December 5th, 2009
I am generally concerned with the use of very simple passwords that I come across regularly.
I recently ran a password cracking tool over all passwords in one workplace to get a feel for how secure their passwords were. The results were not ideal considering there were less than 70 staff.
- 19 passwords were found within 1 second;
- 40 within 30 seconds;
- 52 within 60 seconds;
- 55 within 3 minutes.
Passwords discovered (apart from the ones which were the users own name) included:
- abc123
- surfer
- thursday
- fuel01
- bulldogs
- password
- pink01
- gold65
- mushroom
And the list goes on. If you recognise any of these passwords as similar to your own, you should recognise why there is a need to make passwords a bit more secure. Sometimes the people with the extremely simple passwords have remote VPN access directly into the work network which is a massive security issue and puts the entire network at risk.
There are great security differences between a non-secure password (eg apple12) and a (more) secure password (ApP!e1@).
You need to make up a password you can remember. Use a pass-phrase to help, use a combination of upper and lower case, numbers and special characters. Use substitute characters, eg use 1 instead of i. If you normally have two numbers at the end of you password, randomly substitute the number’s special character, eg instead of 24, use @4 or 2$. I dont want to make this so hard you end up writing down your password and sticking it on your screen so you get it right as this kind of defeats the purpose.
An example of a strong complex password is M2dn@saR3x which could be remembered with the pass-phrase – “my two dogs names are spot and rex” or “M(y) 2 d(ogs) n(ames) @(re) s(pot) a(nd) R3x
Your password protects your IT, the longer and more complex the better. Security paranoid people recommend 20 characters or more but in reality, make sure they are a minimum of 8 characters long and as varied as possible and change them regularly (a few times per year or more often).
December 2nd, 2009
An alternative to expensive Microsoft server licences and higher hardware requirements is to use Linux as your server platform. Most server functions can easily be performed by free (yes free, really) Linux servers. This includes company firewalls, file and print servers, web servers, email servers, authentication, database servers, proxy servers, storage servers (such as Openfiler) etc. If it can be done on a server, more than likely, the function can be done for free with Linux. There are commercial Linux server releases such as Suse and Red Hat which are not free but these come with support etc. Most of the high end server manufacturers offer Linux out of the box (HP, IBM, Dell and others)
Most Linux servers have far smaller hardware requirements than Windows servers and will happily run on older hardware. Most of them also only have a terminal interface though rather than a nice graphical interface so configuration and maintenance can be difficult for staff familiar with Windows servers only. There are tools available to make configuration easier. Interaction with Windows PC’s is made possible with a system called SAMBA so the end user does not even realise their servers are not Windows.
If you find the idea of using something a bit unknown worries you, you may be interested to know that (according to a Wikipedia article), over 85% of the worlds super computers run Linux distribution of some description and the big movies studios all use Linux servers for movie production. A lot of web servers that serve you up your internet content (including this site) are also all hosted with Linux servers.
If you want to set up a free Linux server, stick with one of the main distributions such as OpenSuse, Ubuntu or Fedora to make sure you have a wide user base to draw support from. My development Linux server is Ubuntu running under VMWare.
December 2nd, 2009
Linux as an operating system is moving out of the server and IT geek arena into more mainstream user friendly graphical desktop versions. Ubuntu is one such Linux distribution that is more user focussed and comes ready to go with most office, internet, email and entertainment needs covered with pre-installed free software . Linux operating systems are free to use for either personal or commercial use and with only minimal training, most business PC users would be able to make the change without too many challenges. Ubuntu has a “release” every 6 months, usually in April and October of each year. Hardware support is generally good and with a little perseverance and web searching, a user can usually find that they can do anything on Linux that they could do on Windows. The real power of Linux though is not in its graphical environment but its underlying service power and ability to be controlled via a command line terminal session.
Usually though, MS Windows is supplied with most name brand PC’s so unless you have a compelling reason to buy white box generic PC’s with no software or you have a fundamental aversion to Microsoft, Windows will remain the operating system of choice for most small to medium enterprises.
Other commonly used Linux desktop releases include (but are certainly not limited to):
These are all based on one of the three distributions below:
If you want to give Linux a go, the best options are Ubuntu (Debian based), Fedora (Red Hat based) or OpenSuse (Slackware based). My personal preference is Ubuntu. These all come as easy to install and easy to use distributions packed with useful software. Once you get used to an underlying distribution, it is easier to stick with it, they each do some things differently. Most Linux installations are available as a “Live CD”which allows you to boot from a CD to try out Linux on your hardware without having to install it or you can dual boot with Windows if you have some unallocated space on your hard drive (you can make some with various boot CD disk partition tools if you dont have any).
