Types of Authentication Attacks and Tools Used to Prevent Them
As the name suggests, authentication attacks are initiated by intruders who expolit others in order to steal the identity of the users' personal information, login credentials and authentication passwords to gain access to valuable resources. Authentication is one of the processes of preventing an outsider from gaining access to a user’s account or information and reusing it to impersonate them.
Awareness tip: To protect one's identity, effective authentication is required between hosts. Authentication should only be between trusted hosts and users.
Advice: Don't allow access to unauthenticated users, if you can help it.
Here are the different types of authentication attacks:
Shared Key Guessing. An intruder by use of various cracking tools tries to guess the shared key of a wireless network and gain access to it. These tools make use of brute force technique (trying different combinations in real time) in order to make guessing of a shared key.
Tools Used: WEP Cracking tools
PSK Cracking. PSK stands for Pre Shared key. A shared key can be in any format: a pass phrase or anything else. A PSK is a key that has already been shared. The attacker tries to intercept the successful handshake and then uses a dictionary attack to retrieve the shared key.
Tools Used: KisMAC, coWPAtty, wpa_crack and genpmk
Application Login Theft. Here, the attackers try to steal the login credentials of a user like email address, username and password from application protocol.
Tools Used: PHoss , Ace Password Sniffer, WinSniffer and Dsniff
Domain Login Cracking. Attacking the domain names and retrieving the user credentials like username and password with the help of network sniffing tools. Such tools make use of brute force technique to gain access to user credentials.
Tools Used: L0phtCrack , John the Ripper and Cain
VPN Login Cracking. Cracking usernames and passwords by executing brute force attacks on VPN protocols.
Tools Used: ike_crack (IPsec) & ike_scan, THC-pptp-bruter and anger
802.1X Identity Theft. The packets sent by the 802.1x protocol in response is captured by an attacker to crack user credentials.
Tools Used: Capturing Tools
802.1X Password Speculation. After an attacker intercepts an identity, he/she continuously guesses the password in order to pass authentication.
Tools Used: Password dictionary and other tools
802.1X LEAP Cracking. The attacker captures the LEAP (Lightweight Extensible Authentication Protocol) packets and then cracks the user credentials from it.
Tools Used: Asleap, Anwrap and THC-LEAPcracker
802.1X EAP Downgrade. Using this technique, an attacker forces the server to offer a weaker type of authentication by issuing continuous NAK/EAP packets in response. NAK stands for Negative Acknowledgement.
Tools Used: libradiate and File2air