Windows Server system account password setting principle

Every user in the network has a personal account and password. The security of the account and password is directly related to the user's system security and data security. There are two different types of user accounts in the Windows Server 2003 operating system. The following tells the big

that every user in the network has its own account and password. The security of the account and password is directly related to the user's system security and data security. There are two different types of user accounts in the Windows Server 2003 operating system. Let me tell you some knowledge about the security of account passwords.

Everyone in the network has a representative of & ldquo; identity & rdquo; name, called & ldquo; users & rdquo ;. Users have different permissions and different capabilities and scope for computer and network control. There are two different types of user accounts in the Windows Server 2003 operating system, that is, "local user accounts" that can only be used to access the local computer (or access to the computer using a remote computer) and access to all computers on the network. Domain User Account”. User accounts are the key to entering the network. The management of user rights is directly related to the security of the application system in the network. The essence of security is the use of rights, which are given to each user. Therefore, make sure that the user has only the necessary permissions to ensure that the user's password is not cracked. In short, true system security and data security can only be achieved by ensuring the security of user accounts.

The password is the key to the user's login to the Windows Server 2003 system. If you do not have the key, you will have to work hard to log in to the target operating system. Regardless of the remote attack used by the intruder, if the administrator or super administrator's user password is not available, the entire system cannot be fully controlled. The easiest and most necessary way to access the system is to steal the user's password. Therefore, for system administrator accounts, the most important thing to protect is the password. If the password is stolen, it means the disaster.

Intruders mostly obtain administrator privileges through various system and setting vulnerabilities, and then implement malicious attacks on the system. The weak password setting of the account will make the intruder easy to crack and access the computer and the network, while the strong password is difficult to crack, even the password cracking software is difficult to do in a short time. Password cracking software generally uses three methods to crack: dictionary guessing, combinatorial guessing, and brute force guessing. There is no doubt that cracking strong passwords is far more difficult than cracking weak passwords. Therefore, the system administrator account must use a strong password.

According to statistics, about 80% of security risks are caused by improper password settings. Therefore, the setting of the password is undoubtedly very skillful. When setting a password, please follow the password security setting principle. This principle applies to any password use, including the Windows operating system and the UNIX/Linux operating system.

1) can not make the same username and password

If the password is set to the same user account, then almost all of password cracking software will be easy The password is detected.

2) Do not use your name

Use your first or last name, or even a name as a password, it is unbearable one strike. For this unit and those who are familiar with the unit, the name is undoubtedly the first choice for attack, because almost anyone can guess. In addition, in the password guessing dictionary written by many intruders, the names of hundreds of families are often listed and placed in the forefront of the dictionary.

3) Do not use English phrases

Some commonly used or chic English words are often the favorite when users set passwords. In their view, such passwords are both easy to remember and highlight their personality. But in fact, those ingenious intruders have long guessed and detailed it into the password guessing dictionary, so the common English phrases are never used as passwords.

4) Do not use a particular significance date

date has special meaning as the password is anyone's favorite. This type of date usually has its own birthday, parent's birthday, children's birthday, friend's birthday, major holiday, and personal anniversary. Needless to say, familiar people can guess that even strangers can succeed in an exhaustive way. In the intruder's password guessing dictionary, almost all of the above combinations are listed.

5) Do not use a simple password

guess a password violence can try the software per 100,000 times. The fewer the number of words, the simpler the characters, the fewer the results of the arrangement and the easier it is to break.

In summary, to ensure a secure password, you should follow the following rules:

◆ user password should contain letters of cases, numbers, printable characters, even Is a non-printing character. It is recommended to combine these symbols in order to achieve the best security.

◆ user password should not be too rule, do not use the user's name, date of birth, telephone numbers and common words as a password.

◆According to the hash algorithm principle of Windows system password, the password length should be set to more than 7 digits, preferably 14 digits.

◆ password can not be stored in clear text in the system, make sure to write the password in an encrypted form on the hard disk and contains the password file is read-only.

◆The password should be modified periodically. Avoid using the old password repeatedly. You should use multiple sets of password naming rules.

◆Create an account lockout mechanism. Once the same account password is verified incorrectly several times, the connection is disconnected and the account is locked, and it is unlocked after a certain period of time.