You can use your test results in a couple of different ways. For starters, they'll serve as a litmus test to determine whether or not you have password security risks. Odds are you do somehow somewhere. They'll also provide hard evidence to upper management that something needs to be done about the problem. This may include formal security awareness, new authentication technologies, or "tweaking" of existing policies -- especially on the enforcement side.
All in all, password cracking tests are an excellent way to not only root out weaknesses on your Windows network but also to see if people and processes are adhering to policies. Perform these tests on your network now and ongoing in the future and I guarantee you'll be amazed at what you uncover.
Cracking network passwords
Step 1: Ethical hacking methodology
Step 2: Tools you should use
Step 3: What good are your findings?
ABOUT THE AUTHOR
Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC where he specializes in performing independent security assessments.
This was first published in December 2005