Linux Security Basics, Part 1: Authentication (DistroWatch Weekly #321)
Sep 21, 2009, 20:36 (0 Talkback[s])
(Other stories by Caitlyn Martin)
No-Size-Fits-All! An Application-Down Approach for Your Cloud Transformation REGISTER >
[ Thanks to Caitlyn Martin for this link.
"Accounts and passwords
"The first and simplest line of defense is a password. In his
book, Securing & Optimizing Linux: The Ultimate Solution,
Gerhard Mourani writes: "Many people keep their valuable
information and files on a computer, and the only thing preventing
others from seeing it is the eight-character string called a
password. An unbreakable password, contrary to popular belief, does
not exist. Given time and resources all passwords can be guessed
either by social engineering or brute force." Some Linux users go
even farther, running distributions which have either no password
or a well-known and published password on a privileged or root
account. This is tantamount to putting out a welcome mat for anyone
and everyone who wishes to access your system provided they have
physical access. A vulnerability in a service which communicates
across the Internet can effectively leave such a system open to
literally anyone who is aware of both the flaw and the password.
Kurt Seifried, writing about insecure defaults of all sorts, not
just passwords, states: "This is one of the problems that have
caused no end of security problems since day one."
"Mourani lists four basic rules for a good password. Three of
them do apply even to home and SOHO systems:"