A topic of concern in Linux

Joseph C. Lininger jbahm at pcdesk.net
Wed Jan 21 05:02:54 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This doesn't really apply to the root user, but another thing you can
do which will help to increase security is to implement an account
lockout polacy. That is, logins are disabled on an account after say,
three invalid login attempts. The disadvantage to this is that you
have to manually unlock an account when this happens, but this also
means you know if someone is trying to break in to an account. Like I
said before, though, this obviously doesn't work for root. You should
definitely make sure your remote login software (telnet, ssh, etc.)
disconnects users after to many invalid login attempts.
- ---
Joseph C. Lininger
jbahm at pcdesk.net
- ----- Original Message ----- 
From: "Dawes, Stephen" <Stephen.Dawes at calgary.ca>
To: "Speakup is a screen review system for Linux."
<speakup at braille.uwo.ca>
Sent: Tuesday, January 20, 2004 10:02 AM
Subject: RE: A topic of concern in Linux


Yes, but if the cracker is trying to invade the system from the
outside,
it doesn't matter if you are a big corporation or a home Linux
network,
the userid is root, and the password is what the cracking software is
trying to brake. Now, if you set up the system to:
A. never allow login as root from the outside;
B. Change the userid root userid and group and everything associated
with it to something other then root;
you increase the security to the next level, and then the user verses
root thing applies.

One point that I forgot to mention about password security that can
help
in decreasing the likelihood of it being infiltrated, is to change it
regularly. All OS's allow for a password timeout function, and when
this
feature is used, you are automatically reminded to change your
password.


OS security is a big thing throughout industry, and industry spends a
large amount of money on it. All I know that I can do on my part, is
use
the guidelines set out by my employer on my home based system, and
hope
that I have made my system secure enough. 

Simply put:
Just like locks, passwords, keep the honest out.

Steve Dawes
Phone: (403) 268-5527
Email: SDawes at calgary.ca


NOTICE::
This communication is intended ONLY for the use of the person or
entity named above and may contain information that is confidential
or legally privileged. If you are not the intended recipient named
above or a person responsible for delivering messages or
communications to the intended recipient, YOU ARE HEREBY NOTIFIED
that any use, distribution, or copying of this communication or any
of the information contained in it is strictly prohibited. If you
have received this communication in error, please notify us
immediately by telephone and then destroy or delete this
communication, or return it to us by mail if requested by us. The
City of Calgary thanks you for your attention and cooperation.


_______________________________________________
Speakup mailing list
Speakup at braille.uwo.ca
http://speech.braille.uwo.ca/mailman/listinfo/speakup

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQA5OTCenap9Jqj2wEQJTogCg1JIH4sDvMU/U2EMw574gVgaRQ5IAoJnX
qBOPV8OBOAqNnj+YqfUPA8sq
=VwdW
-----END PGP SIGNATURE-----





More information about the Speakup mailing list