Weak passwords means what for the system.
|
Author | Content |
---|---|
bstadil Dec 24, 2004 2:05 PM EDT |
At the behest of sbergman27 (in the voting comments) I read the pdf file of what had been done. I admit I may have been a bit too hasty in voting this negative. That being said I still do not understand what precisely we can gleam from the fact that 3 servers with deliberately weak passwords got brute force hacked. Maybe this will tell you something about the Internet in general but nothing I can see about the relative merits of the underlying OS. |
tuxchick Dec 24, 2004 2:43 PM EDT |
Well it means a number of interesting things. Perhaps the author of the report didn't feel the need to go into more detail, because this relates to fundamental security issues that presumably clueful sysadmins already know. More details would have been good, especially for addressing a mass audience. Linux/Unix security rests on two fundamentals: strong passwords and restricted privileges. (Yes there are more, for the purpose of this discussion these two are enough.) To successfully exploit a Linux/Unix system, an attacker must first gain access to a user account. (Contrast this with Windows, which is ridiculously easy to exploit with neither access to source code nor "root" privileges.) Then even if an attacker gets in via a user account, he needs root privileges to really do anything useful. Most Linux/Unix attacks aim for escalation of privileges. If an unprivileged user account is compromised, there is not much an attacker can do except mess with that account. He can't alter system files, which means he can't cover his tracks, or plant backdoors or rootkits. If the root user has a weak password, oops, too bad so sad. So in a nutshell, strong passwords = strong protection. |
sbergman27 Dec 24, 2004 2:44 PM EDT |
The report is not about the merits of the underlying OS. The honeynet project is about studying the behavior of crackers in their natural environment. In the real world, lots of people, even system administrators of Linux boxes, (which could very well be my grandmother, as admin of her Xandros desktop) have bad passwords. The honeynet project takes that into account. Honeynet is not about proving that Linux is a more secure OS. It is about studying and describing the cracking techniques, behaviors, trends, and patterns actually seen on the internet. |
bstadil Dec 24, 2004 3:27 PM EDT |
Makes sense, Thanks |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!