On Fri, 22 Mar 2024 12:57:20 +0300 Jan Krapivin <daydreamer199...@gmail.com> wrote:
> чт, 21 мар. 2024 г. в 22:34, Alexander V. Makartsev > <avbe...@gmail.com>: > > > This conclusion seems less than optimal to me. > > By condemning yourself to type 12+ character password every time you > > 'sudo' would really hurt accessibility and usability of your home > > computer and for no good reason. > > > > If we focus solely on your use case: a login security of a PC at > > home, without remote access, then password of your sudo user could > > be as short and simple as four numbers, of course unrelated to your > > date of birth, phone number, or any other easily guessable sequence > > of numbers, like '1234'. > > Are you speaking only about sudo or root password also? > > The thing that bothers me are words: "*any* computer (and a fortiori > any server) connected to the Internet > > * is regularly targeted by automated connection attempts"* > I am not tech-savvy. Can you say with 100% (90%?) confidence that > there is no such thing? That home PC without SSH and whatever > complicated is safe (rather safe) from " > > *automated connection attempts"?* > This thread reminded of that topic - > https://forums.debian.net/viewtopic.php?t=154002 Most people connect to the Net through a router, usually supplied by the ISP. By default, that router should not permit any connection attempts. It is worth checking its configuration, in case some 'helpful' supplier has enabled uPnP 'to make it easier to play online games'. If so, turn it off. Make sure router management is not permitted from the WAN side. Some ISPs expect to be able to access the router from the Net, something which should be discouraged. If you haven't already, change the admin password from the default, though you probably won't be able to change the account name. If you use wi-fi, then use the best security your router and clients can deal with, usually WPA2. If you don't use wi-fi, turn it off at the router. Really, with a router in its factory default condition, nothing from outside should ever get as far as your computer. The problems don't usually start until you want to run some kind of server software which is accessible from outside, which must then be appropriately secured. The main security issues, of course, come from connections you have invited into your computer, malicious email and web pages. All you can do to mitigate those threats is to be sensible and careful. -- Joe
