Ans 1 Discuss how to use Cain & Abel to initiate a brute force attack.

Cain & Abel is a software for cracking password in different system, such as windows, cisco etc. the software contains so many types of method to crack password, one of them is called Brute-force Attack.

To perform brute force attack, user need to install the software on the target computer to perform the attack. From the cracker tab of the software, we can add the target user on the it and select the brute-Force Attack.

Windows will not save the user password directly but will save it in a hash. There are many kinds of hash used in different situation, windows use HTLM hash to save the password.

So, after select the brute force attack, we need to choose “NTLM Hashes”. After the selection, screen will show a window which contain many important information for the attack.

1. Predefined: Predefined is a list provide for the user to select what type of character to use in the password. Password usually contain lower case character and number, but the software allow user to select different combination. Such as upper case, symbolled etc.
2. Password length is defined the length of the password we are looking for. Normally people will use a 6-digit number, but it allows user to change the length of the password.
3. Time left: It show the time for using to crack the password. If include more type of character in Predefined or increase the password length will highly increase the time to crack the password.

After all predefined and password length are confirm press the start the button to start the attack and wait for the result.

 Ans 2 Discuss the problems with using the brute force attack and compare and contrast with another password attack.

The problems of using brut force attack is time consuming. The reason of using so much is that the cracking method is trying all the combination without any prior information of the possible password.

Beside brute force attack, there are another attack can be use such as “Dictionary attack”.

Dictionary attack is using a dictionary of most comment password provided by the user or download for the website of 10,000 top password as a reference to crack the password. Because some people using a 6 digit lower case password as a habits, so it will be very fast to crack the password if it is on the list. 

Ans 3 In relation to your findings in the lab define and justify the minimum requirements for a secure password policy.

From the lab I have change two setting under brute force attack

1. Predefined: include or exclude symbol in the password
2. Password length: increase or decrease the length of the password

And found out that include symbol and increase length of the password can significantly increase the time to crack the password. So, the minimum requirements are setting at least two rules for the user to create password:

1. The length of the password > 8
2. The password must contain upper case, lower case and symbol