Password Attacks

5 Types of Password Attacks and how you can prevent them

If you think about why password attacks and breaches are so common, the answer to that is simple – people use passwords that are not strong enough or those that can be easily hacked through trial and error. During times like these, the best thing to do is keep our passwords strong. Cybercriminals are clever enough to realize that if they have hacked one of your passwords, they can try the same cracked password in the other accounts that you may or may not have.

The important thing here is to improve your password security so that it puts up additional barriers for the potential hacker to overcome.

 

Here are 5 types of Password Attacks and how you can prevent them:

Man-in-the-middle Attacks, Brute force Attack, Dictionary Attack, Credential Stuffing, Phishing and Keyloggers. Now let’s dive into each of these in detail.

 

Man-in-the-Middle Attacks

Imagine you are at a restaurant with someone (probably on a date or on a business meeting). The conversation is going great, the ambience is amazing; everything is just fine except this one thing. The waiter keeps interrupting you every now and then. Probably eavesdropping or maybe just there to ruin your time. That waiter is a “Man-in-the-Middle”. Someone who is uncalled for and not needed.

Or just imagine, you are there at the restaurant to meet Person A and you meet and have a proper conversation only to realize somewhere in between that the person you are talking to is faking it. It is not Person A but rather Person B. Terrifying scenario, right?

Man-in-the-Middle Password Attacks are just the same.

Three people are involved in this type of attack. The cyberattacker, the initiator (sender) and the receiver (recipient).

In this type of password attack, you’d find the cyberattacker impersonating either the sender or the receiver, most probably through an email. The look and feel of the email would be authentic and there’ll be some minor differences that will be hard to catch.

 

Here’s how you can steer safe from or prevent Man-in-the-middle attacks:

VPN: A private network/tunnel, where confidential information is passed through the encrypted tunnel and man-in-the-middle attacks are very rare in this case. However, the VPN that you subscribed to should be a trusted entity. Don’t just go for any VPN provider.

Encryption: If your router is not encrypted and locked, anyone who connects to your network can have access to the data that is passing through the users connected to the network. Use a strong password on your router/modem.

Extra Security: Enable 2FA or MFA on your home Wi-Fi or router.

 

Brute-force Attack

As the name suggests – a hit-and-miss, trial-and-error of passwords. Usually, an automated approach where a permutation and combination of various passwords is tried one after the other on a system.

At least some accounts could be hacked through this method if not all.

 

Types of Brute Force Attacks

Apart from the general type of Brute Force Attack (which is random guesswork), there are other advanced types such as:

  • Dictionary Attacks:
    A type of brute force attack where every word in a dictionary is typed out as a possible password. It is also used to decrypt encrypted information.
  • Hybrid Brute-force:
    An analysis on which combinations would work
  • Rainbow Table Attacks:
    Passwords typed are stored in hash – this attack targets those. The table is used to guess functions up to a certain length.

 

All these brute-force password attacks use automation and bots to crack passwords since multiple attempts are made.

 

Credential Stuffing

These often have a logic behind them. How credential stuffing works is:

  • Automation methods or bots are set up and it starts cracking into systems faking its IP address by trying different password combinations. There may or may not be multiple bots at work at once.
  • Once this is done the password that has been cracked is tried across multiple websites to see if it has been used somewhere else or not.
  • Once cracked, the password is then saved to be used for future use.

Since the method is quite intelligent, you need to have better preventive measures to tackle this:

  • Using Captcha:
    Remember how you try to access a certain part of a website or somewhere that requires form filling, you are prompted to solve a simple puzzle, or type the alphanumeric that is displayed on the screen. Bots are not always that intelligent hence it becomes difficult for them to crack this stage.
  • Block IPs:
    If you see someone trying to access using the same few IP Addresses, you can prevent that by blocking the IPs. But there is no guarantee to this as the cyber attacker may have multiple such IPs in hand or even if a few are blocked, it may be easy for him to fake his IP address again and try.
  • MFA:
    Enabling multi-factor authentication leads to one more layer of added security. Most probably you will get a code on your email ID or a notification on your mobile device.

 

Phishing

A Social Engineering attack. This type of attack is meant to steal user data such as credit or debit card details. Quite similar to a man-in-the-middle attack, the cyber attacker impersonates themselves as a trusted entity and fools the target into opening an email or a link in a message which is meant to steal data.

Here is how you can prevent phishing attacks:

  • If something sounds too good to be true or if the sender is unknown, you have to do a thorough verification of their email ID.
  • Look for spelling mistakes in the domain name within the email ID.

There are different types of Phishing password attacks such as:

 

  • Smishing:
    The name is coined from 2 words: SMS + Phishing= Smishing. Nasty attack and a type of phishing where the attacker masks himself to be a prestigious, trustworthy institution like a bank with the aim of asking for confidential information. Usually, through that one SMS, the user is asked to reply back with details on that number or by asking to click a link within the SMS.

 

  • Spear Phishing:
    When an email seeks unauthorized access to sensitive information. This type of attack is not usually sent by a mere hacker but somebody who could be known and just wants to retrieve some financial or confidential information. These also appear to come from a trusted source.

 

  • Whaling:
    Whale = The Giant fish. You receive an email from someone who seems like your boss, with very minor spelling errors and you send them sensitive information that they have asked for

 

Keyloggers

Now this one’s is mean. Keylogger is nothing but one of those password attacks where a spyware keeps track of the user’s activity. Cyberattackers use this type of attack to steal sensitive data. Keyloggers can steal the data either by connecting the targeted PC or mobile it to a hardware device or through software.

The attack through software occurs when people fall trapped by clicking a malicious link or attachment. Malware gets installed in their device and it automatically fetches sensitive data.

 

Password Best Practices

  • Your email should have a mix of uppercase, lowercase and numbers and special characters in them.
  • It should be lengthy. The longer the better. Might as well take a few extra seconds to type a long password rather than face the risk of losing data.
  • Once you do all this, make sure you rest your passwords in a timely fashion.

 

Frequently Asked Questions

What is Password Spraying?

You must have noticed that if you mistakenly type incorrect passwords at a stretch, your account could get blocked for some time. So, Password Spraying- a type of Brute Force Attack but a unique one, is wherein if the attacker has set a constant password for eg: abc123, and instead of trying a new password every time, the attacker keeps changing the username. In this way, the account will not get blocked as well.

 

What is Spear Phishing?

When an email seeks unauthorized access to sensitive information. This type of an attack is not usually sent by a mere hacker but somebody who could be known and just wants to retrieve some financial or confidential information. These types of password attacks also appear to come from a trusted source.

 

What helps protect from Spear Phishing?

  • Never click links or open or download attachments from unknown sources
  • You can block email addresses that look fishy
  • Update your system software to the latest build
  • Enable 2FA

 

What is a common indicator of a Phishing Attempt?

  • A logo that looks very similar to any popular brand out there
  • A name or an email address which sounds similar to a reputed organization
  • Malicious link or attachment
  • Shorter Content
  • Spelling Errors

 

How long does it take to crack an 8 digit password?

Less than 8 letter Passwords that have only numbers or only letters can be instantly cracked. But a password that has more than 8 characters takes longer (years if not less) to crack, if it is a mix of alphanumerics, different cases and special characters.

Upcoming

Do keep an eye on our blog section since we keep uploading a new blog every week.

 

 

Update esmc

Here’s how you can quickly update ESMC using the ESET Web console

What is ESMC?

ESMC stands for ESET Security Management Centre – it enables you to centrally manage all ESET products on servers, workstations and mobiles. Using the web console you can manage tasks, deploy ESET Solutions, enforce security policies and respond to issues arising through the remote computers.

 

To manage remote devices and to update ESMC-

  1. Login to the ERA (ESET Remote Administrator) Portal using a web browser (Google Chrome preferred).
  2. To check if an update is available, or to update the product, go to the help button (question mark) > Update Productupdate section
  3. Once you click on it, you will get an update popup. The popup will suggest and prompt you to take backup of all ESET Certification authorities (CA), Peer certificates and ESMC database.certificates
  4. To take backup of the above certificates, click on the open certification authorities (ca)or click on peer certificates  It will take you to certificate locations respectively where you can export them one by one.

 

Why take a backup of these certificates on ESMC?

As part of the installation/update process, ESMC needs a peer certificate for agents and a peer certificate authority and a certificate authority (CA). All these certificates are used to authenticate all the ESET Products that have been distributed under your license. For example, you can create a server certificate which will be required for distribution of ESET Server products.

  1. To export the certificate, click on one of the certificates and select “Export Public Key” It will download the certificate automatically. Follow the same steps for all certificates.

For database backup, click this link, which is suggested by ESET support. Or you can click on the OPEN DOCUMENTATION option to direct yourself to this link

 

Steps to take backup of the database



After taking backup we can go for an update. For that, Click the UPDATE button. An update of your ESMC Server is scheduled – in Client Tasks you can find a new client task that upgrades ESMC components on the computer where ESMC Server is installed. To update other ESMC components on the devices connected to ESMC Server to the latest version, you can trigger the Security Management Center Components Upgrade task directly from the update popup window.

 

Note: 

  1. After triggering the task you will lose connectivity of ESMC Console for some time until the ESMC upgrade process is done.
  2. Verify the updated version by going to appwiz.cpl or by login into the ESMC portal again and going to Help> About.
  3. Verify the connectivity after upgrading the ESMC by login into its Portal.
  4. Make sure that ESET Protect Server and Web console version (8.0) must be the same after update (refer given below SS) otherwise, it throws an error.

 

Some frequently asked questions:

What is ESMC console?

The traditional ERA Console has now been replaced by the ESMC (ESET Security Management Center) Web Console. It is the primary online interface that allows you to virtually administer and manage your clients and network from anywhere.

How do I access ESET management console?

If you are on a local ESMC Server: Open an ESMC-compatible web browser and type https://localhost/era in the address bar and you’ll be able to access the ESMC Web Console.

If your ESMC Server is accessible to outside connections: Open your web browser and type https://%yourservername%/era   Here you need to replace %yourservername% with your actual IP address or name of your web server

 

Which are the core components in Esmc 7 that must be installed?

For a perfect deployment, we recommend the following core components to be installed:

ESMC Web Console

ESET Management Agent

ESMC Server 

 

Is ESET Free?

ESET isn’t free but you can get a 30 day full-featured, free trial across all its 3 categories: Essential Protection, Advanced Protection and Ultimate Protection

Can you protect multiple devices using the free trial?

No. You can cover only 1 device during the trial but once you purchase the product, multiple devices can be secured via the ESET product of your choice.

Will ESET work if there is another pre-installed cybersecurity software?

It is best to uninstall any other software in the same category for this to work optimally.

 

Upcoming: 

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

 

Sophos SSL VPN – Save Password

Sophos SSL VPN is a VPN software that establishes a highly encrypted and secure tunnel for remote workers to connect to. The end-to-end encrypted tunnel requires both an SSL Certificate and a username and password combination for authentication and to create a secure connection.

 

Sophos SSL VPN Client does not allow to save the username and password credentials by default. However, there is a workaround to save the username and password.

 

 

How to Save Password in a Sophos SSL VPN Client

  1. Create a text file with username in one line and password in the next line
  2. Save the file name as Password.txt
  3. Save it to the path location “C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config”save credentials sophos ssl vpn 
  4. Run Notepad with Administrative Privileges
  5. Open the configuration file in the above location. Scroll down to the line “auth-user-pass” and update that to:
    auth-user-pass password.txt

 

That’s it! You should now be able to just double click the Sophos SSL VPN Client icon and it will log in automatically without you having to enter the credentials.

 

Disclaimer:

However, we would like to bring to your notice that we do not endorse this. because if your systems’ security gets compromised for eg: A hack, then it could fall into the wrong hands.

Upcoming:

We keep uploading new blogs every week on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

 

what is a vpn connection

What is a VPN Connection: A brief guide on Corporate VPN

What is a VPN Connection? 

For many, this termVPN might have been unheard of, before the work-from-home situations arose. For others, this term would have been highly familiar already. VPN is an abbreviation for Virtual Private Network. This blog post will be focusing on Corporate VPN and not personal VPNs.

Virtual means, a tunnelling protocol is created on a virtual medium. There is no physical connection. It’s a tunnel that cannot be accessed by the public, hence the name Virtual Private Network. The encrypted tunnel helps connect 2 endpoints i.e., your PC to the VPNs’ remote Server/Service Provider. 

But for it to remain private and provide full protection, it demands encryption. The public network can see that a tunnel exists but it would not know what data flows through it because of encryption via IPSec (Internet Protocol security), SSL or other such protocols. The people who have the decryption key or password are the only ones who can view and access the information that flows through it. 

 

 

What is a Corporate VPN? 

A Corporate VPN enables secure access and end-to-end encryption between devices in the same internal network no matter where they are working from. It has fewer limitations and provides enhanced security and more flexibility. 

The most common advantage it creates a corporate environment from the comfort of your own house. Employees can access files and do their work as if they are present in the office, physically.  

Some organizations use Virtual Desktop Infrastructure for convenience but VPNs are more cost-effective and also gets the job done by providing you with the needed security features. 

VPNs provide full anonymity by encrypting your connection, disguising IP and prevent ISPs or the government from prying on any confidential information. Your IP Address becomes distorted when your data passes through the encrypted tunnel enabled by the VPN. VPN users would all have an IP address different from their original IP, which is made possible with the help of a VPN Gateway.

 

What is VPN Gateway?  

A VPN gateway, also sometimes referred to as a VPN Concentrator, is a networking device that helps connect 2 or more nodes. 

It connects, routes, blocks or passes VPN Traffic across multiple users present in remote locations. Encryption and decryption of data and end-to-end delivery is ensured. The Gateway can be a router, a server or a UTM firewall, whose function is to assign IP addresses and manage multiple VPN Tunnels simultaneously. 

 

Out of IPSec, SSL, L2TP, and PPTP, which one is the most secure? 

Several tunnelling protocols are prevalent but corporate VPNs use either an IPSec, SSL or an MPLS protocol (MPLS will not be discussed in this blog post as it is a vast topic which would require an entire blog dedicated to it). 

1. IPSec Protocol 

IPSec verifies the session and encrypts each data packet. It can be used with other security protocols to improve security. Additionally, the user and the server must negotiate the parameters to keep the tunnel secure. 

2. SSL/TLS Protocol 

SSL VPN uses the SSL/TLS protocol. It is much simpler than IPSec.The data flowing through this tunnel is encrypted using the SSL or TLS Protocol. All traffic flowing between a web browser and an SSL VPN device is encrypted with this protocol. It is the most secured VPN protocol out of all the others. SSL is not preferred for network-to-network communication but is predominantly used for client-to-network communication. 

3.  Layer 2 Tunneling Protocol(L2TP)  

Often combined with IPSec to establish a super secure, double encapsulated connection. L2TP creates a tunnel between two L2TP points and IPSec helps encrypt the data for enhanced security. L2TP doesn’t provide encryption of its own. It relies on IPSec for its cryptographic requirements. 

4. Point to Point Tunneling Protocol (PPTP)  

PPTP is easy to set up but not as safe and secure as all the other types. It is speedy because of its low encryption level. No additional software is needed but it has many loopholes and can be blocked by firewalls.

 

Split VPN 

A major issue that people usually face while working from home was, their bandwidth getting hampered because of corporate and personal data being flowed through the same encrypted tunnel. The solution to this is the Split Tunnel VPN. 

Split tunnelling is a feature which enables the movement of corporate data through an encrypted tunnel and personal data to move through an unencrypted tunnel. 

However, features like these come with their own set of Pros and Cons. Let us dive into both. 

Pros 

  • Conserves Bandwidth as your internet traffic does not have to pass through the VPN Server 
  • Reduced traffic through each tunnel 
  • Increased bandwidth speed 

Cons 

  • Assume that a hacker has penetrated an employees’ network, and the split tunnel is poorly encrypted; it leaves room for the hacker to hack the corporate data. 

 

Full Tunnel 

The entire web traffic, corporate or personal would pass through a single, encrypted tunnel. All policies are set by the company, where access is denied for websites or apps that hamper employee productivity. Employee activity is tracked throughout the entire day. 

 

 

Types of VPN 

Remote Access VPN (Host-to-Site VPN) 

Remote Access VPN is feasible for connecting an individual, to the corporate internal network. A virtual tunnel is created between the employee and his/her company. And these are also secure and affordable.  

This can be further split into: 

NAS (Network Access Server) 

Could be a server or a software application. NAS asks for credentials to let the user sign in to the VPN 

VPN Client Software 

Users will have to install client software or a specific application, to enable this. The software creates the virtual tunnel connection to the NAS and also looks after the encryption. 

 

Host-to-Host VPN  

Here, two hosts are connected through a VPN Tunnel to enable secured data transfer. Before any type of transmission, the user is authenticated and encrypted keys are exchanged between the two users. 

 

Site-to-site VPN 

This type is most common in large business organizations. When remote, these are further divided into 2 types. Intranet-based Site-to-Site VPN and Extranet based Site-to-Site VPN. Let’s take the example of Infrassist itself, we have our head office in Ahmedabad, India and we have a branch office in Sydney, Australia; to ensure a secure connection between the two offices, an Intranet based site-to-site VPN is used.  

And if Infrassist is communicating with another organization, the secure transmission of data would be done using Extranet-based Site-to-Site VPN. 

When it comes to a corporate VPN, two types of topologies are present which could be explained easily through an example. 

Let’s suppose that Infrassist Technologies Pvt. Ltd has its Head Office (HO) in Ahmedabad, India and has 10 branch offices (BO) spanning across the globe. So, that means 11 offices in total.

Mesh Topology  

Assume that the company has structured its networks and tunnels in a mesh topology formation. If BO 1 is communicating with BO 2, the information is directly passed through the tunnel between them. No information is passed via the head office. 

Advantage:  

Branches remain independent so if the server at the HO goes down, the branches will remain functional and will not face any issue or glitch. 

If one branch in the network goes wrong, it doesn’t affect the routing between other nodes (Branch offices) 

Disadvantage: 

  • The HO does not have any control over the information flowing between its branches. 
  • If a 12th branch gets added, or every time a new branch is opened, a new VPN Configuration will have to be established on each of the other BOs.  

 

Hub & Spoke Topology 

It is a simple network structure where a central node is connected to all the other nodes. In a hub & spoke topology, every communication that happens across branches, will all have to pass via the head office.

Advantage: 

  • Better control over the communications that take place across branches. 
  • If a new branch is to be added to the network, the configurations for the same will be done only at the HO, branches need not carry out separate configurations. 
  • If one branch in the network goes wrong, it doesn’t affect the routing between other nodes (Branch offices) 

Disadvantage: 

  • If the server at the head office goes down, the entire network structure/topology will get affected. 
  • Lots of traffic is accumulated in the Head Office. 
  • High processing power is required at the Network Centre. 

 

 

VPN Security Best Practices 

When a large number of people work remotely, cyber threats are bound to arise. This has nothing to do with the dangers or security concerns associated with the VPN; the reasons could be that- 

  • Organizations associated with a cheap VPN Vendor 
  • Organizations don’t often update their VPNs with the latest security patches 

To mitigate these risks, Cybersecurity and Infrastructure Security Agency (CISA) has recommended the following best practices- 

  • Strong passwords should be set 
  • MFA should be enabled 
  • Update VPNs with the latest patches 

A few other VPN best practices include, 

  • Geo-boundaries can be set. If you are a company that is confined to Sydney only and you have 2-3 branches in the same city, you can set geo-boundaries so that no one else residing outside Sydney will have access to the corporate network. 
  • Minimalistic Access: Only a limited number of employees can access a certain folder. For example, the senior management or the directors will have access to a folder which is restricted for use to other employees. 
  • Reauthentication: You can set policies wherein the user is reauthenticated every 4 hours or every week etc.

Frequently Asked Questions

What does a VPN do?

VPN is an abbreviation for Virtual Private Network. It is a service that helps you remain incognito when you are browsing online. A VPN helps form an invisible encrypted tunnel or a connection between your computer and the internet. So while you are surfing on public networks, your data and identity remains anonymous and secure at the same time.

What is VPN used for?

To let the user that is searching on the Internet remain private and incognito. Mostly used when one is looking to bypass any type of censorship or geographical restrictions.

Make sure you use the VPN Service of a company that you trust and avoid free VPNs.

 

How to set up a VPN?

One way to set up a VPN is to set up a connection at home, using your router. The second way to do it in your Windows is by going to the start menu and typing VPN and add a VPN in the option. You can also set up a VPN on your Mac Device and iOS. To learn how to do this in-depth, read this blog.


 

Upcoming

If you are interested in reading technical blogs, we suggest you keep an eye on our website’s blog section every week.

 

avoid cybersecurity risks during wfh

How to avoid Cybersecurity Risks during WFH in 2022

The entire work from home model is being highly popular and a common practice around the world. This article will teach how you can avoid cybersecurity risks during WFH. As per the latest International Workplace Group report, 50% of employees globally are now working outside of their main office. While the model provides flexibility, improves productivity, promotes work-life balance, there are hidden risks that have the potential to create security issues in future. The biggest threat from the work from home model is that the company’s sensitive data is at risk.

 

Where is the cybersecurity risk in WFH?

All of your employees working from home must be connecting to the network through their home wireless network or accessing external internet service using unsecured public Wi-Fi. This type of connection is prone to the possibility of malicious activities to be happened to get access to your data. For example, if the data is sent out in an unencrypted form, it might get intercepted and stolen by malicious actors. This is the reason why restricting your employees from
using any unknown network can be considered a safe practice. With an increased risk of employees falling prey to cyber-attacks, business leaders must leverage new policies and technologies for cybersecurity risk management to keep their companies and employees safe.

  1. Establish standard technology system

Hardware platform security has become even more important. Sophisticated hackers can sidestep operating systems’ security protections by gaining root access or compromising the BIOS software underneath the OS. With work from home,
guaranteeing that employee devices have facilities like BIOS buoyancy is more vital than ever. Cybersecurity risk assessment framework – involving technologies like self-recovery BIOS can help alleviate the cybersecurity risk of attacks
below the OS where detection and redress are challenging. With all these precautions in place, one can ensure that employees will not need to replace or reinstall hardware, provide detection and automatic recovery of the firmware system in
the case of BIOS corruption or compromised due to malware, and provide peace of mind.

  1. Plan against unsecured entry points

While most of the world is under shelter-in-place restrictions and using their devices from home, it’s only a matter of time before workers across the globe begin heading back to shared workspaces, coffee shops, planes and everywhere else
in between. Addressing the risks posed by potentially logging onto a rogue access point is a vital consideration. Employees must be diligent in making sure that they are not logging onto the wrong Wi-Fi. IT specialists should continue to
hold employee training sessions on the danger of unsecured access points.

  1. Simplify employee access to credentials

Credential and access management have long been a challenge for IT teams, many of which are over-burdened and short-staffed due to critical talent shortages. Addressing the basics of making sure users don’t have administrator rights, only
have access to the systems, repositories, shares and networks that they need, and only for how long they need them, goes a long way to help mitigate against credential theft – and as a result, malicious access to more sensitive data and
systems. Remote work comes with security risks that you should address before you allow anyone to work from outside the office – no matter if we’re talking about permanent remote workers or the ones who do it just a few hours per month.
However, only when you will correctly respond to this challenge, will you be capable of fully seizing this opportunity that increases talent retention, productivity, and improves your staff’s work-life balance.

This Kaspersky article highlights cybersecurity risks and tips for staying safe during WFH.

 

Other Blogs:

We upload blogs on our website regularly related to RMMs and Microsoft Office 365. Or if you have any topic suggestions or queries, post a comment or write in to us, here.