- Teks
- Sejarah
In this subsection, we outline the
In this subsection, we outline the main forms of attack against password-based
authentication and briefly outline a countermeasure strategy. The remainder of
Section 3.2 goes into more detail on the key countermeasures.
Typically, a system that uses password-based authentication maintains a password
file indexed by user ID. One technique that is typically used is to store not the user’s
password but a one-way hash function of the password, as described subsequently.
We can identify the following attack strategies and countermeasures:
• Offline dictionary attack: Typically, strong access controls are used to protect
the system’s password file. However, experience shows that determined
hackers can frequently bypass such controls and gain access to the file. The
attacker obtains the system password file and compares the password hashes
against hashes of commonly used passwords. If a match is found, the attacker
can gain access by that ID/password combination. Countermeasures include
controls to prevent unauthorized access to the password file, intrusion detection
measures to identify a compromise, and rapid reissuance of passwords
should the password file be compromised.
• Specific account attack: The attacker targets a specific account and submits
password guesses until the correct password is discovered. The standard countermeasure
is an account lockout mechanism, which locks out access to the
account after a number of failed login attempts. Typical practice is no more
than five access attempts.
• Popular password attack: A variation of the preceding attack is to use a popular
password and try it against a wide range of user IDs. A user’s tendency
is to choose a password that is easily remembered; this unfortunately makes
the password easy to guess. Countermeasures include policies to inhibit the
selection by users of common passwords and scanning the IP addresses of
authentication requests and client cookies for submission patterns.
• Password guessing against single user: The attacker attempts to gain knowledge
about the account holder and system password policies and uses that
knowledge to guess the password. Countermeasures include training in and
enforcement of password policies that make passwords difficult to guess.
Such policies address the secrecy, minimum length of the password, character
set, prohibition against using well-known user identifiers, and length of time
before the password must be changed.
• Workstation hijacking; The attacker waits until a logged-in workstation is
unattended. The standard countermeasure is automatically logging the workstation
out after a period of inactivity. Intrusion detection schemes can be
used to detect changes in user behavior
authentication and briefly outline a countermeasure strategy. The remainder of
Section 3.2 goes into more detail on the key countermeasures.
Typically, a system that uses password-based authentication maintains a password
file indexed by user ID. One technique that is typically used is to store not the user’s
password but a one-way hash function of the password, as described subsequently.
We can identify the following attack strategies and countermeasures:
• Offline dictionary attack: Typically, strong access controls are used to protect
the system’s password file. However, experience shows that determined
hackers can frequently bypass such controls and gain access to the file. The
attacker obtains the system password file and compares the password hashes
against hashes of commonly used passwords. If a match is found, the attacker
can gain access by that ID/password combination. Countermeasures include
controls to prevent unauthorized access to the password file, intrusion detection
measures to identify a compromise, and rapid reissuance of passwords
should the password file be compromised.
• Specific account attack: The attacker targets a specific account and submits
password guesses until the correct password is discovered. The standard countermeasure
is an account lockout mechanism, which locks out access to the
account after a number of failed login attempts. Typical practice is no more
than five access attempts.
• Popular password attack: A variation of the preceding attack is to use a popular
password and try it against a wide range of user IDs. A user’s tendency
is to choose a password that is easily remembered; this unfortunately makes
the password easy to guess. Countermeasures include policies to inhibit the
selection by users of common passwords and scanning the IP addresses of
authentication requests and client cookies for submission patterns.
• Password guessing against single user: The attacker attempts to gain knowledge
about the account holder and system password policies and uses that
knowledge to guess the password. Countermeasures include training in and
enforcement of password policies that make passwords difficult to guess.
Such policies address the secrecy, minimum length of the password, character
set, prohibition against using well-known user identifiers, and length of time
before the password must be changed.
• Workstation hijacking; The attacker waits until a logged-in workstation is
unattended. The standard countermeasure is automatically logging the workstation
out after a period of inactivity. Intrusion detection schemes can be
used to detect changes in user behavior
0/5000
In this subsection, we outline the main forms of attack against password-basedauthentication and briefly outline a countermeasure strategy. The remainder ofSection 3.2 goes into more detail on the key countermeasures.Typically, a system that uses password-based authentication maintains a passwordfile indexed by user ID. One technique that is typically used is to store not the user’spassword but a one-way hash function of the password, as described subsequently.We can identify the following attack strategies and countermeasures:• Offline dictionary attack: Typically, strong access controls are used to protectthe system’s password file. However, experience shows that determinedhackers can frequently bypass such controls and gain access to the file. Theattacker obtains the system password file and compares the password hashesagainst hashes of commonly used passwords. If a match is found, the attackercan gain access by that ID/password combination. Countermeasures includecontrols to prevent unauthorized access to the password file, intrusion detectionmeasures to identify a compromise, and rapid reissuance of passwordsshould the password file be compromised.• Specific account attack: The attacker targets a specific account and submitspassword guesses until the correct password is discovered. The standard countermeasureis an account lockout mechanism, which locks out access to theaccount after a number of failed login attempts. Typical practice is no morethan five access attempts.• Popular password attack: A variation of the preceding attack is to use a popularpassword and try it against a wide range of user IDs. A user’s tendencyis to choose a password that is easily remembered; this unfortunately makesthe password easy to guess. Countermeasures include policies to inhibit theselection by users of common passwords and scanning the IP addresses ofauthentication requests and client cookies for submission patterns.• Password guessing against single user: The attacker attempts to gain knowledgeabout the account holder and system password policies and uses thatknowledge to guess the password. Countermeasures include training in andenforcement of password policies that make passwords difficult to guess.Such policies address the secrecy, minimum length of the password, characterset, prohibition against using well-known user identifiers, and length of timebefore the password must be changed.• Workstation hijacking; The attacker waits until a logged-in workstation isunattended. The standard countermeasure is automatically logging the workstationout after a period of inactivity. Intrusion detection schemes can beused to detect changes in user behavior
Sedang diterjemahkan, harap tunggu..
Dalam ayat ini, kita menguraikan bentuk utama dari serangan terhadap berbasis password
otentikasi dan secara singkat garis besar strategi penanggulangan. Sisa
Bagian 3.2 masuk ke detail lebih lanjut tentang penanggulangan kunci.
Biasanya, sebuah sistem yang menggunakan otentikasi berbasis password mempertahankan password
file yang diindeks oleh ID pengguna. Salah satu teknik yang biasanya digunakan untuk menyimpan tidak pengguna
password, tetapi fungsi hash satu arah dari password, seperti yang dijelaskan selanjutnya.
Kita dapat mengidentifikasi strategi serangan berikut dan penanggulangan:
• Serangan Offline kamus: Biasanya, kontrol akses yang kuat yang digunakan untuk melindungi
file password sistem. Namun, pengalaman menunjukkan bahwa ditentukan
hacker dapat sering melewati kontrol tersebut dan mendapatkan akses ke file. Para
penyerang memperoleh file password sistem dan membandingkan hash password
terhadap hash password yang umum digunakan. Jika kecocokan ditemukan, penyerang
dapat memperoleh akses oleh kombinasi ID / password. Penanggulangan termasuk
kontrol untuk mencegah akses tidak sah ke file password, deteksi intrusi
langkah-langkah untuk mengidentifikasi kompromi, dan dikeluarkan lagi cepat password
harus file password dikompromikan.
• Serangan akun khusus: Penyerang menargetkan account tertentu dan menyerahkan
tebakan password sampai benar password ditemukan. The penanggulangan standar
merupakan mekanisme account lockout, yang mengunci keluar akses ke
akun setelah jumlah usaha login yang gagal. Praktek khas adalah tidak lebih
dari lima upaya akses.
• Popular serangan sandi: Sebuah variasi dari serangan sebelumnya adalah dengan menggunakan populer
sandi dan mencobanya terhadap berbagai ID pengguna. Kecenderungan pengguna
adalah memilih password yang mudah diingat; ini sayangnya membuat
password yang mudah ditebak. Penanggulangan mencakup kebijakan untuk menghambat
pemilihan oleh pengguna password umum dan memindai alamat IP dari
permintaan otentikasi dan cookie klien untuk pola pengiriman.
• Sandi menebak terhadap pengguna tunggal: Penyerang mencoba untuk mendapatkan pengetahuan
tentang pemegang rekening dan password sistem kebijakan dan penggunaan bahwa
pengetahuan untuk menebak password. Penanggulangan meliputi pelatihan dan
penegakan kebijakan password yang membuat password yang sulit ditebak.
Kebijakan-kebijakan tersebut menangani kerahasiaan, panjang minimal password, karakter
set, larangan menggunakan pengidentifikasi pengguna terkenal, dan lamanya waktu
sebelum password harus diubah .
• Workstation pembajakan; Penyerang menunggu sampai workstation log-in
tanpa pengawasan. The penanggulangan standar otomatis log workstation
setelah masa tidak aktif. Skema deteksi intrusi dapat
digunakan untuk mendeteksi perubahan perilaku pengguna
otentikasi dan secara singkat garis besar strategi penanggulangan. Sisa
Bagian 3.2 masuk ke detail lebih lanjut tentang penanggulangan kunci.
Biasanya, sebuah sistem yang menggunakan otentikasi berbasis password mempertahankan password
file yang diindeks oleh ID pengguna. Salah satu teknik yang biasanya digunakan untuk menyimpan tidak pengguna
password, tetapi fungsi hash satu arah dari password, seperti yang dijelaskan selanjutnya.
Kita dapat mengidentifikasi strategi serangan berikut dan penanggulangan:
• Serangan Offline kamus: Biasanya, kontrol akses yang kuat yang digunakan untuk melindungi
file password sistem. Namun, pengalaman menunjukkan bahwa ditentukan
hacker dapat sering melewati kontrol tersebut dan mendapatkan akses ke file. Para
penyerang memperoleh file password sistem dan membandingkan hash password
terhadap hash password yang umum digunakan. Jika kecocokan ditemukan, penyerang
dapat memperoleh akses oleh kombinasi ID / password. Penanggulangan termasuk
kontrol untuk mencegah akses tidak sah ke file password, deteksi intrusi
langkah-langkah untuk mengidentifikasi kompromi, dan dikeluarkan lagi cepat password
harus file password dikompromikan.
• Serangan akun khusus: Penyerang menargetkan account tertentu dan menyerahkan
tebakan password sampai benar password ditemukan. The penanggulangan standar
merupakan mekanisme account lockout, yang mengunci keluar akses ke
akun setelah jumlah usaha login yang gagal. Praktek khas adalah tidak lebih
dari lima upaya akses.
• Popular serangan sandi: Sebuah variasi dari serangan sebelumnya adalah dengan menggunakan populer
sandi dan mencobanya terhadap berbagai ID pengguna. Kecenderungan pengguna
adalah memilih password yang mudah diingat; ini sayangnya membuat
password yang mudah ditebak. Penanggulangan mencakup kebijakan untuk menghambat
pemilihan oleh pengguna password umum dan memindai alamat IP dari
permintaan otentikasi dan cookie klien untuk pola pengiriman.
• Sandi menebak terhadap pengguna tunggal: Penyerang mencoba untuk mendapatkan pengetahuan
tentang pemegang rekening dan password sistem kebijakan dan penggunaan bahwa
pengetahuan untuk menebak password. Penanggulangan meliputi pelatihan dan
penegakan kebijakan password yang membuat password yang sulit ditebak.
Kebijakan-kebijakan tersebut menangani kerahasiaan, panjang minimal password, karakter
set, larangan menggunakan pengidentifikasi pengguna terkenal, dan lamanya waktu
sebelum password harus diubah .
• Workstation pembajakan; Penyerang menunggu sampai workstation log-in
tanpa pengawasan. The penanggulangan standar otomatis log workstation
setelah masa tidak aktif. Skema deteksi intrusi dapat
digunakan untuk mendeteksi perubahan perilaku pengguna
Sedang diterjemahkan, harap tunggu..
Bahasa lainnya
Dukungan alat penerjemahan: Afrikans, Albania, Amhara, Arab, Armenia, Azerbaijan, Bahasa Indonesia, Basque, Belanda, Belarussia, Bengali, Bosnia, Bulgaria, Burma, Cebuano, Ceko, Chichewa, China, Cina Tradisional, Denmark, Deteksi bahasa, Esperanto, Estonia, Farsi, Finlandia, Frisia, Gaelig, Gaelik Skotlandia, Galisia, Georgia, Gujarati, Hausa, Hawaii, Hindi, Hmong, Ibrani, Igbo, Inggris, Islan, Italia, Jawa, Jepang, Jerman, Kannada, Katala, Kazak, Khmer, Kinyarwanda, Kirghiz, Klingon, Korea, Korsika, Kreol Haiti, Kroat, Kurdi, Laos, Latin, Latvia, Lituania, Luksemburg, Magyar, Makedonia, Malagasi, Malayalam, Malta, Maori, Marathi, Melayu, Mongol, Nepal, Norsk, Odia (Oriya), Pashto, Polandia, Portugis, Prancis, Punjabi, Rumania, Rusia, Samoa, Serb, Sesotho, Shona, Sindhi, Sinhala, Slovakia, Slovenia, Somali, Spanyol, Sunda, Swahili, Swensk, Tagalog, Tajik, Tamil, Tatar, Telugu, Thai, Turki, Turkmen, Ukraina, Urdu, Uyghur, Uzbek, Vietnam, Wales, Xhosa, Yiddi, Yoruba, Yunani, Zulu, Bahasa terjemahan.
- This month very tired
- Keluarga
- Kangen sama gaji
- Kejayaan
- Remember me
- Saya tidak lancar berbahasa inggrisSaya
- The following statements are correct, EX
- Kemenangan
- kapan apanya
- Leave the past where it belongs.
- Sebatas
- Permisi,,apakah disini ada lowongan peke
- Sometimes the words we leave unspoken ar
- any deformity , faults and defects produ
- dreams
- XX harus mengirimkan pernyataan tertulis
- dreams
- Menghayal adalah hidupmu
- Limited
- Manajemen Kurikulum Pondok Pesantren dal
- Limit
- seluruh biaya perbaikan ditanggung oleh
- Life is short. There is no time to leave
- Aku sayang kamu selamanya
