Protecting Passwords from Abuse

Once you've generated a password, you normally use it. Simultaneously, though, you must protect the password from discovery by means other than password cracking. Certain practices put passwords at risk of discovery by others, and other practices can help prevent this discovery, or at least minimize the risk if your password is found out. Steps you can take to improve your password security include:

Use Encryption Whenever possible, use encrypted protocols, such as SSH, rather than unencrypted protocols, such as Telnet. This rule is particularly important on the Internet at large; when you send an unencrypted password over the Internet, it probably passes through about a dozen routers, any one of which could be compromised. Unfortunately, it's not always possible to use encryption. For instance, many ISPs provide only unencrypted tools for recovering e-mail using the Post Office Protocol (POP).

Change your password frequently If you change your password often, you minimize the time period during which crackers can abuse it, should it be discovered. As the system administrator, you can enforce a password-change time by using the -x parameter to passwd. For instance, typing passwd -x 30 ferd enforces a 30-day maximum password lifetime on the ferd account.

Use unique passwords for each account If you have multiple accounts, don't reuse the same password on each account. This practice will minimize the risk should the password for one account be discovered. Unfortunately, the proliferation of password-protected websites makes this advice practically impossible to follow for websites. You may need to categorize your sites according to sensitivity, and assign unique passwords only to sites that are particularly sensitive, such as online banking sites. Alternatively, many web browsers can now remember passwords for you; however, this approach has its own perils, which are described next.

Store passwords only in your head Writing down passwords is potentially very dangerous; if the paper on which a password is written falls into the wrong hands, your account becomes instantly insecure. Likewise, storing your password in a computer file is risky; if your primary account is compromised, the secondary accounts protected by passwords stored in the primary account's files may also be attacked. (Some software, such as password managers on PalmOS handheld computers, can encrypt a list of passwords. If you must store passwords in a computer file, using such a system can reduce the risks.) Unfortunately, some tools are very awkward or impossible to use without storing passwords on disk; for instance, Fetch mail (http://catb.org/~esr/fetchmail/) is virtually worthless if it can't read a password from its configuration file.

Beware of suspicious notices and activity If your login failed but you think you typed the password correctly, change your password at once—especially if you logged in using a public terminal. If somebody's lurking nearby when you log in, be careful to shield the terminal as you type the password. Never give your password to anybody else. As a general rule, odd occurrences—both in software and in human behavior—should be treated with suspicion. These events may have perfectly innocent explanations, but if in doubt, take appropriate actions to protect your account. Changing your password is cheap insurance against many types of attack.

Many of these protective measures are essentially defenses against social engineering. Others defend against network sniffing or other dangers. All of them must be practiced by ordinary computer users, which means that you, as a system administrator, must find a way to educate your users. In some cases this is easy; for instance, if you're running Linux on a personal workstation, you may be the only user. In other cases, you may need to include password education in a formal user training program.

One other step you may want to consider as a system administrator is auditing your users' passwords. You can run a password-cracking program, such as Crack (http://www.crypticide.org/users/alecm/), to discover weak user passwords. You can then notify users of their weak passwords and give them some time to correct the matter. For the best security, transfer the password file via floppy disk to a computer that's not connected to the network and run the password-cracker on it. This practice will minimize the chance that a miscreant will stumble upon your password cracking.

Warning Although discovering weaknesses in your system security in order to correct problems is an admirable goal, most organizations have strict policies forbidding activities such as password cracking. To avoid running afoul of such policies, even though you're doing it in the service of improving system security, be sure to clear password-cracking activity with somebody who has the authority to do so. Obtain this authorization in the form of a written and signed document, not merely a verbal approval. Failure to obtain permission to crack users' passwords may cost you your job or even result in criminal charges being filed against you.

Team LIB

Team LIB

^ previous

0 0

Post a comment