Results 1 to 10 of 14
My understanding is one of the weakest links to security is system users. I suspect quite a few home desktop users have a machine which is physically reasonably secure ... ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-18-2008 #1
[SOLVED] Are good passwords really required for a home desktop system?
For users to create good passwords, and updating them on a regular basis may be desirable ... but can be counter productive - post-it notes with passwords etc.
If ssh server is not installed, and local only user login is set through /etc/security/access.conf then are secure passwords really required?
If this approach is taken, what is the real increase in security risk?
- 12-18-2008 #2
I have read quite a few threads on this forum about passwords and such. Being Bilingual gives me a certain advantage when it comes to things like that and I am just a home user. I don't sweat it to much , though my wife, A mississippi girl running Windows, is a bigger security leak, than I could ever be running Linux. I guess I figure between CNN and all the other people trying to scare me, that I have enough grey hairs already. I decided a while back that s##t happens and I'll deal with it when it crops up. No useful things happen anyways if I start to worry about something.
So just because I run Linux and my other half runs Windows, how safe am I really?
- 12-19-2008 #3
I'm still trying to figure out what the risk is of having less secure passwords for user accounts give:-
machine physically secure
local only login for all users set in /etc/security/access.conf
ssh server not installed
- 12-19-2008 #4
Some security purists would argue that strong passwords are a requirement as part of a defense-in-depth strategy and that being exposed to the Internet, even if you don't use SSH, is enough to justify the use of elaborate passwords.
I think one thing that often goes overlooked when people talk about security is risk management, identifying the risk and the consequences if that risk is triggered. What is the value of the information you are trying to protect? Are you storing bank account numbers and other personal information on your machine or would it just be some family pictures that would be at risk if someone were to somehow gain control? These are all questions you should be asking yourself. The answers should give you a good idea about what road to go down.
In your case, it sounds like the worst-case scenario is that your machine would be compromised and either a reformat/reinstall or changing of the root password would be required. That doesn't sound all too dire so really strong passwords might not be necessary when there are other, more basic security mechanisms that can serve you better than password strength will.
- 12-19-2008 #5
What sort of attack do you think I could suffer which is dependent of normal user password strength? ... or to put it another way - since ssh is not available and access.conf should only allow local login what sort of attack will strong user passwords protect against?
- 12-19-2008 #6
Any personal information...and I mean ANY can be used in identity theft. I'm not talking about the secret 20 digit code you use for banking. I'm talking about the hints to your address, your password recovery question might well be your Mother's maiden name. The same question your credit card might ask you when you are having a new PIN or card issued .
It depends on how paranoid you are but unless you are using it as a music or video server the chances are there is a lot more personal information at stake than you have considered.
- 12-19-2008 #7
- 12-20-2008 #8
- Join Date
- Dec 2008
i run a relatively simple 5 character password for my user's login, but my root password is much more complex using ~ as the first character - provided you aren't using a machine the way i do for professional use, this works well enough for me. the rest of the security relies on correct use of permissions. meaning, don't chmod 777 crap to make it work.
- 12-20-2008 #9
- 03-11-2009 #10
I actually changed my system admin approach as well ... did this a while ago ...
I came to the conclusion that I am too dumb to prevent exploits so I have:-
1. a normal user account for day-to-day stuff - surf the net etc with no sudo rights and limited access.
2. other users for day-to-day stuff - limited access.
3. my admin login which I have sudoers setup for regular admin tasks like running pacman, rkhunter etc.
4. a Crux install - which I crippled net access on which I use to chroot to my other installs when I need to - have scripts to chroot ... I could probably type it in by now without writing it down
5. have root user account locked to prevent access.
I've still retained the lockdown on access control but think I now probably have things as secure as I am going to get for a desktop ... different approach to online banking (I could tell you but then I'd have to shoot you )
Ed: set firefox store all your personal crap off, reset chown and chmod on home and user data areas just incase I was tempted to chmod 777 things at some point ...
note to self - don't chmod 777 anything again ever !