Security Auditing Tools: A Comparative Study

Abstract

Purpose – This paper concentrates on the comparison of security auditing tools specifying password cracking tools based on different matrices. Passwords are the most popular and dominant means of access control in every authentication process. Every password is vulnerable in the virtual world; all we can do is to delay it for one to break into us. Password cracking used in two opposite intentions; either it can be used for an administrator to protect from unauthorized access and for users to recover forgotten passwords or for an intruder to break into a secure system.Method – A great number of attacks on many systems are related to passwords. Awkwardly, the randomness and length of user-chosen passwords remain the same over time, but in contrast, hardware enhancement continuously gives intruders increasing computational power. So, password cracking has been one of the favorite vulnerable aspects for intruders to gain access to any unauthorized system. Among all available freeware password cracking tools, we choose five renowned tools based on offline and online categories.Results – Cain and Abel is the winner in the offline category, and TCH-Hydra is the winner in the online category in their performance among the tools we have tested.Conclusion – In this paper, the data has been collected by testing each tool several times in different systems as well as all tools in the same system based on different matrices. We have come to a knowledgeable result by comparing data among themselves. The results of the comparison will help in the adoption and usage of these tools and also promote the development and usage of security auditing tools.Recommendations – The results of the comparison will help in the adoption and usage of these tools and also promote the development and usage of security auditing tools.