Usually most Linux and UNIX system use a password for authentication purpose i.e. to verify your identity.
If your password is obtained using cracking attack, your data, computer, and network comes under attack. Therefore, you must protect your self from a password cracking attack.
=> Use shadow and Message-Digest Algorithm (MD5) passwords.
=> Make sure root user only owns your /etc/shadow file (you can write protect this file with chattr command)
=> Use a strong password. Attacker will try both ssh or ftp login using brute-force technique. Try to avoid following type of password:
- Numeric or words only password (e.g. 123456 or abc)
- Do not use your own name or pet name or recognizable words from dictionary
- Avoid using personal information such as birth date or pin/zip number
- Do not write down password
- Do not use same password for all servers
=> A good password includes
- At least 15 characters long
- Mixture of alphabets, number, special character and upper and lower alphabets
- Most important pick a password you can remember.
Fortunately, Linux and UNIX allow you to setup tight password policies:
- Use specialize tools to check password weakness
- Enforce password aging
- Enforce strong password combination
- Disable user account if failed login attempt detected (for example if login attempt failed 5 times in a row).
Stay tuned, for more information. I will write about how to implement these password policies.
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop