Windows Server account and password setting principles

Source: Internet
Author: User
Tags printable characters strong password

Every user in the network has a user's own account and password. The security of the account and password is directly related to the user's system security and data security. There are two different types of user accounts in Windows Server 2003. The following describes some knowledge about account and password security.

Each person has a name on the network that represents an "Identity", called "user ". Different users have different permissions, and their computer and network control capabilities and scopes are different. There are two different types of user accounts in Windows Server 2003, that is, they can only be used to access local computers (or use remote computers to Access this computer) "Local User Account" and "domain user account" that can access all computers in the network ". A user account is the key to access the network. The management of user permissions is directly related to the security of application systems on the network. Security is actually the use of permissions, and permissions are granted to every user. Therefore, make sure that the user has only the necessary permissions and that the user's password is not cracked. In short, only by ensuring the security of user accounts can we achieve real system security and data security.

The password is the key for a user to log on to the Windows Server 2003 system. If there is no key, it always takes some effort to log on to the target operating system. No matter what remote attacks the intruders use, the entire system cannot be fully controlled if the user password of the administrator or super administrator cannot be obtained. To access the system, the simplest and necessary method is to steal the user's password. Therefore, for the system administrator account, the most important thing to protect is the password. If the password is stolen, it means the arrival of a disaster.

Most intruders obtain administrator privileges through various systems and vulnerability settings, and then launch malicious attacks on the system. Weak account password settings make it easy for intruders to crack and access computers and networks, while strong passwords are hard to crack, and even password cracking software is hard to do in a short time. Password cracking software generally uses three methods for cracking: dictionary guesses, combined guesses, and brute force guesses. Without a doubt, cracking a strong password is far more difficult than cracking a weak password. Therefore, the system administrator account must use a strong password.

According to statistics, about 80% of security risks are caused by improper password settings. Therefore, password settings are very skillful. When setting a password, observe the password security setting principle. This principle applies to any password usage scenarios, including Windows and UNIX/Linux operating systems.

1) The account and password cannot be the same

If the password is set to the same as the user account, almost all password cracking software can easily detect the password.

2) You cannot use your own name.

Using your own surname or name or even name as the password is really vulnerable. For this unit and those familiar with this unit, the name is undoubtedly the first choice for attacks, because almost anyone can guess this. In addition, in the dictionary of password guesses compiled by many intruders, hundreds of surnames are often listed one by one and placed at the forefront of the dictionary.

3) You cannot use English phrases.

Some frequently-used or unique English words are often the favorite words when users set passwords. In their opinion, such passwords are easy to remember and highlight their own personality. But in fact, the very smart intruders have long guessed and carefully compiled them into the dictionary of password guesses. Therefore, common English phrases cannot be used as passwords.

4) Date of specific meaning cannot be used

Anyone is fond of using a specific date as a password. Such dates usually include their own birthdays, parents' birthdays, children's birthdays, friends' birthdays, major holidays, and personal anniversaries. Needless to say, people who are familiar with it can guess, and even strangers can beat it in a poor way. In the dictionary of hacker password guesses, almost all of the above combinations are listed.

5) do not use a simple password

A brute force password cracking software can try as many as 0.1 million times per second. The fewer words, the simpler the characters, the fewer the result of the arrangement and combination, and the easier it is to be cracked.

To sum up, to ensure password security, the following rules should be observed:

◆ The user password should contain uppercase/lowercase letters, numbers, printable characters, or even non-printable characters. We recommend that you use these symbols in combination to achieve the best confidentiality.

◆ Do not use the user name, birthday, phone number, and common words as the password.

◆ According to the hash algorithm of Windows passwords, the password length should be set to more than 7 bits, preferably 14 bits.

◆ The password cannot be stored in plain text in the system. Make sure that the password is written in encrypted form on the hard disk and the files containing the password are read-only.

◆ The password should be modified on a regular basis. The old password should be avoided and multiple password naming rules should be adopted.

◆ Create an account lock mechanism. Once the password of the same account is incorrectly verified several times, the account will be unlocked after a period of time.

Every user in the network has a user's own account and password. The security of the account and password is directly related to the user's system security and data security. There are two different types of user accounts in Windows Server 2003. The following describes some knowledge about account and password security.

Each person has a name on the network that represents an "Identity", called "user ". Different users have different permissions, and their computer and network control capabilities and scopes are different. There are two different types of user accounts in Windows Server 2003, that is, they can only be used to access local computers (or use remote computers to Access this computer) "Local User Account" and "domain user account" that can access all computers in the network ". A user account is the key to access the network. The management of user permissions is directly related to the security of application systems on the network. Security is actually the use of permissions, and permissions are granted to every user. Therefore, make sure that the user has only the necessary permissions and that the user's password is not cracked. In short, only by ensuring the security of user accounts can we achieve real system security and data security.

The password is the key for a user to log on to the Windows Server 2003 system. If there is no key, it always takes some effort to log on to the target operating system. No matter what remote attacks the intruders use, the entire system cannot be fully controlled if the user password of the administrator or super administrator cannot be obtained. To access the system, the simplest and necessary method is to steal the user's password. Therefore, for the system administrator account, the most important thing to protect is the password. If the password is stolen, it means the arrival of a disaster.

Most intruders obtain administrator privileges through various systems and vulnerability settings, and then launch malicious attacks on the system. Weak account password settings make it easy for intruders to crack and access computers and networks, while strong passwords are hard to crack, and even password cracking software is hard to do in a short time. Password cracking software generally uses three methods for cracking: dictionary guesses, combined guesses, and brute force guesses. Without a doubt, cracking a strong password is far more difficult than cracking a weak password. Therefore, the system administrator account must use a strong password.

According to statistics, about 80% of security risks are caused by improper password settings. Therefore, password settings are very skillful. When setting a password, observe the password security setting principle. This principle applies to any password usage scenarios, including Windows and UNIX/Linux operating systems.

1) The account and password cannot be the same

If the password is set to the same as the user account, almost all password cracking software can easily detect the password.

2) You cannot use your own name.

Using your own surname or name or even name as the password is really vulnerable. For this unit and those familiar with this unit, the name is undoubtedly the first choice for attacks, because almost anyone can guess this. In addition, in the dictionary of password guesses compiled by many intruders, hundreds of surnames are often listed one by one and placed at the forefront of the dictionary.

3) You cannot use English phrases.

Some frequently-used or unique English words are often the favorite words when users set passwords. In their opinion, such passwords are easy to remember and highlight their own personality. But in fact, the very smart intruders have long guessed and carefully compiled them into the dictionary of password guesses. Therefore, common English phrases cannot be used as passwords.

4) Date of specific meaning cannot be used

Anyone is fond of using a specific date as a password. Such dates usually include their own birthdays, parents' birthdays, children's birthdays, friends' birthdays, major holidays, and personal anniversaries. Needless to say, people who are familiar with it can guess, and even strangers can beat it in a poor way. In the dictionary of hacker password guesses, almost all of the above combinations are listed.

5) do not use a simple password

A brute force password cracking software can try as many as 0.1 million times per second. The fewer words, the simpler the characters, the fewer the result of the arrangement and combination, and the easier it is to be cracked.

To sum up, to ensure password security, the following rules should be observed:

◆ The user password should contain uppercase/lowercase letters, numbers, printable characters, or even non-printable characters. We recommend that you use these symbols in combination to achieve the best confidentiality.

◆ Do not use the user name, birthday, phone number, and common words as the password.

◆ According to the hash algorithm of Windows passwords, the password length should be set to more than 7 bits, preferably 14 bits.

◆ The password cannot be stored in plain text in the system. Make sure that the password is written in encrypted form on the hard disk and the files containing the password are read-only.

◆ The password should be modified on a regular basis. The old password should be avoided and multiple password naming rules should be adopted.

◆ Create an account lock mechanism. Once the password of the same account is incorrectly verified several times, the account will be unlocked after a period of time.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.