The most basic aspect of securing information systems is password security.
Unfortunately, this is often overlooked or not given the attention it deserves.
Source IP addresses can be spoofed, physical access can be gained, social
engineering can occur; but if you have good practices in place to protect your
passwords, you still have a chance at defeating hackers. Let's take a look at
how to make password security work on Linux servers.Overview of password security
Since the dawn of computers, the primary means of restricting access has been through passwords. Although much of the software and hardware has changed over the years, dependence on passwords has not. The act of choosing a password, while now commonplace, can nonetheless be extremely important.
A simple, easily guessed password is like an unlocked door—if intruders discover it, they're going to come in. A good password can take years to crack, but a bad one can take only minutes. That's why it's important to ask several questions about your password practices:
- Have you established known standards for setting passwords?
- Are your passwords encrypted?
- Are you using shadow passwords?
These questions are a good place to start in making sure that your Linux passwords are secure.
Enforcing password requirements
The first step in password security is selecting a password that is hard to guess. Unfortunately, users tend to select passwords that are easy to remember—and easy for hackers to guess. Remembering passwords is important, but it is more important to make sure that they're secure. So instead of a child's name, pet's name, or spouse's birthday, users need to come up with passwords that can't be guessed using some minimal investigation by a hacker.
Mixing and matching uppercase and lowercase letters can help, and so can throwing in a number or two. Not only will this make the password harder to guess, but it will also make it harder for hacker to use a brute-force attack, where the hacker gets a list of encrypted passwords and tries to match them to a dictionary of words. Randomly generated passwords may sound good, and I’ve seen systems that use them. But for the most part, it's better if users can remember their passwords. This article provides a method for creating secure passwords that are easy to remember.
A lot of this may sound like common sense, but the trick is getting your users to follow the password requirements that you set up. In Linux, most versions of Passwd (the standard password software) are capable of screening the password when the user enters it. For instance, it can be configured to reject passwords of fewer than six characters or those that don't include at least two numbers. Programs such as Npasswd, which can completely replace Passwd, take the process a step further. Npasswd will run checks to make sure a password is relatively hard to guess before allowing a user to select it. This is a great place to start when enforcing passwords and leaves some of the legwork to the individual user.
Play video
There are currently no comments for this post.