The certain thing is that to accede to the passwords of the users it is not easy, since they keep from encriptada form, and the unique form manual is guessing it. A technique to obtain passwords is by means of the use of ” sniffers” that is to say, programs that cut our communications and register the passwords. There are ways to make agile this process, by means of keylogger. Nevertheless, when these tools of hacker fail, it can resort to the brute force. WIKIPEDIA defines brute force like: the form to recover a key trying all the possible combinations until finding that one that allows the access. In spite of which it could seem, he is one of the methods more using by hackers, that operates the vulnerability more appellant in the security of the information: the human factor.

The users do not have robust passwords sufficiently, like different types of characters and numbers that they imply a certain complexity. On the contrary, to avoid to forget his key of access, they prefer passwords easy to remember, but at the same time to guess. To this end, hacker, they use tools that have dictionaries of passwords, whose function is to be proving passwords one by one. However, like users, we know solely that with the password, it is not possible to accede to a position, since it is necessary to count on a user code. In order to secure the user code as much as the password, through this type of attack, it exists different tools like BrutusAET 2 for brute force from FTP passwords, Essential Net Tools for brute force to network passwords on watch (NetBios), or John the Ripper Windows, Linux for brute force to passwords hasheadas of Windows. A form simple to protect a system against the attacks of brute force or the attacks of dictionary is to establish a maximum number of attempts. Of this form the system is blocked automatically after a number of attempts predetermined bankrupts.

Nevertheless, even though a Directive of account blockade exists, or of complexity of the passwords that forces to change it once in a while, also they are easily predictable because often they consist of adding short sequences to him of numbers to a same original root. Therefore, most recommendable it would be to establish Directive of sufficiently robust passwords, by a specialized company. From udea we want we remembered that the best form to prevent a sanction or a damage to our information systems, is to fulfill all the technical and legal exigencies of the security of the information.

Tags: , ,