Usually most Linux and UNIX system use a password for authentication purpose i.e. to verify your identity.
If your password is obtained using cracking attack, your data, computer, and network comes under attack. Therefore, you must protect your self from a password cracking attack.
=> Use shadow and Message-Digest Algorithm (MD5) passwords.
=> Make sure root user only owns your /etc/shadow file (you can write protect this file with chattr command)
=> Use a strong password. Attacker will try both ssh or ftp login using brute-force technique. Try to avoid following type of password:
- Numeric or words only password (e.g. 123456 or abc)
- Do not use your own name or pet name or recognizable words from dictionary
- Avoid using personal information such as birth date or pin/zip number
- Do not write down password
- Do not use same password for all servers
=> A good password includes
- At least 15 characters long
- Mixture of alphabets, number, special character and upper and lower alphabets
- Most important pick a password you can remember.
Fortunately, Linux and UNIX allow you to setup tight password policies:
- Use specialize tools to check password weakness
- Enforce password aging
- Enforce strong password combination
- Disable user account if failed login attempt detected (for example if login attempt failed 5 times in a row).
Stay tuned, for more information. I will write about how to implement these password policies.