I'm connected to the internet, but have yet to run any servers or anything. Would it be wise to use complicated passwords for myself and the root user? Could i get by using a stupid password, or possibly no password at all?
Do I need a password for Linux?
- Thread starter eilute
- Start date
As long as you are not running a server, and are just using Linux for web browsing... I would use a "stupid password". Root you might want to make a bit more complicated, because if you do catch a virus, or get an intruder, it will be harder to break. Having no password is just asking for trouble 
No Root password = incredibly stupid
Yes you do need a password, preferrably a somewhat sophisticated one, unless you want to be rootkitted.
Yes you do need a password, preferrably a somewhat sophisticated one, unless you want to be rootkitted.
most of the time when you install Linux ssh is enabled by default.
At any time you can log into your computer from any other computer by the ssh protocol. You need a strong password to protect this.
It has become a hobby for script kiddies to scan networks with brute force password guessers and any simple password is easy to get. It's automated proccess and they can test thousands and thousands of machines in only a few minutes.
If you need help with a password check out the pwgen utility.
It's designed based on a universtity study (or something like that) a while ago that tested how well people are able to remember certain passwords. So it make things that are long and are random-enough that are suppose to be easy to remember.. and it works generally.
To use it, install it. and just run the command: pwgen
By default it generates a 8 character password that consists of some lowercase and uppercase characters.
However I feel that's only good enough for gradual use.
I like to use the options:
pwgen -1cy 12 12
and it will generate twelve 12-figure passwords that include uppercase and special characters.. this is much better for a secure password.
To see the difference between this and a real random password by going:
pwgen -1cys 12 12
Also the other method is to take a familar phrase, turn it into elite speak a bit (just to add capitolization and special characters) and then condense it.
So something like:
Mary Had a Little Lamb...
you can turn it to
|\/|arY H@d a Lit13 Lamb...
and go like this:
|\/|aYH@daLit13Lam...
and you get a very strong password and you'll have that phrase to help remember it.
For home use I just right down passwords. After using them a few times they are easily memorized, and I can then destroy the hard copy of the password.
Some times people will just use the entire phrase for a password, which is acceptable.
Don't ever use favorite names, things, objects, places or dates like birthdays anniverseries or anything like that for passswords. No dictionary words, no elite-speak (the crackers know about this, beleive me), no english words, no non-english words or names either.
Weak passwords are about the only way a up-to-date Linux box is ever hacked nowadays. It's unfortunately very common, and you _definately_ don't want to get routed.
If you get hacked in Linux and they get root access then there is little hope for you to be able to recover the system and it's even very unlikely that you'd ever know about it until it was WAY to late.
Think about the stuff you do with your home computer... shopping online, doing work, logging into online services, logging into work, mailing people. All these require a secure base to be safe. If your machine isn't safe.... nothing on the internet is.
If you have good passwords, don't run unneeded services, and keep your system very up to date you'll be as almost as safe as you could possibly be anywere.
Check out:
http://www.linuxsecurity.com/
The best thing you can do is learn some hacker technics.
check out nmap security scanner. Check out Ethereal network sniffer, and wireless sniffing tools. Go find the 'howto write a linux virus' document. Go test passwords against 'John the ripper' brute password breaking tool. Learn a bit on how to do data mining and do research on people and websites etc etc etc.
It's actually pretty fun as long as you stick to computers you own. All the tools that you need are provided by nearly default installs on most Linux computers.
For example if you using Linux or Ubuntu (with extra repositories setup) you can install lots of these tools by using apt-get...
john (as in 'john the ripper' password brute forcing tool)
ethereal (sophisticated ethernet sniffer)
nmap (stealth port scanner)
nessus and nessussd (vunerability probing tool... one package is the GUI the other is the server... )
Nessus is pretty interesting. This enables you to remotely install a server on any remote *nix machine and run probes and attacks inside of remote networks without ever having to go there physically.
It's very usefull for a network administrator because they can monitor and scan networks for vunerable machines and replace or update them if they are found. It's usefull as a handy network tool to aid in security auditing.
Beware that some scans will trigger exploits in software and crash and break things. If these tools are used in a irresponsable manner they will get you easily fired from a job, land you in federal court (literally), get people to do mean things back to you, and set your pet cat on fire (not so literally).
That way you can learn what to do to keep you safe. Even with a secure Linux OS the internet is a very potentionally dangerous place and a few simple details like secure passwords and keeping up to date can make it mosty a no-worry type place.
You noticed the outbreak of worms in CNN's Windows machines for instance. Those machines were basicly rooted by a automated attack. The worms intellegence is probably hovers around a IQ of 2.5... Becuase they were administrated by retards they were easily attacked and taken over by a simple peice of software. If a REAL attacker targetted them with at least a IQ of 120, then that person could of walked all over that network and stealing all sorts of personal and work-related information.
So good passwords is a must.
However on a side note, if you don't feel like typing in a big password each time you log in to your system you can setup the graphical login to automaticly log in as your user when the system is turned on. That way if you have a secure physical enviroment then you can save yourself the hassle of typing in long passwords each time you log in.
At any time you can log into your computer from any other computer by the ssh protocol. You need a strong password to protect this.
It has become a hobby for script kiddies to scan networks with brute force password guessers and any simple password is easy to get. It's automated proccess and they can test thousands and thousands of machines in only a few minutes.
If you need help with a password check out the pwgen utility.
It's designed based on a universtity study (or something like that) a while ago that tested how well people are able to remember certain passwords. So it make things that are long and are random-enough that are suppose to be easy to remember.. and it works generally.
To use it, install it. and just run the command: pwgen
By default it generates a 8 character password that consists of some lowercase and uppercase characters.
However I feel that's only good enough for gradual use.
I like to use the options:
pwgen -1cy 12 12
and it will generate twelve 12-figure passwords that include uppercase and special characters.. this is much better for a secure password.
To see the difference between this and a real random password by going:
pwgen -1cys 12 12
Also the other method is to take a familar phrase, turn it into elite speak a bit (just to add capitolization and special characters) and then condense it.
So something like:
Mary Had a Little Lamb...
you can turn it to
|\/|arY H@d a Lit13 Lamb...
and go like this:
|\/|aYH@daLit13Lam...
and you get a very strong password and you'll have that phrase to help remember it.
For home use I just right down passwords. After using them a few times they are easily memorized, and I can then destroy the hard copy of the password.
Some times people will just use the entire phrase for a password, which is acceptable.
Don't ever use favorite names, things, objects, places or dates like birthdays anniverseries or anything like that for passswords. No dictionary words, no elite-speak (the crackers know about this, beleive me), no english words, no non-english words or names either.
Weak passwords are about the only way a up-to-date Linux box is ever hacked nowadays. It's unfortunately very common, and you _definately_ don't want to get routed.
If you get hacked in Linux and they get root access then there is little hope for you to be able to recover the system and it's even very unlikely that you'd ever know about it until it was WAY to late.
Think about the stuff you do with your home computer... shopping online, doing work, logging into online services, logging into work, mailing people. All these require a secure base to be safe. If your machine isn't safe.... nothing on the internet is.
If you have good passwords, don't run unneeded services, and keep your system very up to date you'll be as almost as safe as you could possibly be anywere.
Check out:
http://www.linuxsecurity.com/
The best thing you can do is learn some hacker technics.
check out nmap security scanner. Check out Ethereal network sniffer, and wireless sniffing tools. Go find the 'howto write a linux virus' document. Go test passwords against 'John the ripper' brute password breaking tool. Learn a bit on how to do data mining and do research on people and websites etc etc etc.
It's actually pretty fun as long as you stick to computers you own. All the tools that you need are provided by nearly default installs on most Linux computers.
For example if you using Linux or Ubuntu (with extra repositories setup) you can install lots of these tools by using apt-get...
john (as in 'john the ripper' password brute forcing tool)
ethereal (sophisticated ethernet sniffer)
nmap (stealth port scanner)
nessus and nessussd (vunerability probing tool... one package is the GUI the other is the server... )
Nessus is pretty interesting. This enables you to remotely install a server on any remote *nix machine and run probes and attacks inside of remote networks without ever having to go there physically.
It's very usefull for a network administrator because they can monitor and scan networks for vunerable machines and replace or update them if they are found. It's usefull as a handy network tool to aid in security auditing.
Beware that some scans will trigger exploits in software and crash and break things. If these tools are used in a irresponsable manner they will get you easily fired from a job, land you in federal court (literally), get people to do mean things back to you, and set your pet cat on fire (not so literally).
That way you can learn what to do to keep you safe. Even with a secure Linux OS the internet is a very potentionally dangerous place and a few simple details like secure passwords and keeping up to date can make it mosty a no-worry type place.
You noticed the outbreak of worms in CNN's Windows machines for instance. Those machines were basicly rooted by a automated attack. The worms intellegence is probably hovers around a IQ of 2.5... Becuase they were administrated by retards they were easily attacked and taken over by a simple peice of software. If a REAL attacker targetted them with at least a IQ of 120, then that person could of walked all over that network and stealing all sorts of personal and work-related information.
So good passwords is a must.
However on a side note, if you don't feel like typing in a big password each time you log in to your system you can setup the graphical login to automaticly log in as your user when the system is turned on. That way if you have a secure physical enviroment then you can save yourself the hassle of typing in long passwords each time you log in.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter