Wednesday, April 23, 2008
Search Site:
Home | About Us | Contact Us | Archives | Feedback | Career Avenues
News
National
State
District
City
Business
Foreign
Sports
Comments
Edit Page
Panorama
Net Mail
Your Take
Infoline
In City Today
HelpLine
Daily Almanac
Festivals of India
Weather
Leisure
Crossword
Horoscope
Year 2008
Weekly
Daily Astrospeak
Calendar 2008
Pearls of Wisdom
"There is no caste in blood."
- Edwin Arnold
Supplements
Metro Life - Mon
Metro Life - Sat
DH Avenues
Cyber Space
Metro Life - Thurs
Economy & Business
Metro Life - Fri
Open Sesame
Living
She
DH Realty
Fine Art / Culture
Articulations
Entertainment
Science & Technology
Spectrum
Sportscene
Movie Reviews
Sunday Herald
DH Education
ENGLISH FOR YOU
Reviews
Book Reviews
ENVIRONMENT
Hi Life
Banking & Finance
Dasara dazzle
Art Reviews
Bangalore IT.in
Columns
Kuldip Nayar
Khushwant Singh
N J Nanporia
Tavleen Singh
Swami Sukhabodhananda
Bittu Sehgal
Suresh Menon
Shreekumar Varma
Movie Guide
Ad Links
Deccan
International School
Real Estate Properties in Bangalore
Deccan Herald
Now Available
Globally
in Print Format
Others
About Us
Subscription

Send your Suggestions / Queries about the Website to the
Webmaster
To send letters to Editor :
Letters to Editor

You are welcome to post your letters/responses to NETMAIL here.

For enquiries on advertisements :
Contact Us

Deccan Herald » Cyber Space » Detailed Story
Quantifiable data on most vulnerable usernames
*Bhaskar Bakthavatsalu
Are hackers trying to get into your companys computers right now? And what are they up to?

A study by the University of Maryland’s A James Clark School of Engineering is one of the first to quantify a list of the most unsecure usernames and passwords that administrators use on computers, giving attackers more chance of successfully accessing corporate information resources.

The study profiled the behaviour of brute force hackers, who use simple software-aided techniques to randomly attack large numbers of computers. The researchers discovered which usernames and passwords hackers tried most often and what they do when they gain access to a server.

These kinds of hackers have been portrayed as people with grudges who target specific institutions and manually try to break into their computers. But in reality, Cukier says, “Most of these attacks employ automated scripts that indiscriminately seek out thousands of computers at a time, looking for vulnerabilities.” “Our data provide quantifiable evidence that attacks are happening all the time to computers with Internet connections,” Cukier says. “The computers in our study were attacked, on average, 2,244 times a day.”

Cukier’s students discovered that the vast majority of attacks came from relatively unsophisticated hackers using “dictionary scripts”. a type of software that runs through common usernames and passwords trying to break into computers.

Common usernames

“Root” was the top username guess by dictionary scripts—attempted 12 times more often than the second-place "admin." Successful root access would open an entire computer to a hacker, while admin would grant access to somewhat lesser administrative privileges. Other top usernames in hacker scripts were "test," "guest," "info," "adm," "mysql," "user," "administrator," and "oracle." All should be avoided as usernames, Cukier says.

Bad password policy

The researchers found the most common password-guessing ploy was to reenter or try variations of the username. Some 43 percent of all password-guessing attempts simply reentered the username. The username followed by "123" was the second most-tried choice. Other common passwords attempted included "123456," "password," "1234," "12345," "passwd," "123," "test," and "1." These findings support the warnings of security experts that a password should never be identical or even related to its associated username, Cukier says.

What a hacker wants

Once hackers gain access to computers, they swiftly act to determine whether it could be of use to them. During the study, the hackers' most common sequence of actions was to check the accessed computer's software configuration, change the password, check the hardware and/or software configuration again, download a file, install the downloaded program, and then run it.

What are the hackers trying to accomplish? "The scripts return a list of most-likely-prospect computers to the hacker, who then attempts to access and compromise as many of them as possible," Cukier says. "Often they set up backdoors—undetected entrances into the computer that they control—so they can create botnets, for profit or disreputable purposes." A botnet is a collection of compromised computers that are controlled by autonomous software robots answering to a hacker who manipulates the computers remotely. Botnets can act to perpetrate fraud or identity theft, disrupt other networks, and damage computer files, among other things.

This study provides solid statistical evidence that supports widely held beliefs about username/password vulnerability and post-compromise attacking behavior. Computer administrators should avoid all of the usernames and passwords identified in the research and choose longer, more difficult and less obvious passwords with combinations of upper and lowercase letters and numbers that are not open to brute-force dictionary attacks.

In addition, the emerging profile of "script kiddy" hackers presented here can help security administrators in two main ways: in choosing security tools to combat the most common attacker actions and in performing more focused post-attack damage control and clean-up, according to Cukier.

Check Point approach

Among other security tools security administrators can evaluate in the effort to combat brute force attacks is Check Point Eventia Analyzer, which can prevent repeated brute force attacks by creating an "event" after multiple, failed authorization attempts with the following steps: username/password plus automated reaction to block the offending source IP. Check Point also provides real-time security updates to its security gateways for protection from brute force, buffer overflow, SQL injection, and other malicious hacker attacks. These optional updates come via SmartDefense Services, which maintain the most current preemptive security for the Check Point security infrastructure. To help you stay ahead of emerging threats and attacks, SmartDefense Services provide real-time updates and configuration advisories for defenses and security policies.

*Country Manager, Check Point Software Technologies – India & SAARC

Hanmer & Partners Communications Pvt Ltd
comment on this article
Other Headlines
Elusive crime mongers stalking the Web
Better desktop experience with Ubuntu 8.04
Microsoft ushers in live workspace for offices
Quantifiable data on most vulnerable usernames
Multi-tier tapes roll out ideal
E-Utilities
Product, Process
Ad Links
Flowers to India , Gifts to India
Flowers to Trivandrum , Bhopal , Kanpur, Mangalore, Patna, Vadodara, Amritsar
Gifts to India , Flowers to Bangalore India
India Flowers - Dehradun Hyderabad Kolkata Gurgaon Punjab
Flowers to Bangalore, Chennai, Hyderabad, Delhi, Mumbai, Pune Kolkata.
Send Flowers, Cakes, Chocolate, Fruits to Pune.
Flowers to India , France , Japan, Germany, Hong Kong, Singapore, Mexico, USA
Flowers to India , Mumbai , Pune, Delhi, Chennai,
Your Life Partner? Get personalized proposals daily. Thousands of New members with Photo Profiles. Profession,Religion, Community searches & more. Register FREE!
Copyright 2007, The Printers (Mysore) Private Ltd., 75, M.G. Road, Post Box No 5331, Bangalore - 560001
Tel: +91 (80) 25880000 Fax No. +91 (80) 25880523
click here