Securing User Accounts


Next to physical security, the careful use of user accounts is the most important type of security for your network. Properly configured user accounts can prevent unauthorized users from accessing the network, even if they gain physical access to the network. The following sections describe some of the steps that you can take to strengthen your network's use of user accounts.

Obfuscating your usernames

Huh? When it comes to security, obfuscation simply means picking obscure usernames. For example, most network administrators assign usernames based on some combination of the user's first and last name, such as BarnyM or baMiller. However, a hacker can easily guess such a user ID if he or she knows the name of at least one employee. After the hacker knows a username, he or she can focus on breaking the password.

You can slow down a hacker by using names that are more obscure. Here are some suggestions on how to do that:

  • Add a random three-digit number to the end of the name. For example: BarnyM320 or baMiller977.

  • Throw a number or two into the middle of the name. For example: Bar6nyM or ba9Miller2.

  • Make sure that usernames are different from e-mail addresses. For example, if a user's e-mail address is baMiller@Mydomain.com, do not use baMiller as the user's account name. Use a more obscure name.

Warning 

Do not rely on obfuscation to keep people out of your network! Security by obfuscation doesn't work. A resourceful hacker can discover the most obscure names. Obfuscation can slow intruders, not stop them. If you slow intruders down, you're more likely to discover them before they crack your network.

Using passwords wisely

One of the most important aspects of network security is the use of passwords.

Warning 

Usernames aren't usually considered secret. Even if you use obscure names, even casual hackers will eventually figure them out.

Passwords, on the other hand, are top secret. Your network password is the one thing that keeps an impostor from logging on to the network by using your username and therefore receiving the same access rights that you ordinarily have. Guard your password with your life.

Here are some tips for creating good passwords:

  • Don't use obvious passwords, such as your last name, your kid's name, or your dog's name.

  • Don't pick passwords based on your hobbies. A friend of mine is a boater, and his password is the name of his boat. Anyone who knows him can quickly guess his password. Five lashes for naming your password after your boat.

  • Store your password in your head-not on paper.

    Warning 

    Especially bad: Writing your password down on a sticky note and sticking it on your computer's monitor.

  • Most network operating systems enable you to set an expiration time for passwords. For example, you can specify that passwords expire after 30 days. When a user's password expires, the user must change it. Your users may consider this process a hassle, but it helps to limit the risk of someone swiping a password and then trying to break into your computer system later.

  • You can configure user accounts so that when they change passwords, they can't reuse a recent password. For example, you can specify that the new password can't be identical to any of the user's past three passwords.

  • You can also configure security policies so that passwords must include a mixture of uppercase letters, lowercase letters, numerals, and special symbols. Thus, passwords like DIMWIT or DUFUS are out. Passwords like 87dIM@wit or duF39&US are in.

  • Warning 

    Some administrators of small networks opt against passwords altogether because they feel that security isn't an issue on their network. Or short of that, they choose obvious passwords, assign every user the same password, or print the passwords on giant posters and hang them throughout the building. Ignoring basic password security is rarely a good idea, even in small networks. You should consider not using passwords only if your network is very small (say, two or three computers), if you don't keep sensitive data on a file server, or if the main reason for the network is to share access to a printer rather than sharing files. (Even if you don't use passwords, imposing basic security precautions, like limiting access that certain users have to certain network directories, is still possible. Just remember that if passwords aren't used, nothing prevents a user from signing on by using someone else's username.)

Generating passwords for dummies

How do you come up with passwords that no one can guess but that you can remember? Most security experts say that the best passwords don't correspond to any words in the English language but consist of a random sequence of letters, numbers, and special characters. Yet, how in the heck are you supposed to memorize a password like Dks4%DJ2? Especially when you have to change it three weeks later to something like 3pQ&X(d8.

Tip 

Here's a compromise solution that enables you to create passwords that consist of two four-letter words back to back. Take your favorite book (if it's this one, you need to get a life) and turn to any page at random. Find the first four-or five-letter words on the page. Suppose that word is When. Then repeat the process to find another four-or five-letter word; say you pick the word Most the second time. Now combine the words to make your password: WhenMost. I think you'll agree that WhenMost is easier to remember than 3PQ&X(D8 and is probably just about as hard to guess. I probably wouldn't want the folks at the Los Alamos Nuclear Laboratory using this scheme, but it's good enough for most of us.

Here are additional thoughts on concocting passwords from your favorite book:

  • If the words end up being the same, pick another word. And pick different words if the combination seems too commonplace, such as WestWind or FootBall.

  • For an interesting variation, insert a couple of numerals or special characters between the words. You end up with passwords like into#cat, ball3%and, or tree47wing. If you want, use the page number of the second word as a separator. For example, if the words are know and click and the second word comes from page 435, use know435click.

  • To further confuse your friends and enemies, use medieval passwords by picking words from Chaucer's Canterbury Tales. Chaucer is a great source for passwords because he lived before the days of word processors with spell-checkers. He wrote seyd instead of said, gret instead of great, welk instead of walked, litel instead of little. And he used lots of seven-letter and eight-letter words suitable for passwords, such as glotenye (gluttony), benygne (benign), and opynyoun (opinion). And he got A's in English.

  • Tip 

    If you use any of these password schemes and someone breaks into your network, don't blame me. You're the one who's too lazy to memorize D#Sc$h4@bb3xaz5.

  • If you do decide to go with passwords, such as KdI22UR3xdkL, you can find random password generators on the Internet. Just go to a search engine, such as Google (http://www.google.com), and search for Password Generator. You'll find Web pages that generate random passwords based on criteria that you specify, such as how long the password should be, whether it should include letters, numbers, punctuation, uppercase and lowercase letters, and so on.

Secure the Administrator account

It stands to reason that at least one network user must have the authority to use the network without any of the restrictions imposed on other users. This user is the administrator. The administrator is responsible for setting up the network's security system. To do that, the administrator must be exempt from all security restrictions.

Warning 

Many networks automatically create an administrator user account when you install the network software. The username and password for this initial administrator are published in the network's documentation and are the same for all networks that use the same network operating system. One of the first things that you must do after getting your network up and running is to change the password for this standard administrator account. Otherwise, your elaborate security precautions are a complete waste of time. Anyone who knows the default administrator username and password can access your system with full administrator rights and privileges, thus bypassing the security restrictions that you so carefully set up.

Warning 

Don't forget the password for the administrator account! If a network user forgets his or her password, you can log on as the supervisor and change that user's password. If you forget the administrator's password, though, you're stuck.




Networking For Dummies
Networking For Dummies
ISBN: 0470534052
EAN: 2147483647
Year: 2004
Pages: 254
Authors: Doug Lowe

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net