[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Safety of Allowing Access from Internet



On good password enforcement, you might consider trying to crack their passwords.
You try to crack the passwords, and then have anyone with a bad password change it.
Look into John the Ripper (http://www.openwall.com/john/) and Crack
(http://www.users.dircon.co.uk/~crypto/).
Maybe run one (or both?) once a week or month.

Donald

----------------------------------
Forgive the stupid question, but how dangerous is it to have a k12ltsp 
server visible from the internet? (A recent thread has made me 
wonder...)

I'm thinking of allowing ssh access (only) so that I could administer 
the machine from home and, if that goes well, maybe allowing the kids 
to access the machine to work from home, especially to backup their 
work from school.

Currently, this isn't allowed by the county's IT office, and getting it 
set up will involve much begging and pleading, preferably with some 
decent facts to back myself up. Given that no login names or passwords 
would be sent in clear text and the machine would have an IP address 
but no hostname, am I really opening myself up to major scariness?

On the same topic, the system tells people when they pick a bad 
password, but it will let them do it in spite of that. Is there a way 
to enforce good password selection using the system already in place? 
(I look over my kids' shoulders when they first create accounts and 
make them pick a good password, but there's nothing to stop them from 
changing them to something easy later.)

Todd

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]