Introduction
For a long time, companies and business enterprises have faced testing times in attempting to keep the password secure and protected to avoid loss. Computer security is the practice of averting and discovering illicit use of your computer. Deterrence actions help you to impede unauthorized abusers from reaching any component of your computer structure. Detection aids in determining whether or not intruders tried to burglarize your system, in case they were victorious, and what they possibly would have done (DOHERTY & ANDERSON 2007). Detection and protection against infringements in data networks is an area of science where there are no silver bullets. This is attributable to the sheer size and multiplicity of intrusion types. Studies estimate that the figure of intrusion attempts over the whole Internet is roughly speaking 25 billion daily and increasing. McHugh (2001) asserts that the intrusions are getting even more complicated while they get more programmed and hence the skills needed to contain them are reduced. The majority of information security systems intend to recognize identified attacks or anomalies devised as rules for detection (DOHERTY & ANDERSON 2007, p132).
Most times administrators keep data and information in servers protected by the use of passwords which are usually memorized by an individual (WANG 2009, p.45). In case one resigns, dies, or gets a memory lapse, it becomes hard for the entire company to find the stored information due to data encryption. Due to this and other factors of consideration, many security tools have been invented to cater for the same. In addition to this, because of the existence of network data hackers and crackers, passwords need to be made strong enough and hard for cracking. With this in mind, we go on to look at some of the tools that are useful to ensure more secure and restricted passwords in use most companies all over the world. The paper helps highlight details on Brutus and Cain and Abel (DOHERTY & ANDERSON 2007, p32).
Overview of Brutus and Cain and Abel Network Security Tools
Brutus network security tool is code word cracker software that was made open for private, office and business usage back in 1998. Actually, Brutus network security enhancement tool that works by proof of contradiction, if we may say, uses the Brute force concepts which act like a trial-and-error method, in which a number of information ids are used in order to get to a conclusion that a given system is protected from hacking or not (SINGH 2009, p.59). On the other hand, Cain and Abel as it suggests remind us of the good and evil being used in computers. Here password hackers or crackers use this tool positively to retrieve a forgotten password and on the other hand, use it in the wrong way for private individuals to get into other peoples information without their prior knowledge or understanding. By definition, Password hackers are people who break into computers and other communication devices with the sole wish of destroying other people’s data and information. Usually, the words hacker and cracker merely mean the same though with other people they may differ slightly (BRITZ 2009, p47).
Comparing and Contrasting Brutus and Cain and Abel
The process or method used to judge against or contrast the two security gauge tools will be by dealing with each individual device on its own then unearthing the similarities and differences that exist between them. The following discussion of each will help bring out a deeper understanding. The paper starts with Brute – force then tackles Cain and Abel (MCNAB 2009, 70).
Brutus Password Recovery Tool
It is a network security tool that is fast – for it can connect to 60 simultaneous target connections and can be used along with a password list with a customizable functionality, freeware – open software, it is highly flexible to work in almost all computer platforms which are installed with Windows operating system (9x, NT, 2000, XP, VISTA) only that it has not been able to function ultimately using the UNIX version of operating systems currently. Since most servers and company databases are kept using UNIX systems, advancements are underway to ensure that this will be available soon (DOHERTY & ANDERSON 2007, p78).
Brutus can be used in servers to recover passwords that the department has lost due to some variations or combinations made by the company or firm in question. It is software that is able to move through a set of characters to determine what password or encrypted data was initially placed by a particular user (SINGH 2009, p.55).
There are a number of versions available as freeware in the online market with the current release been Brutus version AET2 that has a set of authentication properties which includes: HTTP (which enables one to crack passwords over the internet connections without necessarily getting physically to the particular machine or computer in question, POP3- this provides the power to get to the contents of a particular server without the knowledge of the data administrator (VACCA 2006, p.62). Though data kept under the POP3 process is thought to be more secure and complying with the RFC standards, Brutus nullifies this by providing access to the fully secured data by cracking the passwords, FTP – most files and documents are sent over the internet in encrypted form. Where a series of 0’s and 1’s are sent as frames. Brutus software acts as a sniffer to retrieve or capture the contents of the encrypted material hence revealing the message on transmission, Telnet and other types. The figure below indicates the usage of the Brutus AET2 tool in a computer where the tools request for the user file or content that need to be decrypted and the mode in which the result will be presented. The process completes hence decryption takes place (DOHERTY & ANDERSON 2007, p126).
Cain and Abel Password Recovery Tool
Cain & Abel is a password retrieval tool for Microsoft Operating Systems. Different passwords can be recovered easily from encrypted areas in the internet threats, deciphering messed up passwords as well as disclosing password boxes. It wraps some protection aspects/flaws present in protocol’s standards, verification methods and caching means; its major function is the easy recovery of passwords and records from various sources, conversely, it also vessels a few “non-standard” utilities for Microsoft Windows clients. One thing that is for sure for anyone who has used a computer over a long period of time is the loss of a password to very important information stored in the computer.
No matter whether it was an old message that had been protected, one feels the pinch to losing that information, Cain and Abel’s help solve problems of password ‘misplacement’ since it is an essential tool that helps recover the password in no time actually in a very recommendable speed (JACOBSON 2009, p.95). Cain and Abel is a useful software to network administrators and analysts for it helps in network recovery. Network administrators use its functional part to mainly see if a particular network is secure to the maximum to avoid hacking of information by intruders. In its basic form, this tool can be seen as a way to filch company information whereas, in contrast, it facilitates security of data and information control only to the validated access. Certain antivirus along with antispyware programs ensign Cain & Abel as being having malware, while the application is entirely secure and does not a front risk to one’s system (MCNAB 2009, 86).
It is used to recover passwords mainly for home users but also companies find it useful to test for password strength and recovery in case of loss. This tool or program is able to report cases of information sniffing and is highly used in FTP, SMTP, POP3, HTTP, MySQL, ICQ, and Telnet protocols and procedures. Most passwords are hidden by the system behind asterisks or dots. This tool can get into the root of the information hidden and reveal to recover it. Other features of Cain and Abel include SQL server enterprise management, connections to remote computers or desktops, any kind of wireless connections, LSA secrets, network enumerations, VoIP filtering and many others (JACOBSON 2009, p.48).
Cain and Abel are intended for network administrators or those users with a high-quality understanding of the concepts applicable to the tool like security consultants professionals, forensic staff, security software developers, professional penetration testers and so on. In this manner, usually, most anti-virus programs detect it immediately you try to install it and warn of the possibility of password cracking; therefore it should be used with ultimate understanding. It is also notable that, the tool should be used with all ethical network understanding. It is worth noting that, any illegal usage in decrypting or recovery of particular passwords is not acceptable by the manufacturing company hence be used with a lot of keens. It is highly recommended that the End User License Agreement (EULA) be carefully read and understood before proceeding (JACOBSON 2009, p.214).
Cain and Abel are software tagged as for ‘Good and evil’. For anybody limits the access to personal information especially from other people. In most computers, during installation and configuration of a new PC, the owner may choose to make all His or Her files private and protect his account with a password. This ensures that all information is made private ultimately. No stranger is able to get access to the information unless given the ‘key’ to it. On the other hand, when the password is forgotten, this information no longer remains private since all the owner wants is access to his/her information and thereby may call anyone to try and configure what the encrypted password was. Here now, in case of success, all secrets are revealed. Therefore, the concept of good and evil comes along (CIAMPA 2009, p.72).
Due to different public demands on the tools, most people use the Cain and Abel in an effective way especially when an administrator helps recover a lost password in order to retain the company or user information (SMITH & MARCHESINI 2008, p.141). On the other hand, other people use it to steal crucial information from other people. For example, in case two parties have a court case and their information is digitally stored, through a hacker, one gets access to the other personal information and therefore gets all the chance to alter or modify it to suit him or her before the next ruling is made. In a company, in case you suspect that one is doing something suspicious, you as an administrator have the right to sniff and capture the password, he or she is using in altering the server information (MCNAB 2009, 79).
Cain and Abel work by checking over the net. It cracks passwords that have been encrypted thereby revealing key details of data transmitted through the network, It uses routing protocol analysis to uncover passwords that have been cached (MCNAB 2004, p138).
Relative Strengths and Weaknesses of Both Brutus and Cain and Abel Security Tools
Brutus enables one to access information from remote computers by use of command prompts. Brutus takes a longer time to analyze passwords as compared to Cain and Abel since the tool should be fed with all the data files and wait for a period of time before the decryption is successful (DOHERTY & ANDERSON 2007, p182). It is also vulnerable to errors as not all hidden information is parsed correctly on decryption. This creates worry for one is not fully sure of success. Developing secure systems requires effective use of a mixture of technologies for instance encryption, password protection, authentication as well as firewalls in addition to unswerving use of those technologies, all sustained globally by honest key and security administration infrastructures.
References
BRITZ, M. (2009). Computer forensics and cyber crime: an introduction. Upper Saddle River, N.J., Pearson Prentice Hall.
CIAMPA, M. D. (2009). Security+ guide to network security fundamentals. Boston, MA., Course Technology/ Cengage Learning.
DOHERTY, J., & ANDERSON, N. (2007). Home network security simplified. Indianapolis, IN, Cisco Press.
JACOBSON, D. (2009). Introduction to network security. Boca Raton, Chapman & Hall/CRC.
McHugh, J., (2001). Intrusion and Intrusion Detection. International Journal of Information Security. 1,(1). pp14 – 35.
MCNAB, C. (2009). Network Security Assessment Know Your Network. Sebastopol, O’Reilly Media, Inc. Web.
MCNAB, C. (2004). Network security assessment. Sebastopol, CA, O’Reilly Media, Inc. SINGH, B. (2009). Network security and management. New Delhi, Prentice-Hall of India.
SMITH, S. W., & MARCHESINI, J. (2008). The craft of system security. Upper Saddle River, NJ, Addison-Wesley.
VACCA, J. R. (2006). Guide to Wireless Network Security. [New York], Springer Science+Business Media, LLC.
WANG, J. (2009). Computer network security. Beijing, Higher Education Press.