-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This doesn't really apply to the root user, but another thing you can do which will help to increase security is to implement an account lockout polacy. That is, logins are disabled on an account after say, three invalid login attempts. The disadvantage to this is that you have to manually unlock an account when this happens, but this also means you know if someone is trying to break in to an account. Like I said before, though, this obviously doesn't work for root. You should definitely make sure your remote login software (telnet, ssh, etc.) disconnects users after to many invalid login attempts. - --- Joseph C. Lininger jbahm at pcdesk.net - ----- Original Message ----- From: "Dawes, Stephen" <Stephen.Dawes@xxxxxxxxxx> To: "Speakup is a screen review system for Linux." <speakup at braille.uwo.ca> Sent: Tuesday, January 20, 2004 10:02 AM Subject: RE: A topic of concern in Linux Yes, but if the cracker is trying to invade the system from the outside, it doesn't matter if you are a big corporation or a home Linux network, the userid is root, and the password is what the cracking software is trying to brake. Now, if you set up the system to: A. never allow login as root from the outside; B. Change the userid root userid and group and everything associated with it to something other then root; you increase the security to the next level, and then the user verses root thing applies. One point that I forgot to mention about password security that can help in decreasing the likelihood of it being infiltrated, is to change it regularly. All OS's allow for a password timeout function, and when this feature is used, you are automatically reminded to change your password. OS security is a big thing throughout industry, and industry spends a large amount of money on it. All I know that I can do on my part, is use the guidelines set out by my employer on my home based system, and hope that I have made my system secure enough. Simply put: Just like locks, passwords, keep the honest out. Steve Dawes Phone: (403) 268-5527 Email: SDawes at calgary.ca NOTICE:: This communication is intended ONLY for the use of the person or entity named above and may contain information that is confidential or legally privileged. If you are not the intended recipient named above or a person responsible for delivering messages or communications to the intended recipient, YOU ARE HEREBY NOTIFIED that any use, distribution, or copying of this communication or any of the information contained in it is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and then destroy or delete this communication, or return it to us by mail if requested by us. The City of Calgary thanks you for your attention and cooperation. _______________________________________________ Speakup mailing list Speakup at braille.uwo.ca http://speech.braille.uwo.ca/mailman/listinfo/speakup -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQA5OTCenap9Jqj2wEQJTogCg1JIH4sDvMU/U2EMw574gVgaRQ5IAoJnX qBOPV8OBOAqNnj+YqfUPA8sq =VwdW -----END PGP SIGNATURE-----