[ Pobierz całość w formacie PDF ]

terms from television shows or novels should be avoided, even if they are bookended with
numbers.
Some insecure examples include the following:
john1
DS-9
mentat123
Do Not Use Words in Foreign Languages  Password cracking programs often check
against word lists that encompass dictionaries of many languages. Relying on foreign
languages for secure passwords is not secure.
Some insecure examples include the following:
cheguevara
bienvenido1
1dumbKopf
Do Not Use Hacker Terminology  If you think you are elite because you use hacker
terminology  also called l337 (LEET) speak  in your password, think again. Many word
lists include LEET speak.
Some insecure examples include the following:
H4X0R
1337
Do Not Use Personal Information  Steer clear of personal information. If the attacker
knows your identity, the task of deducing your password becomes easier. The following is a
list of the types of information to avoid when creating a password:
Some insecure examples include the following:
Your name
The names of pets
The names of family members
Any birth dates
Your phone number or zip code
Do Not Invert Recognizable Words  Good password checkers always reverse common
words, so inverting a bad password does not make it any more secure.
Some insecure examples include the following:
R0X4H
nauj
9-DS
Do Not Write Down Your Password  Never store a password on paper. It is much safer to
memorize it.
Do Not Use the Same Password For All Machines  It is important to make separate
passwords for each machine. This way if one system is compromised, all of your machines
32
Chapter 4. Workstation Security
are not immediately at risk.
Do the Following:
Make the Password At Least Eight Characters Long  The longer the password, the better.
If using MD5 passwords, it should be 15 characters or longer. With DES passwords, use the
maximum length (eight characters).
Mix Upper and Lower Case Letters  Red Hat Enterprise Linux is case sensitive, so mix
cases to enhance the strength of the password.
Mix Letters and Numbers  Adding numbers to passwords, especially when added to the
middle (not just at the beginning or the end), can enhance password strength.
Include Non-Alphanumeric Characters  Special characters such as &, $, and > can greatly
improve the strength of a password (this is not possible if using DES passwords).
Pick a Password You Can Remember  The best password in the world does little good if
you cannot remember it; use acronyms or other mnemonic devices to aid in memorizing
passwords.
With all these rules, it may seem difficult to create a password meeting all of the criteria for good
passwords while avoiding the traits of a bad one. Fortunately, there are some steps one can take to
generate a memorable, secure password.
4 .3.1.1. Secure Password Creation Methodology
There are many methods people use to create secure passwords. One of the more popular methods
involves acronyms. For example:
Think of a memorable phrase, such as:
"over the river and through the woods, to grandmother's house we go."
Next, turn it into an acronym (including the punctuation).
otrattw,tghwg.
Add complexity by substituting numbers and symbols for letters in the acronym. For example,
substitute 7 for t and the at symbol (@) for a:
o7r@77w,7ghwg.
Add more complexity by capitalizing at least one letter, such as H.
o7r@77w,7gHwg.
Finally, do not use the example password above for any systems, ever.
While creating secure passwords is imperative, managing them properly is also important, especially for
system administrators within larger organizations. The following section details good practices for
creating and managing user passwords within an organization.
4.3.2. Creating User Passwords Within an Organization
If there are a significant number of users within an organization, the system administrators have two
basic options available to force the use of good passwords. They can create passwords for the user, or
they can let users create their own passwords, while verifying the passwords are of acceptable quality.
Creating the passwords for the users ensures that the passwords are good, but it becomes a daunting
task as the organization grows. It also increases the risk of users writing their passwords down.
For these reasons, most system administrators prefer to have the users create their own passwords,
33
Red Hat Enterprise Linux 4 Security Guide
but actively verify that the passwords are good and, in some cases, force users to change their
passwords periodically through password aging.
4 .3.2.1. Forcing Strong Passwords
To protect the network from intrusion it is a good idea for system administrators to verify that the [ Pobierz całość w formacie PDF ]
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • ocenkijessi.opx.pl
    • Copyright (c) 2009 - A co... - Ren zamyślił się na chwilę - a co jeśli lubię rzodkiewki? | Powered by Wordpress. Fresh News Theme by WooThemes - Premium Wordpress Themes.