Re: The Leap to Linux

From: alex49201 (alex_at_ae.homelinux.com)
Date: 11/22/03

Next message: Rich: "Re: Bill Gates and Linux hatred"
Previous message: Rob: "Re: giFT"
In reply to: Scott: "Re: The Leap to Linux"
Next in thread: Michael Heiming: "Re: The Leap to Linux"
Reply: Michael Heiming: "Re: The Leap to Linux"
Reply: Scott: "Re: The Leap to Linux"
Reply: Harry Phillips: "Re: The Leap to Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 22 Nov 2003 14:45:22 GMT

> Plain text passwords are not secure, period. There's no less or more,
> they are just not secure. Wandering off onto another topic is not
> going to change this fact.

ftp - plain text passwords = Easy for cracker to gain user access.

samba - encrypted passwords = Easier for cracker to gain root access.

I don't care if a user on my systems is comprimised.. I have days/weeks
worth of backed up home dirs... what damage could a malioucious cracker
do? What worries me is ANY peice of software that has consistantly
displayed ROOT vulnrabilities.

When i speak of security.. i speak of ROOT security. I protect ROOT.
Not users. Furthermore, since (by my assumptions of the OP's
statements), this is for a small local network and not a Public server,
then his firewall or dsl_router/firewall would block any type of
cracker into his network at all.. More over, since it is the OP's
desire to share his files with other users, and not vice versa, he
could even just drop those files into /home/ftp and serve them
anonymously.. No passwords at all; this creates a trust of the LAN,
then all he has to worry about is making sure that no unautherized
people have access to his LAN by using a secure firewall, best for the
user would be a typical hardware (Dlink?) router/firewall.

I subscribe to the idea that the simplest solution with the maximum
security of ROOT, is Always the best idea... Opinions can and do vary,
as they have here.

-- 
-alex49201

Next message: Rich: "Re: Bill Gates and Linux hatred"
Previous message: Rob: "Re: giFT"
In reply to: Scott: "Re: The Leap to Linux"
Next in thread: Michael Heiming: "Re: The Leap to Linux"
Reply: Michael Heiming: "Re: The Leap to Linux"
Reply: Scott: "Re: The Leap to Linux"
Reply: Harry Phillips: "Re: The Leap to Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: Attempt to breakin
... > a really dumb brute-force attack. ... a year or two old has a couple of very easy to remotely "get root" exploits. ... people that belong to the 'wheel' group can 'su' to root; ... Nobody can guess passwords if sshd won't accept passwords ...
(comp.os.linux.networking)
Re: three questions
... (root by default) ... The Security check is a separate "letter" to you. ... the login failures sectoin means that you ... mistyped passwords or in some other way attempted to login improperly. ...
(freebsd-questions)
RE: should i bother??
... > (network address translation from a public IP to a private network is always advised here) ... certain outgoing ports on the firewall at work. ... I run root kit hunter as a daily cron job. ... > Strong passwords of random letters, with at least two numbers and two special characters for all accounts, definately root. ...
(Fedora)
Re: Removing hackers file
... >>But reinstall and get up to date with the security updates. ... >>Note they have root on your machine, and thus they may well know your ... > I am sending this from Windows, but Windows may be compromised too? ... re-install, change all your passwords, and start from scratch. ...
(comp.os.linux.security)
Re: Education End Users about Passwords
... Consider the following however; Cracker is on ... > passwords becomes infinitely easier, because they now have a mnemonic ... > the nefarious sticky note. ... 50 Cents - 'Assassins' ...
(Pen-Test)