I was asked this on a test for the CEH. What would you answer? My own answer is at the bottom.
What defensive measures will you take to protect your network from password brute-force attacks? (Choose all that apply.)
A) Never leave a default password.
B) Never use a password that can be found in a dictionary.
C) Never use a password related to the hostname, domain name, or anything else that can be found with Whois.
D) Never use a password related to your hobbies, pets, relatives, or date of birth.
E) Use a word that has more than 21 characters from a dictionary as the password.
What do you say? For me, if you are strict, the first 4 cannot be true since they would protect specifically from dictionary attacks, not brute force. The last one would surely protect you from a brute force attack, because even when using only lower case letters for the password, it would take TRILLONS of years to compute all the combinations.
But, guess what? The correct answer is to select all the first 4!!! WTF???
The justification is: "A dictionary word can always be broken using brute force"
What do you think?
What defensive measures will you take to protect your network from password brute-force attacks? (Choose all that apply.)
A) Never leave a default password.
B) Never use a password that can be found in a dictionary.
C) Never use a password related to the hostname, domain name, or anything else that can be found with Whois.
D) Never use a password related to your hobbies, pets, relatives, or date of birth.
E) Use a word that has more than 21 characters from a dictionary as the password.
What do you say? For me, if you are strict, the first 4 cannot be true since they would protect specifically from dictionary attacks, not brute force. The last one would surely protect you from a brute force attack, because even when using only lower case letters for the password, it would take TRILLONS of years to compute all the combinations.
But, guess what? The correct answer is to select all the first 4!!! WTF???
The justification is: "A dictionary word can always be broken using brute force"
What do you think?