Chapter 4. Workstation Security
33
Add more complexity by capitalizing at least one letter, such as H.
o7H@f@,7gmHwg.
Finally, do not use the example password above on any of your systems.
While creating secure passwords is imperative, managing them properly is also important, especially
for system administrators within larger organizations. The next section will detail good practices for
creating and managing user passwords within an organization.
4.3.2. Creating User Passwords Within an Organization
If there are a significant number of users in an organization, the system administrator has two basic
options available to force the use of good passwords. They can create passwords for the user, or they
can let the user create his own passwords, while verifying the passwords are of acceptable quality.
Creating the passwords for the users ensures that the passwords are good, but it becomes a daunting
task as the organization grows. It also increases the risk of users writing their passwords down.
For these reasons, system administrators prefer to have the user create their own passwords, but ac 
tively verify that the passwords are good and, in some cases, force users to change their passwords
periodically through password aging.
4.3.2.1. Forcing Strong Passwords
To protect the network from intrusion it is a good idea for system administrators to verify that
the passwords used within an organization are strong ones. When a user is asked to create or
change his password, he can use the command line application
passwd
, which is PAM aware
and will therefore check to see if the password is easy to crack or too short in length via the
pam_cracklib.so
Pluggable Authentication manager (PAM) module. Since PAM is customizable,
it is possible to add further password integrity checkers, such as
pam_passwdqc
(available from
http://www.openwall.com/passwdqc/) or to write your own module. For a list of available PAM
modules, see http://www.kernel.prg/pub/linux/libs/pam/modules.html. For more information about
PAM, see the chapter titled Pluggable Authentication Modules (PAM) in the Official Red Hat Linux
Reference Guide.
It should be noted, however, that the check performed on passwords at the time of their creation
will not discover bad passwords as effectively as running a password cracking program against the
passwords within the organization.
There are many password cracking programs available for Red Hat Linux, although none ship with
the operating system. Below is a brief list of some of the more popular password cracking programs:
John The Ripper   A fast and flexible password cracking program. It allows the use of
multiple word lists and is capable of brute force password cracking. It is available at
http://www.openwall.com/john/.
Crack   Perhaps the most well
known password cracking
software, Crack
is
also very fast, though not as easy to use as John The Ripper. It can be found at
http://www.users.dircon.co.uk/~crypto/index.html
Slurpie   Slurpie is similar to John The Ripper and Crack except it is designed to run
on multiple computers simultaneously, creating a distributed password cracking attack.
It can be found along with a number of other distributed attack security evaluation tools at
http://www.ussrback.com/distributed.htm






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

web hosting comparison

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved