1.1. RULES OF PASSWORD -password is designed to be something an individual can remember easily but at the same time not something that can be easily guessed or broken -example of weak password 1.use only numbers 2.use only letters 3.use proper name 4.short password
2. TYPE OF PASSWORD ATTACKS
2.1. PASSIVE ONLINE ATTACK -attacker tends to be not engaged or less engaged than they would be during other kinds of attacks.
2.2. ACTIVE ONLINE ATTACK -use a more aggressive form of penetration that is designed to recover passwords.
2.3. OFFLINE ATTACKS -represent yet another form of attack that is very effective and difficult to detect in many cases.
2.4. DEFAULT PASSWORD -Set by the manufacturer when the device or system is built. -They are documented and provided to the final consumer of the product and are intended to be changed.
2.5. GUESSING PASSWORD -locate a valid user. -determine a list of potential password.
3. PRIVILEGE ESCALATION
3.1. - tactic use to gain unauthorized access
3.2. -horizontal and vertical
4. ROOTKIT COUNTERMEASURE
4.1. -relatively easy for virus writers
4.2. - use separate account
4.3. - run anti-spyware to block suspicious installation activities
5. HIDING FILES PURPOSE AND THE TECHNIQUES
5.1. - use NTFS to hide file
6. STEGANOGRAPHY TECHNOLOGIES
6.1. - use to conceal information inside of other information.
