On 3/21/07, Nicolas Mailhot <nicolas.mailhot@xxxxxxxxxxx> wrote:
Le mercredi 21 mars 2007 à 20:42 +0100, Thomas M Steenholdt a écrit : > Alexander Boström wrote: > > > >> Lets settle for a default configuration with a good balance between > >> usability and security. Like perhaps disabling root login or something. > > > > Taking over a user account is really almost as bad as root access. The > > typical desktop user is thoroughly screwed regardless. > > > > I agree that compromising a user account is still bad. But not nearly as > bad as root access (if one must choose), but if root access through ssh > is disabled by default, attack scripts would have to *guess* a user to > bruteforce and can't rely on bruteforcing "root" who exists on every > *nix system. attackers *do* brute-force usernames, probably because root is usually secured but you can hope hitting a user account with no password install pam_abl. It will profile the attacks for you (for exemple on my system root is the most attacked user but this is dwarfed by one-shot dictionary-user tries)
Hence my point of havign root login off by default. -- Fedora Core 6 and proud -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
