Some security experts send along a press release about a new version of their password auditing software, and it is said to work with Vista, too.
Reduce Network Security Threats with Password Security Audit Software
ElcomSoft, a global leader in password recovery solutions, has released Proactive Password Auditor(TM) 1.7, a password audit and security test tool that makes it easy for NT4/2000/XP/2003 systems administrators to identify and close security holes in their networks. By running Proactive Password Auditor regularly, managers can have peace of mind that the basic lock on their networks is secure.
New features in version 1.7 include full UNICODE compliance, allowing the program to work with user names and passwords in all of the Asian languages; and Rainbow Attack for NTLM as well as LM authentication, allowing you to create pre-computed hash tables that dramatically reduce the amount of time required to find most passwords. Besides, new version is now able to work on machines with DEP (Data Execution Prevention) feature enabled, and supports Windows Vista.
\n\nPassword hacking continues to be a serious network security\nthreat. Too often, people use simple and easy-to-remember passwords such as\ncommon words, repeating characters, and names. Proactive Password Auditor helps\nsecure networks by executing a comprehensive audit of account passwords, and\nexposing all insecure passwords. Chief Security Officers can locate individual\nsecurity holes, and patch them immediately. They can also identify patterns and\ntrends that weaken security, and develop the appropriate policies to improve\nnetwork security. An administrator can use Proactive Password Auditor to\nrecover any lost password, and access a user's Windows account.
\n\nThe program audits passwords by analyzing user password hashes,\nand recovering plain-text passwords. If it is possible to recover the password\nwithin a reasonable time, the password is considered insecure. The program\nsupports both LM and NTLM password authentication protocols. Proactive Password\nAuditor can audit and authenticate passwords very quickly, whether it's one\ncomputer with a single account, or multiple servers and computers with\nthousands of user accounts.
\n\nIn addition to Microsoft Active Directory Support, faster\noperation, better wordlist management, and automatic decryption of passwords for\ncertain system accounts, the software offers four unique approaches to reducing\nnetwork security threats:
\n\n (1) Rainbow Attack - Because it can take days or\nweeks for a computer to generate all of the possible passwords for a particular\nsystem, ElcomSoft has introduced a new "rainbow attack" subsystem.\nYou can run Proactive Password Auditor in the background to generate and use\npre-computed hash tables that will allow you to find most passwords in minutes\ninstead of days or weeks; “,1] ); //–>
Password hacking continues to be a serious network security threat. Too often, people use simple and easy-to-remember passwords such as common words, repeating characters, and names. Proactive Password Auditor helps secure networks by executing a comprehensive audit of account passwords, and exposing all insecure passwords. Chief Security Officers can locate individual security holes, and patch them immediately. They can also identify patterns and trends that weaken security, and develop the appropriate policies to improve network security. An administrator can use Proactive Password Auditor to recover any lost password, and access a user’s Windows account.
The program audits passwords by analyzing user password hashes, and recovering plain-text passwords. If it is possible to recover the password within a reasonable time, the password is considered insecure. The program supports both LM and NTLM password authentication protocols. Proactive Password Auditor can audit and authenticate passwords very quickly, whether it’s one computer with a single account, or multiple servers and computers with thousands of user accounts.
In addition to Microsoft Active Directory Support, faster operation, better wordlist management, and automatic decryption of passwords for certain system accounts, the software offers four unique approaches to reducing network security threats:
(1) Rainbow Attack - Because it can take days or weeks for a computer to generate all of the possible passwords for a particular system, ElcomSoft has introduced a new “rainbow attack” subsystem. You can run Proactive Password Auditor in the background to generate and use pre-computed hash tables that will allow you to find most passwords in minutes instead of days or weeks;
(2) Preliminary Attack - Under this regimen, password hashes are retrieved, and the audit process starts automatically, using pre-configured options. First, the program checks obvious passwords (for example, the password is the same as the user name). Second, it retrieves and decrypts passwords from memory. Third, the program runs the dictionary attack.
(3) Simultaneous Auditing - The program can audit multiple accounts at once, from a single computer or from multiple computers. Auditing thousands of accounts is performed at the same speed as auditing a single account.(4) Credentials management - By saving user names and passwords for computers the program connects to, future audits are performed with just a few clicks, and without having to re-enter set-up information.
Proactive Password Auditor v. 1.7 runs under Windows NT4/2000/XP/2003 and Windows Vista; some program features require Administrator privileges. Prices begin at US$299 for networks with up to 20 user accounts. For more information and free trial version, visit www.password-auditor.com.
They’ll even provide a free trial if you’d like to play. It sounds as if this software is for the IT Guru rather than the lawyer but if password management is an issue at your firm you may wish to take a look.
Leave a Reply