Labada hab ee ugu badan ee la isticmaalo si loo galo xisaabaadka aan la ogalayn waa (a) Weerarka Xoog-saarka^{(Brute Force Attack)} , iyo (b) Weerar lagu buufiyo Password-ka^{(Password Spray Attack)} . Horay ayaanu u sharaxnay Weerarada Xoogaga Cadawga ah^{(Brute Force Attacks)} . Maqaalkani waxa uu diiradda saarayaa Weerarrada Buufidda Password^{(Password Spray Attack)} -ka - waxa uu yahay iyo sida aad naftaada uga ilaalin karto weerarradaas.

Qeexida Weerarkii Buufiska Password-ka

Weerarka lagu buufiyo erayga sirta ah^{(Password Spray Attack)} waa mid liddi ku ah Weerarkii Xoogaga Khaaska ah^{(Brute Force Attack)} . Weerarada Brute Force , hackers waxay doortaan aqoonsi nugul oo waxay geliyaan ereyada sirta ah midba midka kale iyagoo rajeynaya in erayga sirta ah uu galo. Asal ahaan^(Basically) , Brute Force waa furayaal badan oo sir ah oo lagu codsado hal aqoonsi.

U imaatinka Password Spray weerarrada, waxaa jira hal sirood oo lagu dabaqay aqoonsiyo^(IDs) badan oo isticmaale si ugu yaraan mid ka mid ah aqoonsiga isticmaalaha uu waxyeello u geysto. Weerarada Spray Password^{(Password Spray)} , jabsadayaashu waxay ururiyaan aqoonsiyo^(IDs) badan oo isticmaale iyagoo isticmaalaya injineernimada bulshada^{(social engineering)} ama hababka kale ee phishingka^{(phishing methods)} . Inta badan waxay dhacdaa in ugu yaraan mid ka mid ah isticmaalayaashaas uu isticmaalo erayga sirta ah ee fudud sida 12345678 ama xitaa [email protected] . Nuglaantan (ama xog la'aanta ku saabsan sida loo sameeyo ereyada sirta ah ee xoogga leh^{(create strong passwords)} ) ayaa looga faa'iidaystaa Weerarrada Buufidda Password^{(Password Spray Attacks)} -ka .

In a Password Spray Attack , hackers ayaa codsan doona si taxadar leh si taxadar leh loo dhisay dhammaan ID^(IDs) -yada isticmaalaha isaga ama iyada ururiyay. Haddii uu nasiib leeyahay, jabsiga waxa laga yaabaa in uu galo hal akoon oo uu isaga/isaga sii dhex geli karo shabakada kombayutarka.

Sifeynta Password Attack waxaa sidaas darteed lagu qeexi karaa sida ku codsashada isla lambarka sirta ah ee xisaabaadka isticmaalaha badan ee ururka si loo sugo gelitaanka aan la oggolayn ee mid ka mid ah akoonnadaas.^{(Password Spray Attack can thus be defined as applying the same password to multiple user accounts in an organization to secure unauthorized access to one of those accounts.)}

Weerar Xoogan^{(Brute Force Attack)} vs Password Spray Attack

Dhibaatada ka haysata Weerarada Xoogaga Khaaska ah^{(Brute Force Attacks)} ayaa ah in nidaamyada la xidhi karo ka dib tiro go'an oo isku day ah oo leh furaha sirta ah ee kala duwan. Tusaale ahaan, haddii aad dejiso server-ka si aad u aqbasho saddex isku day oo keliya haddii kale xidhid nidaamka meesha gelitaanka uu ka dhacayo, nidaamku wuxuu xidhi doonaa oo keliya saddex gelitaan sir ah oo aan sax ahayn. Ururada qaar waxay ogolaadaan saddex halka kuwa kalena ogolaadaan ilaa toban isku day oo aan sax ahayn. Shabakado badan ayaa isticmaala habkan quful maalmahan. Digniintan ayaa dhibaato ku ah Weerarada Xoogaga Khaaska ah^{(Brute Force Attacks)} maadaama xiritaanka nidaamka uu u digayo maamulayaasha weerarka.

Si taas looga gudbo, fikradda ururinta aqoonsiga^(IDs) isticmaalaha iyo in lagu dabaqo furaha sirta ah ee suurtogalka ah ayaa la abuuray. Sido kale weerarka lagu buufiyo erayga sirta ah^{(Password Spray Attack)} , taxadarada qaar ayaa lagu dhaqmaa haakarisku. Tusaale ahaan, haddii ay isku dayeen in ay codsadaan erayga sirta ah1 dhammaan akoonnada isticmaalaha, ma bilaabi doonaan in ay ku codsadaan erayga sirta ah2 akoonnadaas isla marka ay dhammeeyaan wareegga koowaad. Waxay kaga tagi doonaan muddo ugu yaraan 30 daqiiqo ah isku dayga jabsiga.

Ka ilaalinta weerarrada buufinta erayga sirta ah^{(Password Spray Attacks)}

Weerarrada Xoogaga Khaaska ah^{(Brute Force Attack)} iyo kuwa sirta ah ee lagu buufiyo sirta^{(Password Spray)} ah labadaba waa la joojin karaa badhtamaha waase haddii ay jiraan siyaasado amni oo la xidhiidha. Farqiga 30 min haddii laga tago, nidaamku mar kale wuu xiri doonaa haddii wax loo sameeyo taas. Waxyaabo kale oo gaar ah ayaa sidoo kale lagu dabaqi karaa, sida ku darista farqiga wakhtiga u dhexeeya gelitaanka labada akoonnada isticmaale. Haddii ay tahay qayb ka mid ah ilbiriqsi, kordhi wakhtiga laba akoonnada isticmaale si ay u galaan. Siyaasadaha noocan oo kale ah ayaa ka caawinaya in la ogeysiiyo maamulayaasha kuwaas oo markaa xiri kara server-yada ama xiri kara si aysan u dhicin hawl-akhris qoraal ah oo ku jira kaydka xogta.

Waxa ugu horreeya ee aad ururkaaga ka ilaalinayso Weerarrada Buufiska Password^{(Password Spray Attacks)} -ka waa in aad shaqaalahaaga ka barato noocyada weerarrada injineernimada bulshada, werarada phishingka, iyo muhiimadda ereyada sirta ah. Habkaas shaqaaluhu uma isticmaali doonaan wax sirta ah ee la saadaalin karo akoonadooda. Habka kale ayaa ah admins-ka oo siinaya isticmaalayaasha furaha sirta ah ee adag, iyaga oo sharaxaya baahida loo qabo in ay taxaddaraan si aysan u qorin furaha sirta ah oo aysan ugu dhejin kombuyuutarkooda.

Waxaa jira habab kaa caawinaya in lagu aqoonsado dayacanka nidaamkaaga urur. Tusaale ahaan, haddii aad isticmaalayso Office 365 Enterprise , waxaad ku ordi kartaa Attack Simulator si aad u ogaato haddii mid ka mid ah shaqaalahaagu uu isticmaalayo furaha sirta ah ee daciifka ah.

Akhri marka xigta^{(Read next)} : Waa maxay Domain Fronting ?

Password Spray Attack Definition and Defending yourself

The two most commonly used methods to gain access to unauthorized accounts are (a) Brute Force Attack, and (b) Password Spray Attack. We have explained Brute Force Attacks earlier. This article focuses on Password Spray Attack – what it is and how to protect yourself from such attacks.

Password Spray Attack Definition

Password Spray Attack is quite the opposite of Brute Force Attack. In Brute Force attacks, hackers choose a vulnerable ID and enter passwords one after another hoping some password might let them in. Basically, Brute Force is many passwords applied to just one ID.

Coming to Password Spray attacks, there is one password applied to multiple user IDs so that at least one of the user ID is compromised. For Password Spray attacks, hackers collect multiple user IDs using social engineering or other phishing methods. It often happens that at least one of those users is using a simple password like 12345678 or even [email protected]. This vulnerability (or lack of info on how to create strong passwords) is exploited in Password Spray Attacks.

In a Password Spray Attack, the hacker would apply a carefully constructed password for all the user IDs he or she has collected. If lucky, the hacker might gain access to one account from where s/he can further penetrate into the computer network.

Password Spray Attack can thus be defined as applying the same password to multiple user accounts in an organization to secure unauthorized access to one of those accounts.

Brute Force Attack vs Password Spray Attack

The problem with Brute Force Attacks is that systems can be locked down after a certain number of attempts with different passwords. For example, if you set up the server to accept only three attempts otherwise lock down the system where login is taking place, the system will lock down for just three invalid password entries. Some organizations allow three while others allow up to ten invalid attempts. Many websites use this locking method these days. This precaution is a problem with Brute Force Attacks as the system lockdown will alert the administrators about the attack.

To circumvent that, the idea of collecting user IDs and applying probable passwords to them was created. With Password Spray Attack too, certain precautions are practiced by the hackers. For example, if they tried to apply password1 to all the user accounts, they will not start applying password2 to those accounts soon after finishing the first round. They’ll leave a period of at least 30 minutes among hacking attempts.

Protecting against Password Spray Attacks

Both Brute Force Attack and Password Spray attacks can be stopped midway provided that there are related security policies in place. The 30 min gap if left out, the system will again lock down if a provision is made for that. Certain other things also can be applied, like adding time difference between logins on two user accounts. If it is a fraction of a second, increase timing for two user accounts to log in. Such policies help in alerting the administers who can then shut down the servers or lock them down so that no read-write operation happens on databases.

The first thing to protect your organization from Password Spray Attacks is to educate your employees about the types of social engineering attacks, phishing attacks, and the importance of passwords. That way employees won’t use any predictable passwords for their accounts. Another method is admins providing the users with strong passwords, explaining the need to be cautious so that they don’t note down the passwords and stick it to their computers.

There are some methods that help in identifying the vulnerabilities in your organizational systems. For example, if you are using Office 365 Enterprise, you can run Attack Simulator to know if any of your employees are using a weak password.

Read next: What is Domain Fronting?

Related posts

• Habkani waxa uu u baahan yahay warbaahin meesha laga saari karo - Qaladka dib u dejinta erayga sirta ah

• Deji taariikhda uu dhacayo erayga sirta ah ee Koontada Microsoft iyo Koontada Maxaliga ah

• Sida loo sameeyo Browser tuso erayga sirta ah ee qoraalka ah halkii dhibco

• LessPass waa furaha furaha iyo maareeye bilaasha ah

• Dib u eegista Bitwarden: Maareeyaha Furaha Furan ee Bilaashka ah ee Windows PC

• Dib u deji erayga sirta ah ee Koontada Maxaliga ah Windows 10 addoo isticmaalaya Warbaahinta Rakibaadda

• Lama geli karo Windows 11/10 | Dhibaatooyinka login Windows iyo password

• Ka soo deji Bookmarks, Passwords chrome ka browser kale

• Maareeyaha Furaha Furaha ee Runta ee Windows PC, Android iyo iPhone

• Dashlane Bilaash: Si otomaatig ah u geli geliddaada iyo wax kala iibsiga onlaynka

• Sida loo dejiyo oo loo isticmaalo BIOS ama UEFI erayga sirta ah ee kumbuyuutarka Windows 10

• Sida loo dhoofiyo LastPass furaha sirta ah ee CSV

• Maareeyayaasha Furaha Internetka ee Bilaashka ah ee ugu Fiican - Ma bad qabaan?

• Sida loo damiyo maamulaha sirta ah ee ku dhex jira Chrome, Edge, Firefox

• Maamul, wax ka beddel oo arag furayaasha sirta ah ee la kaydiyay ee Chrome-ka ee Windows PC

• Ku soo kabso erayga lumay ama la illoobay Outlook PST Password qalab kabashada bilaashka ah

• Ka soo kabso furaha sirta ah ee Macaamiisha Boostada: Furaha Furaha Furaha

• Zoho Vault Manager Password Nooc bilaash ah & Kordhinta Chrome & Firefox

• Dib u eegista Maareeyaha Password-ka ee XusuusBear: Fudud, Ammaan oo Hufan!

• Sida loo abuuro erayga sirta ah ee Google Chrome adoo isticmaalaya Password Generator