_html folder.