Brute force attacks and OS hardening
暴力破解攻擊與作業系統強化
In this reading, you’ll learn about brute force attacks. You’ll consider how vulnerabilities can be assessed using virtual machines and sandboxes, and learn ways to prevent brute force attacks using a combination of authentication measures. Implementing various OS hardening tasks can help prevent brute force attacks. An attacker can use a brute force attack to gain access and compromise a network.
在這篇閱讀中,您將了解暴力破解攻擊。您將考慮如何使用虛擬機和沙盒來評估漏洞,並學習如何通過結合身份驗證措施來防止暴力破解攻擊。實施各種操作系統強化任務可以幫助防止暴力破解攻擊。攻擊者可以使用暴力破解攻擊來獲取訪問權限並危害網絡。
Usernames and passwords are among the most common and important security controls in place today. They are used and enforced on everything that stores or accesses sensitive or private information, like personal phones, computers, and restricted applications within an organization. However, a major issue with relying on login credentials as a critical line of defense is that they’re vulnerable to being stolen and guessed by malicious actors.
用戶名和密碼是當今最常見且重要的安全控制措施之一。它們被用於並強制應用於所有存儲或訪問敏感或私人信息的事物上,如個人手機、電腦以及組織內的受限應用程序。然而,依賴登錄憑證作為關鍵防線的一個主要問題是,它們容易被惡意行為者竊取和猜測。
Brute force attacks 暴力破解攻擊
A brute force attack is a trial-and-error process of discovering private information. There are different types of brute force attacks that malicious actors use to guess passwords, including:
暴力破解攻擊是一種通過反覆試錯來發現私人信息的過程。惡意行為者使用不同類型的暴力破解攻擊來猜測密碼,包括:
Simple brute force attacks. When attackers try to guess a user's login credentials, it’s considered a simple brute force attack. They might do this by entering any combination of usernames and passwords that they can think of until they find the one that works.
簡單的暴力破解攻擊。當攻擊者嘗試猜測用戶的登入憑證時,這被視為一種簡單的暴力破解攻擊。他們可能會通過輸入任何他們能想到的用戶名和密碼組合,直到找到一個有效的為止。Dictionary attacks use a similar technique. In dictionary attacks, attackers use a list of commonly used passwords and stolen credentials from previous breaches to access a system. These are called “dictionary” attacks because attackers originally used a list of words from the dictionary to guess the passwords, before complex password rules became a common security practice.
字典攻擊使用類似的技術。在字典攻擊中,攻擊者使用一份常用密碼和從先前洩漏中竊取的憑證清單來訪問系統。這些被稱為「字典」攻擊,因為攻擊者最初使用字典中的單詞清單來猜測密碼,這是在複雜密碼規則成為常見安全措施之前的做法。
Using brute force to access a system can be a tedious and time consuming process, especially when it’s done manually. There are a range of tools attackers use to conduct their attacks.
使用暴力破解來訪問系統可能是一個繁瑣且耗時的過程,尤其是手動進行時。攻擊者使用一系列工具來進行攻擊。
Assessing vulnerabilities
評估漏洞
Before a brute force attack or other cybersecurity incident occurs, companies can run a series of tests on their network or web applications to assess vulnerabilities. Analysts can use virtual machines and sandboxes to test suspicious files, check for vulnerabilities before an event occurs, or to simulate a cybersecurity incident.
在發生暴力破解攻擊或其他網路安全事件之前,公司可以對其網路或網頁應用程式進行一系列測試,以評估漏洞。分析師可以使用虛擬機和沙盒來測試可疑文件,在事件發生前檢查漏洞,或模擬網路安全事件。
Virtual machines (VMs) 虛擬機器(VMs)
Virtual machines (VMs) are software versions of physical computers. VMs provide an additional layer of security for an organization because they can be used to run code in an isolated environment, preventing malicious code from affecting the rest of the computer or system. VMs can also be deleted and replaced by a pristine image after testing malware.
虛擬機(VMs)是實體電腦的軟體版本。虛擬機為組織提供了一層額外的安全性,因為它們可以用來在隔離的環境中運行程式碼,防止惡意程式碼影響電腦或系統的其他部分。在測試惡意軟體後,虛擬機也可以被刪除並替換為一個全新的映像。
VMs are useful when investigating potentially infected machines or running malware in a constrained environment. Using a VM may prevent damage to your system in the event its tools are used improperly. VMs also give you the ability to revert to a previous state. However, there are still some risks involved with VMs. There’s still a small risk that a malicious program can escape virtualization and access the host machine.
在調查可能受感染的機器或在受限環境中運行惡意軟體時,虛擬機非常有用。使用虛擬機可以防止在工具使用不當時對系統造成損害。虛擬機還使您能夠恢復到先前的狀態。然而,使用虛擬機仍然存在一些風險。仍然有小風險是惡意程式可能會逃脫虛擬化並訪問主機。
You can test and explore applications easily with VMs, and it’s easy to switch between different VMs from your computer. This can also help in streamlining many security tasks.
您可以輕鬆地使用虛擬機測試和探索應用程式,並且可以輕鬆地從電腦切換不同的虛擬機。這也有助於簡化許多安全任務。
Sandbox environments 沙盒環境
A sandbox is a type of testing environment that allows you to execute software or programs separate from your network. They are commonly used for testing patches, identifying and addressing bugs, or detecting cybersecurity vulnerabilities. Sandboxes can also be used to evaluate suspicious software, evaluate files containing malicious code, and simulate attack scenarios.
沙盒是一種測試環境,允許您在與網路隔離的情況下執行軟體或程式。它們通常用於測試補丁、識別和解決錯誤,或檢測網路安全漏洞。沙盒還可以用來評估可疑軟體、評估包含惡意代碼的文件,以及模擬攻擊情境。
Sandboxes can be stand-alone physical computers that are not connected to a network; however, it is often more time- and cost-effective to use software or cloud-based virtual machines as sandbox environments. Note that some malware authors know how to write code to detect if the malware is executed in a VM or sandbox environment. Attackers can program their malware to behave as harmless software when run inside these types of testing environments.
沙盒可以是獨立的實體電腦,這些電腦不連接到網路;然而,使用軟體或基於雲端的虛擬機作為沙盒環境通常更具時間和成本效益。請注意,一些惡意軟體作者知道如何編寫代碼來檢測惡意軟體是否在虛擬機或沙盒環境中執行。攻擊者可以編程使其惡意軟體在這些測試環境中運行時表現得像無害的軟體。
Prevention measures 預防措施
Some common measures organizations use to prevent brute force attacks and similar attacks from occurring include:
一些組織用來防止暴力破解攻擊和類似攻擊的常見措施包括:
Salting and hashing: Hashing converts information into a unique value that can then be used to determine its integrity. It is a one-way function, meaning it is impossible to decrypt and obtain the original text. Salting adds random characters to hashed passwords. This increases the length and complexity of hash values, making them more secure.
加鹽和雜湊:雜湊將信息轉換為一個獨特的值,然後可以用來確定其完整性。這是一種單向函數,意味著無法解密並獲得原始文本。加鹽是在雜湊密碼中添加隨機字符。這增加了雜湊值的長度和複雜性,使其更安全。Multi-factor authentication (MFA) and two-factor authentication (2FA): MFA is a security measure which requires a user to verify their identity in two or more ways to access a system or network. This verification happens using a combination of authentication factors: a username and password, fingerprints, facial recognition, or a one-time password (OTP) sent to a phone number or email. 2FA is similar to MFA, except it uses only two forms of verification.
多因素身份驗證(MFA)和雙因素身份驗證(2FA):MFA 是一種安全措施,要求用戶以兩種或多種方式驗證其身份以訪問系統或網絡。這種驗證是通過結合身份驗證因素來進行的:用戶名和密碼、指紋、面部識別或發送到手機號碼或電子郵件的一次性密碼(OTP)。2FA 類似於 MFA,但僅使用兩種驗證形式。CAPTCHA and reCAPTCHA: CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It asks users to complete a simple test that proves they are human. This helps prevent software from trying to brute force a password. reCAPTCHA is a free CAPTCHA service from Google that helps protect websites from bots and malicious software.
CAPTCHA 和 reCAPTCHA:CAPTCHA 是「完全自動化的圖靈測試以區分電腦和人類」的縮寫。它要求用戶完成一個簡單的測試,以證明他們是人類。這有助於防止軟體嘗試暴力破解密碼。reCAPTCHA 是 Google 提供的免費 CAPTCHA 服務,幫助保護網站免受機器人和惡意軟體的侵害。Password policies: Organizations use password policies to standardize good password practices throughout the business. Policies can include guidelines on how complex a password should be, how often users need to update passwords, whether passwords can be reused or not, and if there are limits to how many times a user can attempt to log in before their account is suspended.
密碼政策:組織使用密碼政策來在整個企業中標準化良好的密碼實踐。政策可以包括密碼應該有多複雜的指導方針、用戶需要多頻繁更新密碼、密碼是否可以重複使用,以及用戶在帳戶被暫停之前可以嘗試登錄的次數限制。
Key takeaways 關鍵要點
Brute force attacks are a trial-and-error process of guessing passwords. Attacks can be launched manually or through software tools. Methods include simple brute force attacks and dictionary attacks. To protect against brute force attacks, cybersecurity analysts can use sandboxes to test suspicious files, check for vulnerabilities, or to simulate real attacks and virtual machines to conduct vulnerability tests. Some common measures to prevent brute force attacks include: hashing and salting, MFA and/or 2FA, CAPTCHA and reCAPTCHA, and password policies.
暴力破解攻擊是一種通過反覆嘗試來猜測密碼的過程。攻擊可以手動發起或通過軟體工具進行。方法包括簡單的暴力破解攻擊和字典攻擊。為了防範暴力破解攻擊,網路安全分析師可以使用沙盒來測試可疑文件、檢查漏洞,或模擬真實攻擊,並使用虛擬機器進行漏洞測試。一些常見的防止暴力破解攻擊的措施包括:雜湊和加鹽、多因素驗證和/或雙重驗證、CAPTCHA 和 reCAPTCHA,以及密碼政策。