Do you have a formal password policy for your Windows-based systems? Do you suspect that some of your network users have insecure passwords? If you answered yes to either of these questions, then now's a good time to check for password-related vulnerabilities on your network.
Passwords are often the first (and all too often, the last) line of defense to protect sensitive digital assets. Given that most Windows-based passwords (domain, Terminal Services, e-mail, etc.) tie back to the domain account, all it takes is one hole -- one entry point -- to get in and crack a password. Once that's done, anything is fair game. This is especially true with all the IIS-based applications, Citrix deployments, and other outward facing applications that so many organizations have in place today.
Cracking network passwords
Step 1: Ethical hacking methodology
Step 2: Tools you should use
Step 3: What good are your findings?
ABOUT THE AUTHOR
Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC where he specializes in performing independent security assessments.
This was first published in December 2005