Password protecting a laptop does not ensure data protection, the password protection of laptops provides a false sense of security. Passwords on laptops are good to implement to prevent unauthorized access, however when a thief steals a laptop and has time, getting around the password is quite simple. There are also issues if there was no way to get around passwords, as even admins forget them and need access to the system. Passwords are good to have, but will not stop a thief from accessing the device, only slow them down a bit. Here is a quick run through of some common techniques for getting around the passwords for different platforms:
Windows XP & Vista
Windows can be cracked using several available tools one popular one is OphCrack, which is free. The software can works with Windows, Mac OS X and Linux. It comes with a LiveCD version which automates the retrieval, decryption, and cracking of passwords from a Windows system. The latest version uses a new faster technique using rainbow tables and can crack 99.99 % of alphanumeric passwords of up to 14 characters in usually a few seconds, and at most a few minutes. The software works with older versions of Windows as well. Another commerical product is Proactive Password Auditor from Elcomsoft. The software utilizes similar techniques to OphCrack but with a bit more automation and a friendlier user interface. The product basically makes password a mainstream technique that anyone can use to gain access to a system.
OS X
For OS X 10.4 The root password can be easily reset in OS X by booting the system from the Mac OS X installation CD and selecing the Reset password option under "Utilities" from the installer screen and follow the directions. OS X 10.5 can be reset using single user mode. (hold down 'Command' and 'S' during reboot or startup.) At the prompt, type fsck -fy Type mount -uw /Type launchctl load /System/Library/LaunchDaemo ns/com.apple.DirectoryServices. plist Type dscl. -passwd /Users/username newpassword replace with the real "username" and follow with the new password, as shown.
Linux
Boot Linux into single-user mode
Reboot the machine.
Press the ESC key while GRUB is loading to enter the menu.
If there is a 'recovery mode' option, select it and press 'b' to boot into single user mode.
Otherwise, the default boot configuration should be selected. Press 'e' to edit it.
Highlight the line that begins with 'kernel'. Press 'e' again to edit this line.
At the end of the line, add an additional parameter: 'single'. Hit return to make the change and press 'b' to boot.
Change the admin password
The system should load into single user mode and you'll be left at the command line automatically logged in as root. Type 'passwd' to change the root password or 'passwd someuser' to change the password for your "someuser" admin account.
Reboot
Enter 'reboot' to restart into your machine's normal configuration.
These are just a few techniques used to get around password protection on laptops. The first thing that should be implemented is making passwords longer, a 14 character password can be cracked in a matter of minutes. Most IT administrators require a password of 8 characters, this is not sufficient. It is better to devise a phrase instead of just a word.
Encryption, Encryption, Encryption
If you have sensitive information on your system, it is important to ensure that the data is encrypted, many operating systems have this built-in and there is also free encryption tools such as TrueCrypt that provide excellent encryption, so even if your password protected laptop is cracked, your data is still secure, just make sure you use a different password for your encrypted drive.
Monday, August 17, 2009
Subscribe to:
Post Comments (Atom)
Follow Me... Stay Connected
MY STATS
No comments:
Post a Comment