Prevent your systems from being hijacked: A quick guide

Thwart 'passing-the-hash' attacks by following these steps

Jonathan Hassell (Computerworld (US))
01 November, 2011 05:14
Comments

It's time to rethink some old, and now outdated, security truisms that enable a very scary kind of attack.

As computing power and programming prowess have increased, so have the means to make this attack simple, effective and lightning-quick, to the point where it's now a huge risk. Tools are freely available to let someone own your entire Active Directory infrastructure in a matter of minutes, without brute-force cracking or any other compute-intensive resources.

The attack is not new: It's known as a "passing-the-hash" attack, and it's been around for years. Those proficient in security matters know of the attack and the general principle behind it: Passwords are converted by Windows into a "hash" -- a fixed-size string of cryptographically transformed data -- every time they are created. This way, your passwords aren't sitting in plain text anywhere on your machine, nor are they transmitted in clear text when the authentication happens over the wire.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email Computerworld
Follow Computerworld on twitter

More about: etwork

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"Anyone encounter some knee injuries right now? Read more concerning knee pain ..."

FTC chairman: Do-not-track law may not be needed
"Anyone having some knee problems at this moment? Study more on the ..."

Kindle sales soar but Amazon mum on actual numbers
"Are you experiencing knee problems at the moment? Discover more in relation ..."

Wall Street Beat: IPOs, M&A, chip news stir tech optimism
"Knee problems generally happen in the course of exercise or leisure activities. ..."

Anonymous Takes Aim at Indian Government
"Are you encounter some knee problems now? Understand more pertaining to knee ..."

Java creator: Fears over consequences of possible Oracle trial win may be overblown

Tags: freemium, security

Whitepapers

All whitepapers

Most Read

Sign up now to get free exclusive access to reports, research and invitation only events.

Most Commented

Featured Whitepapers

Process-Driven Master Data Management for Dummies

We wrote this book to introduce you to the subject of processdriven MDM. It’s a big topic, one that far outstrips the ability of a brief book to cover. However, our hope is that by reading this book you will gain a fundamental understanding of processdriven MDM, how it works, and what it takes to make it a success in your organisation.

Featured Download

Microsoft Security Essentials

Microsoft Security Essentials provides your home PC with real-time protection. It constantly uses the latest technology ensuring that you will always stay up to date ...

Zones

Most Popular Whitepapers

Process-Driven Master Data Management for Dummies

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management

Latest Jobs

CCSAP PM ConsultantNSW
CCSystem Engineer - Lync and Exchange - CONTRACTSWA
FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
FTSenior Citrix EngineerNSW
FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
FTProduct Manager Strategist - Enterprise ApplicationsNSW
CCSystem Engineer - Exchange - CONTRACTSWA
FTSenior Network Engineer - Cisco / Nexus / UCS / - Routing / Switching / WirelessNSW
CCOBIEE ConsultantWA
FTSAP Basis ConsultantACT
CCAvaya Engineer - ERS 8600 4.1NSW
FTTechnical Services Engineer - ShoreTel/MitelVIC
FTChange Management ProfessionalsNSW
FTQM Trainer and ConsultantNSW
FTSAP Basis ConsultantNSW
FTSenior Citrix EngineerNSW
CCSAP FICO ConsultantNT
FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
CCPC Relocation Technicians - Multiple Roles availableSA
FTIT Service Desk EngineerNSW
FTiPhone App DeveloperNSW
FTIT Service Desk EngineerNSW
FTiPhone App DeveloperNSW
FTiPhone App DeveloperNSW
FTiPhone Developer DeveloperNSW

Market Place

Prevent your systems from being hijacked: A quick guide

Comments

Post new comment

CeBIT 2012: Vic Dept of Health to release Android-friendly app

Coalition NBN better or worse?

Bredolab botnet author sentenced to 4 years in prison in Armenia

Alternatives to Raspberry Pi you can get right now

NBN ISS could pose capacity constraints

Which tablet should I buy? iPad 2 vs Sony Tablet S

NBN service plans won't cost consumers more: Conroy

Microsoft at a loss over Event Viewer scam

Stallman: If you want freedom don't follow Linus Torvalds

CeBIT 2012: Will NBN speed up freight delivery times?

Coalition NBN better or worse?

Process-Driven Master Data Management for Dummies

Transforming Software Delivery: An IBM Rational Case Study

So Long, Silos: Why Multi-Domain MDM Is Better For Your Business

Yes. We. Can. Flexible Policy 2.0

Microsoft Security Essentials

Avaya Air Cover Zone

Application Lifecycle Management

HP Converged Storage Zone

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Process-Driven Master Data Management for Dummies

Business Intelligence Best Practices for Dashboard Design

Learning To Compete: IT’s Next Transformation

Seven Steps to Effective Data Governance

Guidance for Calculation of Efficiency (PUE) in Data Centers

Computerworld newsletter

Don't have an account?

Prevent your systems from being hijacked: A quick guide

Comments

Post new comment

Computerworld newsletter