Re: User access & security
- From: Chris Cox <ccox_nopenotthis@xxxxxxxxxxx>
- Date: Tue, 02 Oct 2007 11:07:29 -0500
Mark wrote:
This is a question related to my next post.
If there is a user with non-root access to their account, we are
dependent on their having a good password to ward off too much nasty
activity.
Ok... easy to ensure and pretty secure.
I am told that it is fairly easy with user access to install a rootkit
of some sort and totally compromise the system.
No. It is not easy.. at least it's not supposed to be easy.
Now it seems to me that if this user is careless with this password,
then the whole server is at risk. How true is this? Doesn't this weaken
Linux to such an extent that any user access at all is guaranteed to
bring down the server.
A user account can cause issues... especially if there are no limits
on the account... but compromise? Again, much, much more difficult.
If that is the case, what do ISPs do, with their thousands of ordinary
users? What does anybody do?
Restrict them so that they can't adversely affect the whole machine
with regards to resource consumption. Even if somebody else logs
in... it's not different than the actual user as far as the
ISP is concerned.
I ask this because I have inadvertently left an account open with a
trivial password which somebody has stumbled into. (It has since been
closed, but the question remains).
My guess... is that unless the box was not setup well, that everything
is ok. The only damage would be to your infrastructure, files and
possibly your reputation.
.
Thanks,
Mark
- References:
- User access & security
- From: Mark
- User access & security
- Prev by Date: Re: Phishing Attempt
- Next by Date: Re: Phishing Attempt
- Previous by thread: Re: User access & security
- Next by thread: Re: User access & security
- Index(es):
Relevant Pages
|
