| |
Password Security Overview
Since humans began using the computer, mainly by password to restrict access to the system. While constantly upgrading hardware and software, but to rely on password protection system to this principle has not changed. Choose a password that seems to be very common, but the security system based entirely on the user's password robustness.
A simple, easily guessed password is equal to the system opened the door - once an attacker can drive straight to obtain passwords. A password of sufficient strength takes years to crack, while a weak password within a minute there is no secret at all. Several issues related to set a password:
Whether disclosed in accordance with the criteria to set the password;
Password is encrypted;
Password whether shaow;
Answer these questions will help to understand the Linux system password is safe.
Enforce password setting norms
The first step is to select password security password difficult to guess. Unfortunately, users tend to choose easy to remember passwords - but also easily cracked by hackers. Remember password of course important, but more important is to ensure a secure password, it is recommended not to choose a child's name, pet's name or spouse's birthday, we need to set difficult to guess hackers to crack passwords.
Using sensitive character password helps improve safety, although this is not the only way to enhance the security strength, but brute force to deal with hackers is very effective (hackers often use a dictionary to crack the password brute-force method, until it finds a matching password until). The author also seen using randomly generated password, but in many cases, the best passwords have both robustness, but also allows users to easily remember. This article provides a way to build both strong and easy to remember passwords.
Many of which are discussed above seems to be common sense, but the difficulty is how to make all the Linux users to follow good password system administrator planning to set norms. In the Linux system, most versions of the Passwd (password system software settings) can be configured a certain specification to define the user's password, such as requiring the user to set a password must be at least six characters, which must also include at least 2 digits. I recommend Npasswd this software can completely replace the Linux system Passwd, the software can check the user's password to be set if strong enough. System administrators are the first to start from here, for all of the user-defined password is set specification.
For the current password database, system administrators can use a variety of tools to audit password security. Similar Crack and John the Ripper allows you to test the system password. The more simple password cracking tools above (ie guess), the faster. This tool attempts to crack / ect / passwd / directory password file and output the results. To guess that your organization is more the more loopholes. The system administrator can choose to disable some insecure account, although the method is simple, but not been able to do so. The best way is to give a hacker access to the appropriate directories and files obstacles, so that hackers can not easily obtain the password database file and crack.
Database password protection means
Next step is to determine the password to inappropriate users. Security is based on user-level password security is not just set up a secure password, but also to prevent the user to write down the password and everywhere in. Plaintext password recorded in the document or paper in the purse, is not desirable way. If possible, to record and to store encryption password.
Another alternative is to give a password to do shadow. shadow passwords according to the standard password file / etc / passwd / directory generation, but it is stored in a separate encrypted file (can only be read by the highest authority of the Root user). System programs can still use the password file / etc / passwd under similar access to the user ID (UID) and group ID (GID) and other information, but not the encrypted password. This level of security to password adds another layer of protection, in order to access the encrypted password database files which means that hackers have to get Root privileges. In the Red Hat system, pwconv tool able to convert non-shadow password shadow password format. Please note that similar tools various versions of Linux systems in use vary, please refer to your documentation to complete the work.
to sum up
System administrators can adopt a variety of strategies to ensure password security. But first let users understand the importance of password security, while developing a password policy settings to enforce password specification. This includes determining the acceptable set password requirements, change the password of the time limit, the password needs to contain the number of characters, and so on. System administrators can also run detection tools to find vulnerabilities password database. Also do not forget the shadow password- it immediately for your system to increase security strength. |
|
|
|