Brutus, one of the most widely used remote password cracking tools, is both quick and extremely adaptive. Brutus is a free tool available on Windows systems and was released in October 1998. Despite its age and lack of updates, Brutus is easy to use and can efficiently produce results. Bruin supports POP3, SMB, Telnet, HTTP (Basic Authentication/HTML Form), NNTP, NetBus, and IMAP. Brutus also allows users to create their own authentication types. This tool supports multi-stage authentication engines and can also connect to 60 targets at the same time. One of the more interesting features is that you can pause the attack and restart it later. This tool guesses passwords using dictionary-style attacks. Brutus was originally created to help check routers for common and default passwords but became widely used by all. Some additional functions Brutus has are highly customizable authentication sequences, error handling and recovery capabilities, and a password, combo, and configurable brute force modes.
For a medium to large size company, I would recommend solid password requirements, as nothing is ever safe enough. I would suggest at least a 10-14-character minimum, consisting of letters, special characters, and numbers. No dictionary words should be allowed. I would also recommend a 3-month policy for making new passwords. Passwords should not include any personal information such as a user’s pet’s name or the high school they went to, as this information can be easily found on social media. By enforcing password history, a list of previously used passwords is kept, preventing the same password being used more than once. A company should also make sure that there is a minimum password age; a period of time between password changes, preventing a password being changed multiple times at once. Passwords should never be written down and the more complex the password, the harder it will be to crack or guess. The single most crucial part of any password protection is merely educating employees of common password security practices. Not telling people passwords, using non-complicated passwords, and failing to renew passwords promptly may seem like mundane tasks. However, many do not know how important these practices are to ensure that password security is always at its maximum capabilities.
References:
Hollan, John. (2017). 10 Most Popular Password Cracking Tools [Updated for 2017]. Retrieved from http://resources.infosecinstitute.com/10-popular-password-cracking-tools/.
Hoobie. (2017). Brutus. Retrieved from http://www.hoobie.net/brutus/.
Securing The Universe 