Saying "don't login as root" is h******t. It stems from the days when people sniffed the first packets of sessions so logging in as yourself and su-ing decreased the chance an attacker would see the root pw, and decreast the chance you got spoofed as to your telnet host target, You'd get your password spoofed but not root's pw. Gimme a break. this is 2005 - We have ssh, used properly it's secure. used improperly none of this 1989 will make a damn bit of difference. -BobThat's actually a terrible point, and based at least in part with a lack of familiarity with both history and best practices. It's not because of fear of sniffers, and I really don't think it ever has been, particularly. Here's why you prevent root logins over the network:
- It increases (or should) the amount of entropy in the system. If you allow root logins from the network an attacker has to guess one password. If you allow users who can su or sudo in from the network, the attacker has to guess who they are (not that difficult if it's a familiar system) and then guess/break the user's password and the root password. In the meantime it's not that much extra effort to log in as yourself and then su. That's a pretty good security/UX tradeoff, as these things go.
- We humans have been known to make mistakes a time or two and a fat-finger error when you're root is potentially far more consequential than the same mistake made when you don't have elevated privileges. In the interest of getting work done it's sometimes more efficient to run a root shell, but in general, best practices says don't use elevated privileges when you don't need them.
Come to think of it, "Bob's" comment may stem from the well-known tendency to confuse security with encryption. Good credentials and good security practices are critical, too.
No comments:
Post a Comment