Linux Today: Linux News On Internet Time.

Linux Security Basics, Part 1: Authentication (DistroWatch Weekly #321)

Sep 21, 2009, 20:36 (0 Talkback[s])
(Other stories by Caitlyn Martin)

[ Thanks to Caitlyn Martin for this link. ]

"Accounts and passwords

"The first and simplest line of defense is a password. In his book, Securing & Optimizing Linux: The Ultimate Solution, Gerhard Mourani writes: "Many people keep their valuable information and files on a computer, and the only thing preventing others from seeing it is the eight-character string called a password. An unbreakable password, contrary to popular belief, does not exist. Given time and resources all passwords can be guessed either by social engineering or brute force." Some Linux users go even farther, running distributions which have either no password or a well-known and published password on a privileged or root account. This is tantamount to putting out a welcome mat for anyone and everyone who wishes to access your system provided they have physical access. A vulnerability in a service which communicates across the Internet can effectively leave such a system open to literally anyone who is aware of both the flaw and the password. Kurt Seifried, writing about insecure defaults of all sorts, not just passwords, states: "This is one of the problems that have caused no end of security problems since day one."

"Mourani lists four basic rules for a good password. Three of them do apply even to home and SOHO systems:"

Complete Story

Related Stories: