Password Sniffing

10th June 2020 | Cybrary

Password Sniffing is a hacking technique that uses a special software application that allows a hacker to steal usernames and passwords simply by observing and passively recording network traffic. This often happens on public WiFi networks where it is relatively easy to spy on weak or unencrypted traffic.

And yet, password sniffers aren’t always used for malicious intent. They are often used by IT professionals as a tool to identify weak applications that may be passing critical information unencrypted over the Local Area Network (LAN). IT practitioners know that users download and install risky software at times in their environment, running a passive password sniffer on the network of a business to identify leaky applications is one legitimate use of a password sniffer.

As you can imagine, in the hands of an unscrupulous administrator this can could lead to serious problems. Generally, such activities should be sanctioned by a senior leader in the company and the use of this software should be governed by more than one individual to prevent the abuse of any findings.

Source: Techopedia, SSH

Additional Reading: Protecting against the Next Great Heist by Encrypting Data in Transit

Related Terms: Packet Sniffing, Wireshark

Should SMB Owners Care about Password Sniffers?

SMB owners don’t need to learn what a Password Sniffer is, but they do need to employ someone who does. Protecting your SMB from Password Sniffers means you need a vCISO or a security focused Managed Service Provider (MSP) or Managed Security Services Provider (MSSP) worrying about this for you.

There are simple “ounce of prevention” measures you must take as a business owner which will proactively prevent the “pound of cure” reaction when something goes wrong. Hackers are out there using Password Sniffers to break into your company. Proactively prevent this by leveraging a vCISO, CyberHoot, or both!