Date: Tue, 23 Jun 2009 11:19:33 +0200 (CEST) From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: Benjamin Lee <ben@b1c1l1.com>, Daniel Underwood <djuatdelta@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Best practices for securing SSH server Message-ID: <alpine.BSF.2.00.0906231115500.55627@wojtek.tensor.gdynia.pl> In-Reply-To: <4A4087DB.5010700@infracaninophile.co.uk> References: <b6c05a470906221816l4001b92cu82270632440ee8a@mail.gmail.com> <4A403324.6090300@b1c1l1.com> <alpine.BSF.2.00.0906230839170.54856@wojtek.tensor.gdynia.pl> <4A4087DB.5010700@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
>> 99% of crack attempts are done by "kevin mitnick" methods, not password >> cracking. > > Absolutely true. Mitnick was an early exponent of Social Engineering > attacks, which are still the easiest and most effective methods for Mitnick just chose the best possible friend - human stupidity. It never fails. > breaking computer security. Now, if we could just get rid of all the > users, our lives as Sys Admins would be a whole lot easier... Just make sure that one user can't do mess to others, and to log every logins. Then it's no more your problem, as users can only hurt themselves. Don't care about their security if they don't care by themselves. > Cheers, > > Matthew > > [*] It's amazing how many people, when you tell them to use a mix of > upper and lower case letters, just capitalize the *first* letter of > their password. because most people don't understand what are passwords for. They just treat them as a part of required ceremony.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0906231115500.55627>