9.1. Use good passwords
Anyone that can guess the BIOS password,
the boot loader password, or the root password can get full control of
the machine. These should be different, unrelated, excellent
passwords. Random text and digits are by far the best choice. You
should never use a password that you think would return a hit from
a search engine.
Guessing a user's password is only slightly less severe, as a
hacker can obtain root
access simply by waiting. The hacker waits for a "local
exploit" for a flaw in the operating system to appear and
uses that exploit before the machine is patched.
Severely limit the number of users on the machine. Ensure
that only good passwords are chosen by using a fascist password
checker such as a cracklib-based
PAM
module.
You should write down the BIOS password,
the boot loader password and the root password. Now you don't need to
remember them, so there is no reason for them not to be totally
random, unrelated, excellent passwords. Fold the page, put it in
an envelope and seal it.
Now we have turned a computer security problem into a
physical security problem. We know how to solve those problems:
locks, keys, alarms, safes, guards, regular inspections. If your
site has staffed security then a good option is to leave the
envelope in the care of the guard post with instructions to treat
the envelope with the same procedures used for the site's master
keys. Smaller sites can use a safe, a cash box or a locked drawer.
A thief forcing a locked drawer still leaves shows more apparent
signs of entry and more clues to their identity than is left by a
hacker behind a modem.
These three passwords are an important corporate asset. If
the machine is secure then forgetting the major passwords for the
machine should result in a machine whose configuration cannot be
altered by actions short of disassembly. You should have written
procedures controlling the generation, storage, lifetime and use of
major passwords.