|
|
Issue
43 - March 2005
|
The
Importance of Protecting Your Password
By
Noel Laam
|
|
|
In
the light of the surging hacking attacks, security protection
has become the top priority in all data centres worldwide.
With our repeated plea for help and cooperation, some of our
users apparently still cannot understand the importance of
a good password practice. It is believed that the awareness
of the importance of password control needs to be further
promoted here.
It is
commonly known that, in a university setting, hacking often
starts with breaking a password and gaining access to the
campus network, and hence the computer account. This is unfortunately
difficult to avoid as, up to now, most of the security protection
mechanisms are still built around access control by passwords.
Although some sophisticated security protection methods such
as e-certification do exist, they are very tedious in operation
and practically inconvenient for daily use.
At the
CityU, we have established two levels of security protection:
-
Connectivity
Level - Network Connection Password
This refers to the password you use to connect to the campus
network via various channels. They include:
On-campus:
- departmental LAN in your office
- student LAN in the computing Services Centre (CSC)
- wireless LAN
- public terminals in lecture theatres, classrooms
- Student Residence
Off-campus:
- staff PC with direct connection to campus (e.g. Festival
Walk Office)
- CityLink Plus, the CityU dial-up facility
- Virtual Private Network (VPN)
Once
you are connected to the campus network, you can access
all services provided by the University. They include software,
tools and utilities etc. (some are restricted to campus
users only due to licence or bandwidth reasons).
Protection
at connectivity level is mainly carried out by using password
as well as network and system management tools. However,
hacking tools, most of which are available for free from
the Internet, are proliferating and becoming astonishingly
powerful. Although the CSC has implemented all possible
measures and monitored the situation constantly, complete
eradication of hacking activities seem still out of the
question.
Cracking of network connection password is surely undesirable;
it will enable the hacker to use the university resources
`illegally'. Worse still, hackers may take over your account
or PC to launch other attacks such as spamming or network
attack, wasting university resources and making you liable
for such attacks.
- Application
Level - Application Password
Application password is the password you use to log in the
university e-Portal, your email account and some secured
facilities such as administrative systems etc. If your application
password is hacked, the damage is even more far-reaching
than exposing the network connectivity level password described
above. It simply opens the door to your personal/private
data, which may result in disastrous consequences. Its
leakage may allow data to be read, fabricated or altered
by hackers. Worse still, if your application password is
the same as your network connection password, cracking the
latter simply means both defense lines are lost at the same
time. If you happen to be the administrator or operator
looking after departmental or university administrative
systems, the damage is even worse as others' data on these
systems can be copied and changed as well.
In view
of the importance of these passwords, the CSC has repeatedly
reminded our colleagues and students to take good care of
them. Nevertheless, we find that a number of our CityU colleagues
and students still neither take this seriously nor take appropriate
actions to protect their passwords. For example, many of them
use the same password for both network connection and application,
and use weak passwords such as staff number, date of birth
etc. that can be easily cracked by hackers or someone who
knows them.
To protect
yourself as well as others in the CityU community, the CSC
once again urge for your cooperation to make the passwords
different, strong (i.e. passwords that are hard to guess),
change them regularly, use them only when necessary, and never
share them with others. With your cooperation and consideration,
it is hoped that the cyberworld of the CityU can become a
much safer place from now on.
|
|
|
|
|
|
|