Полезни съвети за паролите

Добрите пароли са първата стъпка към защитата на вашата система. Ако паролата ви може лесно да бъде позната или разкрита, ползвайки "dictionary attack"(изпробване на паролата с думи от речник), вашата система е уязвима от хакери, вируси и троянски коне.

Троянските коне и вирусите имат огромен успех при атакуването на лесни или стандартни пароли. Ако вземем за пример IRC/Flood Trojan, McAfee’s съобщава че този вирус има над 120 варианта и е инфектирал около 60,000 компютъра за 30 дни. Този троянски кон проверява 22 различни думи за административна парола.

Хакерите също така нямат особени проблеми при разпознаването на лесни пароли. Програми като L0phtCrack правят процеса лесен и ефикасен. За създаването на "речник" с думи е нужно само да напишете в любимата си търсачка "Creating Password Cracking Dictionaries".

Ето няколко правила при измислянето на подходяща парола:

* Никога не ползвайте лични данни - Име, телефон, ЕГН и др.
* Паролата трябва да съдържа числа и букви
* Пароли по-къси от 5 символа не са удачни
* Не ползвайте любими имена на хора, коли, вещи или ги съчетайте с цифри и главни и малки букви
* Сменяйте периодично паролата
* Не ползвайте една и съща парола на всякъде - ако на едно място я пробият, цялата ви информация е застрашена
* Записвайте на сигурно място паролите(не на компютър)

Ще ви предложа и списък с пароли, които никога не трябва да се ползват:

Буква
Слаби Пароли

A

a, A.M.I, A52896nG93096a, aaa, aammii, abc, abcd, academia, academic, accept, access, ACCESS,
account, accounting, action, adam, ADAMS, adfexc, adm, admin, ADMIN, Admin, admin2, administrator, Administrator, adminttd, ADMN,
admn, adrian, adrianna, adtran, adult, Advance, ADVMAIL, aerobics, alfarome, ALFAROME, ALLIN1, ALLIN1MAIL, ALLINONE, aLLy, ALLy,
alpha, AM, AMI, AMI!SW, AMI.KEY, AMI.KEZ, AMI?SW, AMI_SW, AMI~, AMIAMI, AMIDECOD, amipswd, AMIPSWD, AMISETUP, anicust, anon, anonymous, any@, ANYCOM, AP2SVP, aPAf, APL2PP, APPLSYS, APPS, AQDEMO, AQUSER, ARCHIVIST, Asante, ascend, Ascend, asdf, asdfgh, at4400, attack, AURORA$ORB$UNAUTHENTICATED, autocad, AUTOLOG1, Award, award, AWARD?SW, AWARD_SW, awkward

B

BACKUP, BATCH, BATCH1, BATCH2, bbs, bciim, bciimpw, bcms, bcmspw, bcnas, bcnaspw, bell9, BIGO, bin,
bintec, BIOS, BIOSPASS, biosstar, biostar, Biostar, BIOSTAR, BLAKE, blue, bluepw, boss, BRIDGE, browse, browsepw

C

c, cablecom, cable-docsis, CAROLIAN, cascade, CATALOG, cc, CCC, ccrusr, CDEMO82, CDEMOCOR, CDEMORID,
CDEMOUCB, central, CHANGE_ON_INSTALL, changeme, checkfs, checkfsys, checksys, CHEY_ARCHSVR, circ, cisco, Cisco router, CLARK, client, CLOTH,
cmaker, CMSBATCH, CMSUSER, CNAS, COGNOS, Col2ogro2, comcomcom, COMPANY, Compaq, Compleri, computer, CONCAT,
condo, CONDO, Congress, CONV, CPNUC, CPRM, cr0wmt 911, craft, craftpw, Crystal, CSPUSER, CTX_123, CTXDEMO, CTXSYS, cust, custpw, CVIEW

D

d.e.b.u.g, d8on, daemon, Daewuu, Database, databse, DATAMOVE, Daytec, DBSNMP,
DCL, DDIC, death, debug, DECMAIL, DECNET, default, DEFAULT, Dell, DEMO, demo, DEMO1, DEMO8, DEMO8, demos, deskalt, deskman,
desknorm, deskres, DESQUETOP, dhs3mt, dhs3pms, diag, diamond, DIGITAL, DISC, disttech, D-Link, dn_04rjc, dni, DS, DSA

E
EARLYWATCH, echo, EMP, enable, eng, engineer, enquiry, enquirypw, enter, ESSEX, EVENT, Ezsetup

F
fal, FAX, fax, FAXUSER, FAXWORKS, FIELD, field, FIELD.SUPPORT, FINANCE, FND, foobar, friend, ftp

G
g6PJ, games, ganteng, GATEWAY, GEN1, gen1, GEN2, gen2, glftpd, gnumpf, god, godblessyou, gonzo, gopher, GPLD, gropher, guessme, guest, GUEST, Guest, guest1, GUESTGUE, guestgue, GUESTGUEST

H

h6BB, hacker, halt, HARRIS, hax0r, HELGA-S, HELLO, hello, HELP, help, HELPDESK, HEWITT RAND, hewlpack, HLT, home, Home,
HOST, HP, hp, HPDESK, HPLASER, HPOFFICE, HPOFFICE DATA, HPONLY, HPP187, HPP187 SYS, HPP189, HPP196, HPWORD PUB, hydrasna

I

I5rDv2b2JjA8Mm, ibm, IBM, ibmcel, ihavenopass, ILMI, inads, indspw, INFO,
informix, INGRES, init, initpw, install, Internet, IntraStack, IntraSwitch, INTX3, INVALID, IPC, IS_$hostname, ITF3000, iwill

J
j09F, j256, j262, j322, j64, JDE, Jetform, JONES

K
kermit, kiddie, komprie, ksdjfg934t

L

l2, l3, laflaf, lantronix, LASER, LASERWRITER, last, lesarotl, letacla, letmein, LIBRARY, lineprin, LINK, lkw peter, lkwpeter, LKWPETER,
Lkwpeter, llatsni, locate, locatepw, login, looker, LOTUS, love, lp, lpadm, lpadmin, lucenttech1, lucenttech2, lynx

M

MAIL, mail, MAILER, maint, maintain, maintpw, man, manager, Manager, MANAGER, MANAGER.SYS, Master, MASTER, masterkey, MBIU0, MBMANAGER,
MBWATCH, mcp, MDSYS, me, merlin, mfd, MFG, MGR, MGR.SYS, MICRO, MILLER, mirc, mlusr, mMmM,
MMO2, MODTEST, monitor, MOREAU, mountfs, mountfsys, mountsys, MPE, mtch, mtcl, MTYSYS, my_DEMARC, mypass, mypc

N

n/a, naadmin, NAMES, ncrm, NETBASE, NETCON, NETFRAME, NetICs, netlink, netman, NETMGR, NETNONPRIV, NETOP, netopia, NETPRIV,
netrangr, netscreen, NETSERVER, NETWORK, NEWINGRES, NEWS, news, NeXT, NF, NFI, NICONEX, nms, nmspw, nobody, noway, NONPRIV, ntacdmax, nuucp

O
OCITEST, oem_temp,op, OP.OPERATOR, operator, OPERATOR, OPERVAX, oracle, ORDPLUGINS, ORDSYS, OUTLN, OutOfBox, owner

P

PAPER, pass, PASS, Pass, passwd, Passwd, PASSWORD, password, Password, pat, patrick, PBX, pc, PCUSER, PDP11, PDP8, PFCUser, PHANTOM, phoenix, piranha,
pmd, PO, PO8, poll, Polrty, POST, Posterie, postmast, POSTMASTER, postmaster, POWERCARTUSER, powerdown, PRIMARY,
prime, primenet, primeos, primos, primos_cs, PRINT, PRINTER, PRIV, private, prost, PSEAdmin, public, PUBSUB, pw, pwd, pwp

Q
q, Q54arwms, QDI, qpgmr, qsecofr, qserv, qsrvbas, qsvr, qsysopr, quser, qwer

R

raidzone, rcust, rcustpw, RE, read, readonly, readwrite, REGO, REMOTE, replicator, REPORT, RJE, rje, RM, RMAIL,
rmnetlm, RMUser1, ro, ROBELLE, ROOT, root, Root, ROOT500, ROUTER, router, RSBCMON, RSX, rw, rwa, rwmaint

S

sa, SABRE, SAMPLE, san fran 8, SAP*, satan, SCOTT, script, scriptkiddie, SECDEMO, secoff, secofr, secret, secure, security, SECURITY, SER, sertafu,
server, service, SERVICE, servlet, SETUP, setup, sex, shutdown, signa, SKY_FOX, sldkj754, smile, snake, SnuFG5, software, sp99dd, Spacve, spcl, speedxess, SPOOLMAN, spooml,
star, STEEL, STUDENT, su, Super, super, SUPERVISOR, support, SUPPORT, supportpw, switch, SWITCHES_SW, Sxyz, SY_MB, sybase, sync, synnet, SYS, sys,
sysadm, SYSADM, sysadmin, sysbin, SYSDBA, SYSLIB, syslib, SYSMAINT, SYSMAN, Sysop, system, SYSTEM, system_admin, SYSTEST, SYSTEST_CLIG, syxz, SZYX

T

t0ch20x, t0ch88, TCH, teacher, tech, technolgi, tele, TELEDEMO, TELESUP, temp, temp1, TEST, test, testing, teX1, tiara, TIGER, tini, Tiny, tlah,
topicalt, topicnorm, topicres, Toshiba, toshy99, tour, TRACE, TRACESRV, trancell, trouble, TSDEV, TSEUG, TSUSER, TTPTHA, tutor, TzqF

U

uClinux, UETP, umountfs, umountfsys, umountsys, unix, User, user, USER, USER_TEMPLATE,
USER0, USER1, USER2, USER3, USER4, USER5, USER6, USER7, USER8, USER9, USERP, uucp, uucpadm, uwontguessme

V
VAX, VESOFT, Vextrex, VMS, VNC, VRR1

W
WANGTEK, web, WebAdmin, WebBoard, webdb, weblogic, webmaster, win, WINDOWS_PASSTHRU, WINSABRE, winterm, wodj, WOOD, WORD, WP, wradmin, write, www

X
xljlbj, XLSERVER, xo11nE, xp, xxx, xxxx, xxxxx, xxxxxx, xxxxxxx, xxxxxxxx, xxxxxxxxx, xyzall

Y
YES, youwontguessme, yxcv

Z
zbaaaca, Zenith, zeosx, zxcv

Numeric

0, 1, 1.1, 2, 5, 7, 12, 30, 110, 111, 123, 1111, 1234, 2002, 2003, 2222, 2600, 8429, 12345, 54321, 111111, 121212, 123123, 123456, 166816, 256256, 654321, 1234567, 1322222, 7061992, 11111111,
12345678, 19920706, 22222222, 88888888, 123456789, 1. 1, 1234qwer, 123abc, 123asd, 123qwe, 1RRWTTOOI, 240653C9467E45, 24Banc81, 3098z, 3ep5w2u, 4Dgifts, 4getme2, 4tas, 57gbzb

Other
!@#$, !@#$%, !@#$%^, !@#$%^&, !@#$%^&*, !root, $ALOC$, $secure$, $system, %username%12, %username%123, %username%1234, (none), ?award, }

IT - Blog

петък, септември 09, 2005

Полезни съвети за паролите

Няма коментари: