System security requires that every account in the system is protected against unauthorized use. Every user must feel responsible for the security of their account. After all, once a poorly secured account has been breached, not only can the system resources be misused in the name of this user, but all other users are also threatened by the intruder's new possibilities.
General rules
- Report recognized security flaws and do not exploit them
- do not allow any “good friends” to use your own account
- log out at the end of the session
- lock the computer or lock the room even if you are absent for a short time
Rules for passwords
- at least 8 characters long
- not a word with meaning and/or from a dictionary
- not derived from personal data
- not formed from known abbreviations
- the password should contain characters from all of the following groups:
- Capital letters
- Lower case letters
- Numerals
- Special characters
Be careful with characters such as ' (apostrophe), because some keyboard drivers turn 'a into á.
Be careful with non-ASCII characters such as §, ä, ß, ², ..., whose encoding may not be standardized across system boundaries.
Unproblematic are: !#$%&()*+,-./:;<=>?@[]_{|}
- the password must be kept secret
- the password must be changed regularly (approx. every 3 months)
- choose different passwords on different systems
- do not store passwords in plain text on the computer (in scripts, etc.)
A useful technique for good passwords:
Choosing a sentence with a meaning that you can remember. Take the first letter of each word in turn (including capitalization) and the punctuation marks as your password.
Rules for Unix users
- no world write access to the home directory and all own files
- no world access to point files such as .login, .cshrc, .profile, etc.
- no world exec access to own programs (risk for the caller)
- World read access to own files only in exceptional cases
- No set-UID programs with world exec access
- No set-UID or set-GID scripts
- Set umask to value 077
- Check your own files from time to time for plausibility (name, owner, access protection, date) using “ls -alc”
- Only include secure directories in the definition of the command search path (CSH variable path, SH variable PATH, environment variable PATH)
- Do not enter the current directory (“.”) at all or only as the last directory in PATH or path
- No “+” in the .rhosts file
- No computer and user from another security cluster in the .rhosts file
- No entry without user information in the .rhosts file
- no “old” entries (hosts, users) in the .rhosts file
- in .netrc file only entries for access to anonymous FTP, no passwords
- Be careful when executing programs from other user directories (undesirable side effect, Trojan horse)
Forgotten your password ?
No problem !
You can reset your password here.
Make sure that the email address you enter is the one that is linked to your account.
