Access Control Fundamentals

In information security, access control is imperative to ensure confidentiality, integrity, and availability. Controlling who has access to a system and the breadth of access a user has is vital to ensure the security of systems and data on the systems. Read this article to understand the terms access control, access, subject, and resource. Note the challenges, the principles, the criteria, and the practices used in access control.

10. Access Control Threats

10.11. Dictionary Attacks

Overview

Dictionary attacks are launched by programs which are fed with lists (dictionaries) of commonly used words or combinations of characters and then compares these values to capture passwords.
Once the right combination of characters is identified, the attacker can use this password to authenticate herself as a legitimate user.
Sometimes the attacker can even capture the password file using this kind of activity.

Countermeasures

To properly protect an environment against dictionary and other password attacks, the following practices should be followed:

Do not allow passwords to be sent in cleartext.
Encrypt the passwords with encryption algorithms or hashing functions.
Employ one-time password tokens.
Use hard-to-guess passwords.
Rotate passwords frequently.
Employ an IDS to detect suspicious behavior.
Use dictionary cracking tools to find weak passwords chosen by users.
Use special characters, numbers, and upper- and lowercase letters within the password.