Re: [cobalt-users] Admin/root password security hole

["Fathi Said" <fathi@xxxxxx>]

Hey Jonas,

> what about putting together a small "how can i make my server more
> secure"-HOWTO which explains some security basics to everyone? e.g., good
> passwords, disable telnet/use ssh, read your mails / use your server

We do that already :)

See:


6. Important Security Informations
6.1 Passwords
Imagine someone steals the key to your house or apartment. If this thief
knows where you're living, he can break into your home and do many unlawful
and destructive things. If you live in a house with several appartments the
bad dude can do bad things to the whole house and can be even more
effective.



The same applies for passwords. Your password as well as the password of
your users (which you give to them or they change themselves) are very
similar to a key, a key to your files, your account and the files of your
users. This includes websites, important data and even emails. Just imagine
what would happen if a bad dude (who has your password) would be able to
modify your website, or even change your password so that you lose access to
your account!?



Because of this it is very important that you chose your passwords with
consideration.



Deshalb ist es wichtig, daß Paßwörter mit Bedacht gewählt werden. Es gibt
zahlreiche Programme, die es Hackern erlauben, sehr einfache Paßwörter
herauszufinden. Therefore we ask you to be extremely careful with the
selection of your passwords and also pass this advise on to all your users!



Please note: If you select an easy password and a bad dude is able to access
and destruct our servers, you will carry FULL responsibility for all damage
against us and all of our clients.



Here are a few tips which may help you with selecting good passwords;



When selecting passwords, please NEVER use...

1.        ... Pre- or last names, street addresses, city names or terms of
everyday's language

2.        ... Telephone- or fax numbers, birth dates, checking account
numbers, other card numbers or other numbers which are directly or
indirectly realted to you or to persons who know you.

3.        ... Combinations of #1 and #2.

4.        ... Passwords shorter than six (6) characters.



As passwords please use...

1.        ... randomly created chains of letters and numbers which contain
small as well as LARGE CAPS letters.

2.        ... always at least eight (8) characters.



A good way to find a reliable password is do to the following:

Start a word-processing application of your choice. Close your eyes and
press 10 to 15 times blindly on your keyboard. Then remove all characters
which are no letters or numbers, and there we go! Now you have a password
which is very unlikely to be guessed!





:))



Fathi