How to Implement password security in Linux

Source: Internet
Author: User
Article Title: How to Implement password security in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Password security is the cornerstone of the Security Information System. Unfortunately, users often ignore or do not pay enough attention to this. As long as you take timely measures to protect the system password, you can prevent hacker attacks. Let's discuss how to set a secure password in the Linux server system.
Password Security Overview
Since humans started using computers, passwords have been primarily used to restrict access to systems. Although software and hardware are constantly updated, the principle of relying on passwords to protect the system remains unchanged. It seems common to choose a password, but the user's system security is completely password-based.
A simple and easy-to-guess password opens the door to the System-once an attacker obtains the password, the password can be directly driven in. A strong enough password takes several years to crack, and a weak password has no secrets within one minute. The following issues involve password settings:
Set Password according to public standards
Encrypted password?
Shaow used for password?
Answering the above questions will help you understand whether the Linux system password is secure.
Mandatory password setting Specification
The first step in password security is to select a password that is difficult to guess. Unfortunately, users tend to choose a password that is easy to remember-but it is also easy to be cracked by hackers. Remember the password is of course important, but it is more important to ensure the security of the password. Therefore, we recommend that you do not select a child name, pet name, or spouse's birthday, users need to set passwords that are difficult for hackers to guess and crack.
Using a password with uppercase or lowercase characters is helpful for improving security, although this is not the only method to improve security, however, it is very effective to deal with brute-force cracking by hackers (Hackers often use dictionary cracking to crack passwords until they find matching passwords ). The author has also seen a random password, but in many cases, the best password must be both strong and easy to remember. This article provides a method to build a strong and easy-to-remember password.
Much of the above seems to be common sense, but the difficulty lies in how to make all Linux users follow the password setting rules planned by the system administrator. In Linux, Passwd (software for password setting in the system) of most versions can be configured with certain specifications to define users' passwords, for example, you must set a password of at least six characters, including at least two numbers. I recommend that the Npasswd software completely replace Passwd in the Linux system, which can check whether the password you want to set is strong enough. It is recommended that the system administrator first set the password specifications for all users.
For the current password database, the system administrator can use a variety of tools to review password security. Similar to Crack and John the Ripper, you can test the system password. The simpler the password, the faster the above tool cracks (that is, guessed. This tool attempts to crack the password file under the/ect/passwd/directory and output the result. The more I guess the password, the more vulnerabilities your organization has. The system administrator can choose to disable some insecure accounts. Although the method is simple, it is not always possible to do so. The best way is to set obstacles for hackers to access the corresponding directories and files, so that they cannot easily obtain and crack the password database files.
Password Database Protection Measures
Next, you need to confirm that the password is handed over to an improper user. Security is based on the user level. Password security is not only to set a secure password, but also to prevent users from writing down the password and leaving it in disorder. It is not advisable to record passwords in plain text documents or wallet paper. Store and record passwords as encrypted as possible.
Another optional method is to shadow the password. Shadow passwords is generated based on the password file in the standard/etc/passwd/directory, but is stored in an independent encrypted file (only read by the Root user with the highest permissions ). Programs in the system can still use the password file in/etc/passwd to access information such as user IDs and group IDs, but not encrypted passwords. This adds a level of security to the password, which means that hackers must obtain the Root permission before they can access the encrypted password library file. In the Red Hat system, pwconv can convert non-shadow passwords into shadow passwords. Note that similar tools for Linux systems of different versions are used in different ways. Please refer to your documents to complete the above work.
The system administrator can take various policies to ensure password security. But first, let users understand the importance of password security, and set a password policy to force password settings. This includes determining acceptable password setting requirements, changing the password's time limit, and how many characters the password should contain. The system administrator can also run a detection tool to find security vulnerabilities in the password database. Also, do not forget the shadow password-it can immediately increase the security protection strength for your system.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.