A.J. Bonnema wrote:
Hi all,
A common problem with passwords are their guessabilty (yes, as a
non-native English speaker, I too make up words.....). For instance,
even though I have taught my daughter to not use dictionary words, names
etc, her password for one of the online accounts got hijacked. What
happened was, she used: _____ (five underscores) as a password: arghghgh.
But it did make me think again about the security of my home network.
Unfortunately most passwords are dictionary words, that are easy to
guess using f.i. the john password guesser program, combined with
numbers and if you are lucky a special charactor or two.
What I wonder about is the following:
* given that all ports are closed to external contact through a physical
allbeit consumer oriented firewall, just means I am safe for
port-scanners. But does it mean that I am safe from cracker systems /
programs? Is there a way to break in, without allowing external contact
through one of the ports? (not including trojans and the like).
* A second issue is: suppose I would force my family to use really
random passwords (like characters picked from a one-time pad). And now
suppose I lose my root-password: would I be able to rectify this,
without destroying the data?
Guus.
apg ("yum install apg" should do the trick I would think) will help
generate (relatively?) secure passwords, and by default will
generate some that are least somewhat easy to remember though should
be very difficult to guess attack.
Try running it with the following command:
apg -M SNCL -r /usr/share/dict/words
which generates output something like this:
Kam5quon!
2FrijibIb]
er7Oddus`
Un'blahij1
tru~Glac2
3Odnirs%
My guess is that any of the above should be reasonably secure and
*not too* difficult to remember.
With local access to the machine you should be able to boot into...
into... some kind of root/superuser mode should the need arise.
Fortunately I have not had to do so for several years.
Unfortunately, I do not remember how...
I cannot speak to the firewall/gateway appliance you are using -- I
have been using OpenBSD on an old workstation with a few NICs as my
firewall/gateway for several years now. Sorry, not trying to start
problems here -- this is something we did years ago at an old
employer of mine after experiencing problems with several
off-the-shelf type firewall/gateway appliances.
Good luck,
Joe
