⻬ You can also configure security policies so that passwords must include a mixture of uppercase letters, lowercase letters, numerals, and special symbols. Thus, passwords like DIMWIT or DUFUS are out. Passwords like 87dIMwit or duF39US are in. ⻬ Some administrators of small networks opt against passwords altogether because they feel that security is not an issue on their network. Or short of that, they choose obvious passwords, assign every user the same password, or print the passwords on giant posters and hang them throughout the building. In my opinion, ignoring basic password security is rarely a good idea, even in small networks. You should consider not using passwords only if your network is very small say, two or three computers, if you don’t keep sensitive data on a file server, or if the main reason for the network is to share access to a printer rather than sharing files. Even if you don’t use passwords, imposing basic security precautions — such as limiting access that certain users have to certain network directories — is still possible. Just remember that if passwords aren’t used, nothing prevents a user from signing on by using someone else’s username. Generating Passwords For Dummies How do you come up with passwords that no one can guess but that you can remember? Most security experts say that the best passwords don’t corre- spond to any words in the English language but consist of a random sequence of letters, numbers, and special characters. Yet, how in the heck are you sup- posed to memorize a password like Dks4DJ2? Especially when you have to change it three weeks later to something like 3pQXd8? Here’s a compromise solution that enables you to create passwords that con- sist of two four-letter words back to back. Take your favorite book if it’s this one, you need to get a life and turn to any page at random. Find the first four- or five-letter words on the page. Suppose that word is When. Then repeat the process to find another four- or five-letter word; say you pick the word Most the second time. Now combine the words to make your password: WhenMost. I think you agree that WhenMost is easier to remember than 3PQXD8 and is probably just about as hard to guess. I probably wouldn’t want the folks at the Los Alamos Nuclear Laboratory using this scheme, but it’s good enough for most of us. Here are some additional thoughts on concocting passwords from your favorite book: ⻬ If the words end up being the same, pick another word. And pick different words if the combination seems too commonplace, such as WestWind or FootBall . 179

Chapter 13: Big Brother’s Guide to Network Security

⻬ For an interesting variation, insert a couple of numerals or special char- acters between the words. You end up with passwords like intocat, ball3and, or tree47wing. If you want, use the page number of the second word as separator. For example, if the words are know and click and the second word comes from page 435, use know435click. ⻬ To further confuse your friends and enemies, use medieval passwords by picking words from Chaucer’s Canterbury Tales. Chaucer is a great source for passwords because he lived before the days of word proces- sors with spell-checkers. He wrote seyd instead of said, gret instead of great, welk instead of walked, litel instead of little. And he used lots of seven-letter and eight-letter words suitable for passwords, such as glotenye gluttony, benygne benign, and opynyoun opinion. And he got As in English. ⻬ If you use any of these password schemes and someone breaks into your network, don’t blame me. You’re the one who’s too lazy to memorize DSch4bb3xaz5 . ⻬ If you do decide to go with passwords such as KdI22UR3xdkL, you can find random password generators on the Internet. Just go to a search engine, such as Google www.google.com, and search for Password Generator. You’ll find Web pages that generate random passwords based on criteria that you specify, such as how long the password should be, whether it should include letters, numbers, punctuation, uppercase and lowercase letters, and so on. Securing the Administrator account It stands to reason that at least one network user must have the authority to use the network without any of the restrictions imposed on other users. This user is called the administrator. The administrator is responsible for setting up the network’s security system. To do that, the administrator must be exempt from all security restrictions. Many networks automatically create an administrator user account when you install the network software. The username and password for this initial administrator are published in the network’s documentation and are the same for all networks that use the same network operating system. One of the first things that you must do after getting your network up and running is to change the password for this standard administrator account. Otherwise your elaborate security precautions will be a complete waste of time. Anyone who knows the default administrator username and password can access your system with full administrator rights and privileges, thus bypassing the security restric- tions that you so carefully set up. 180 Part III: Network Management For Dummies Don’t forget the password for the administrator account If a network user forgets his or her password, you can log in as the supervisor and change that user’s password. If you forget the administrator’s password, though, you’re stuck. Managing User Security User accounts are the backbone of network security administration. Through the use of user accounts, you can determine who can access your network as well as what network resources each user can and cannot access. You can restrict access to the network to just specific computers or to certain hours of the day. In addition, you can lock out users who no longer need to access your network. The following sections describe the basics of setting up user security for your network. User accounts Every user who accesses a network must have a user account. User accounts allow the network administrator to determine who can access the network and what network resources each user can access. In addition, the user account can be customized to provide many convenience features for users, such as a personalized Start menu or a display of recently used documents. Every user account is associated with a username sometimes called a user ID, which the user must enter when logging in to the network. Each account also has other information associated with it — in particular, these items: ⻬ The user’s password: This also includes the password policy, such as how often the user has to change his or her password, how complicated the password must be, and so on. ⻬ The user’s contact information: This includes full name, phone number, e-mail address, mailing address, and other related information. ⻬ Account restrictions: This includes restrictions that allow the user to log on only during certain times of the day. This feature enables you to restrict your users to normal working hours, so that they can’t sneak in at 2 a.m. to do unauthorized work. This feature also discourages your users from working overtime because they can’t access the network after hours, so use it judiciously. You can also specify that the user can log on only at certain computers. ⻬ Account status: You can temporarily disable a user account so the user can’t log on. 181

Chapter 13: Big Brother’s Guide to Network Security