Windows Password Vulnerability and Preventive Measures

Authors

  •   Dinesh N. Patil Ph. D. Scholar, Veermata Jijabai Technological Institute, Matunga, Mumbai
  •   B. B. Meshram Professor, Veermata Jijabai Technological Institute, Matunga, Mumbai

DOI:

https://doi.org/10.17010/ijcs/2016/v1/i1/101493

Keywords:

Hash Function

, Registry, Hives, Salting, Volatile Memory, SAM

Paper Submission Date

, March 28, 2016, Paper sent back for Revision, April 08, Paper Acceptance Date, April 18, 2016.

Abstract

With the rise in the use of the Internet, cyber crimes have also increased. One of the most prominent attack that can cause a breach in the security of sensitive system is hacking the password hashes. This paper discusses the window password hashes used in the Windows NT-based operating systems and the loopholes in them. The paper also covers various attacking techniques used by attackers in order to gain access to the password . The experiment carried out to identify and extract the password hashes from the volatile memory is also discussed. Finally the paper suggests mechanism for password protection.

Downloads

Download data is not yet available.

Downloads

Published

2016-10-01

How to Cite

Patil, D. N., & Meshram, B. B. (2016). Windows Password Vulnerability and Preventive Measures. Indian Journal of Computer Science, 1(1), 12–17. https://doi.org/10.17010/ijcs/2016/v1/i1/101493

Issue

Volume 1, Issue 1, September-October 2016

Section

Articles
Crossref
Scopus
Google Scholar
Europe PMC

References

"A comparison of Linux and Windows." Available : http://www.michaelhorowitz.com/Linux.vs.Windows.html, 2007

"Passwords Technical Overview." Available: https://technet.microsoft.com/en-us /library/hh994558(v=ws.10).aspx,2012

"Defending the pass-the-hash attacks" Available: http://www.microsoft/com/security/sir/strategy/default.aspx#!Password_hashes, 2015

"How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases?" Available: https://support.microsoft.com/en-us/kb/299656,2015

R. Allen, Active Directory cookbook, 3rd edition,O’Reilly Media publications, Dec.2008

D. Todorov, Mechanics of User Identification and Authentication, Auerbach Publications, June, 2007

"Microsoft Windows 2000 Security Hardening Guide." Available: https://technet.microsoft.com/en-us/library/dd277300.aspx#ECAA,2003

"Password Technical Overview". Available: http://technet.microsoft.com/en-us/library/hh994558(v=ws.10).aspx , 2012

"NTLM Overview". Available: http://technet.microsoft.com/en-us/library/hh831571.aspx, 2012

Sanders, "How I Cracked your windows password [part-1]." Available : http://www.windowsecurity.com/articlesQTutorials/authentication and encryption/HowQCrackedQWindowsQPasswordQ Part1.html, 2010

George Khalil, SANS Institute, "Password Security-- Thirty-Five Years Later", 2014

D. Fisher, "What is a keylogger?" Available: https://blog.kaspersky.co.in/keylogger/, 2013

D. Dieterle , "Memory forensics: How to pull password from a memory dump," in Cyber Arms-computer Security, 2011

"Selecting Secure Passwords". Available : https://technet.microsoft.com/en-us/library/cc875839.aspx,2015

"Salted Password Hashing –Doing it right". Available: https://crackstation.net/hashing-security.htm, 2016