Only a small percentage of users should have domain administrator
access. I have found that it tends to be an ego thing in a lot of companies where everyone has to have privileged access. “Well I am certified” or “I am a senior administrator.” Therefore, the individual feels he must have domain administrator access. This type of thinking is a huge security risk and must be changed. If a large number of people have domain
administrator access to the system, it is very hard to tell what is authorized and what is unauthorized activity. Also, the potential for damage increases because, by a slip of the hand, a user can accidentally delete the entire system if he is logged on as domain administrator. On the other hand, if only a few people have domain administrator access, an administrator can quickly scan and detect unauthorized access.
Summary
As you can see in this chapter, password security is not an area that can be ignored. Any company that is serious about security has to make sure they properly address password security and that their users have strong passwords. Also, do not assume that an out-of-the-box installation will be enough, especially with Microsoft NT. An administrator needs to make sure that she understands what is going on and secures the passwords as much as possible. For example, I would recommend any company that is using NT to upgrade all their clients to either Windows NT or 98 and disable LAN Manager hashes. With LAN Manager enabled, there is little that can be done to properly secure the network.
It is also important to note that, except in cases where you only have limited use for your password cracking program, L0phtcrack would be the best choose for testing the strength of passwords on your network. Always keep in mind that it is good to have other tools in your toolbox, so you might want to obtain a copy of the other programs, such as NTSweep, PWDump2, and NTCrack, because you never know when you might need them.
In this chapter, we have looked at password cracking on NT. In Chapter 10, “UNIX Password Crackers” we look at it from a UNIX perspective and see what similarities and differences exist.
Chapter 10. UNIX Password Crackers
So far in this section, we have discussed password management, password cracking, and the password issues that surround a Microsoft Windows NT environment. Hopefully at this point, you realize the
importance of passwords and why it is so important to understand how to use these tools. Because so many companies have weak passwords and
this is a primary way attackers breach security, it is critical that security professionals understand the weak points and use tools like password crackers to improve these areas.
Now we will jump into the UNIX world and illustrate how UNIX deals with passwords. UNIX passwords do not have the same vulnerabilities that NT passwords have, but UNIX has its own set of issues to deal with. This chapter covers how UNIX passwords are stored on the system and what can be done to make those passwords more secure. Then, we will cover the following tools that are used to crack UNIX passwords:
• Crack
• John the Ripper
• XIT
• Slurpie
Each of these tools has different strengths and weaknesses, and by covering several, I will help you pick the right tool for your environment.
You might also want to have several or all of these tools in your toolbox because in different scenarios, a different tool might be quicker or easier to use. Remember: construction workers do not build a house with just one tool; they use several. The same thing goes for security. To secure your environment, you are going to have to use several tools. A common mistake is that companies look for the silver bullet, the single tool that will solve all of their security needs. Well, it doesn’t exist.
To have a secure environment, you are going to have to use several tools, across various domains. This concept is called defense in depth. Only by utilizing several tools can you truly have a secure site. If you use a single tool and there is vulnerability in that tool, or that tool fails, your security has just been defeated. On the other hand, if you have multiple tools, one tool can back up another tool if it fails.
Password cracking software plays a key role for a security professional and should be part of your toolbox. Remember, one of the ways that an attacker compromises a machine is by guessing a weak password. One of the ways to protect against this is to identify weak passwords and force users to change them before an attacker guesses them.
The easiest way to identify weak passwords in your company in a UNIX environment is to utilize one of the tools discussed in this chapter. Only by running a password cracker against user accounts can you identify the weakest link in your company’s chain of defense. Only by knowing what the weakest link is can you fix it and improve the security of your site. In this business, ignorance is deadly and knowledge is power. If you find the weak passwords at your site, you know which users you need to work with
to improve your security. Only by doing this can you take the power away from the attackers and give it back to your company, which is where it belongs.