fiatlux@ucscc.UCSC.EDU (03/13/87)
Well, for a long time at our site, we've been able to choose more or less whatever name we want, so long as it fits into 7 characters or less. This is a much nicer way than having q2zirt67 as a login. Also choosing your own makes it easier to remember and for others to remember. It's also a bit of a statement of who you are and what you like and such. A lot of people seem to name there accounts after D&D characters, or science fiction novels/authors. Other influences are majors (my account was radiotv for a while), movies, or interests. The best way to protect an account is to protect the password. Knowing a login doesn't help much in getting into the account. You have to know the password to get at what's in there. Assigning logins won't increase security, better protection of the user's password will help. +--------------------------------------+ | David Vangerov | | | | Just your average Theater Arts major | | with a weird thing for computers | | | | fiatlux@ucscc.BITNET | | fiatlux@ucscc.ucsc.EDU | | ...!ucbvax!ucscc!fiatlux | +--------------------------------------+ Armadillo: To provide weapons to a Spanish pickle
mark@ems.UUCP (03/14/87)
Ok, I have seen a lot of conversations about the security of
unix signons lately. It would seem that protecting a signon
can be done in two different ways. The first of these is by
protecting the password of a given signon. This is the more
traditional way to protect a signon. The second way is to
attempt to make the signon itself more secure. On a system
where the userid is used for so many different things such
as mail, there is a problem with attempting to protect the
userid.
Another consideration here is that even if the signons are
protected, there are several signons that are pretty generic
on all Unix systems. Uucp, lp, and adm are a few that come
to mind. Changing these may break some utilities that have
these id's hardcoded. Besides, most of the security related
information that I have read has stated that most of the
security breaches come from inside the company, not from
malicious hackers on the outside.
If we assume that this statement is true, then this opens
a whole new set of issues. For example, if a person has
a signon, how are you going to ensure security. Commands
like su begin to look like major problems, especially since
you do not need to know a user id in the first place.
If you want a secure system you will need to go to more
dramatic extremes than using obfusticating user id's.
If you want to protect the system from the outside, don't
put modems on your machine. This will gaurentee that
outside people will not call in and gain access your machine.
If you cannot do this, granted it is extreme, go to a call
back scheme. This can be circumvented using call forwarding
these days, but once again, this requires that someone that
is allowed to call in has allowed a phone to be forwarded.
Granted system security is a problem, but making the system
harder to use is not a good security practice. This will
cause frustration from your users and will actually promote
LESS security, not more.
--
Mark H. Colburn mark@ems.uucp
EMS/McGraw-Hill {rutgers|amdahl|ihnp4}!{dayton|meccts}!ems!mark
9855 West 78th Street
Eden Prairie, MN 55344 (612) 829-8200 x235