question on root password

[moontan]

i keep my root/sudo password really short and simple since i'm the only user.

is having a long password against online attacks necessary?

could someone 'knock at the door' of my connection, so to speak, and try passwords one after the other until he/she finds the right one?

[Hungry Man]

They would need to actually be in a program on the system either having exploited one or otherwise.

I use a pretty simple password - 12 characters. That should be fine.

[moontan]

tnx Hungry!

i'll add a few more characters.lol

[TheQuest]

Hi moontan

Quote:

Originally Posted by moontan

tnx Hungry!

i'll add a few more characters.lol

I find adding a period[s] or [full stop[s]], makes it really strong in any password test.

I.E. :- my.nam.e.is.not.you.rs.

my..nam..e.is..not..you..rs..

my..nam...e.is.not...you.rs...

FYI :- A full stop ( . ) (British, New Zealand and Australian English) or period (American English and Canadian English).

Take Care
TheQuest

[NGRhodes]

Quote:

Originally Posted by Hungry Man

They would need to actually be in a program on the system either having exploited one or otherwise.

OR running an ssh server, assuming no firewall ports open to the internet !

[Hungry Man]

Password padding is a great way to increase password strength.

Quote:

OR running an ssh server, assuming no firewall ports open to the internet !

True but then it's not the root password, you'd have a separate password.

Quote:

Originally Posted by moontan

could someone 'knock at the door' of my connection, so to speak, and y passwords one after the other until he/she finds the right one?

To expand on what Nick said...
Are you behind a NAT? If

Code:

ifconfig

tells you your ip is 192.168.x.x or 10.x.x.x, then you're behind a NAT. If you haven't forwarded any ports on the router, then you don't have any services directly facing the internet. When an attacker "knocks on your door" what he's doing is looking for internet-facing ports. If you don't have any then the attacker has nothing to brute-force.

If you're running a server of any kind (ssh, samba, whatever), and you have the port forwarded from your router, then a brute-force attack like the one you're describing probably happens routinely. But it will brute-force the password of the server account (like HungryMan said), it won't be brute-forcing your sudo password.

[moontan]

tnx Brandi, i just tried ifconfig and no, i'm not using a NAT (don't even know what that is).

i don't have a router as a i have only 1 machine.

so i think i'm ok.

Your question is answered: you're probably OK with your sudo password because the sudo password isn't what gets brute-forced. But stronger is better in general for all passwords.

What I was saying is that the router gives you a layer of protection from remote attacks. If you don't have that then attackers still won't be brute-forcing your sudo password, but they might be brute-forcing your services.

What kind of firewall do you have? What are its settings? If you don't have a firewall, or you just have the default settings then I recommend you look into a firewall with strong inbound rules.

Are you running any servers? (ftp, ssh, samba, remote desktop/vnc, cups...) If you don't know the answer you can run

Code:

sudo watch netstat -anpe

and you'll see a list of services listening or established. The last column is "Program name" - it will tell you what you're running. It will look like this:


So this screenshot shows I'm running "cupsd" which is a print server, "smbd" and "nmbd" which are related to a samba server, and "avahi-daemon" which kind of replaces the DHCP server in Ubuntu. None of these services are listening on external ports- they only communicate with other machines in my house. Therefore these services can't be directly attacked from the outside. But if you have them running without a router then they are accessible from the internet.

Anyway, the point is if you have some services running, it's important that you secure them so that a remote attacker can't brute-force the password for those services.

[moontan]

many tnx to every1 for their inputs!

Brandi, i use the GUFW front-end for the kernel firewall.
Incoming = Deny, Outgoing = Allow.

i don't use a server, i even uninstalled Samba from my machine.

i don't want to get too deep in configuring Linux for security.
i'm not a Level 9 wizard like some of you folks and don't want to become one either.

i got away from Windows to leave much of this stuff behind me, i hope. lol

tnx again folks, much appreciated.

[mack_guy911]

scan your system from ports online here

www.grc.com/




want to check internal open ports/services ...etc scan with zenmap (gui of nmap)

they have some pre define basic scans check them you get all idea about your PC

[moontan]

Quote:

Originally Posted by mack_guy911

scan your system from ports online here

www.grc.com/




want to check internal open ports/services ...etc scan with zenmap (gui of nmap)

they have some pre define basic scans check them you get all idea about your PC

tnx mack.

i already tested my firewall with Gibson's website.
the only thing i fail is Ping Request.

which is similar to the Windows Vista firewall, from what i have read around the 'net.

i'll look into nmap.
----
edit:
just tried zenmap.

way too technical for me.