Dedicated Server Passwords
There is no doubt cybercriminals are looking for techniques to break dedicated server passwords. This is obviously to gain access to a dedicated server. As mentioned in this article on DDoS attacks, server administrators can use software that hackers (or crackers) use to test their server’s own defenses. Password cracking tools can measure the effectiveness of current password strength on a dedicated server and should be a good starting point in server security. Many of these tools are free and can help identify where the largest weaknesses could be. If an attack is occurring that you yourself have set up, there should also already be defenses in place to stop repeated attempts to obtain access to a server via simple Brute Force Detection software or an Advanced Intrusion Detection Environmentsetup.
A server should also not be set up with default or very simple passwords for software, email accounts, databases etc. This is an easy target for anyone trying to gain some sort of access via those methods. Make sure they are at least not just set to default settings. Many systems and software are set for default passwords and usernames setting up a server for easy attack.
Changing dedicated server passwords on a frequent basis is also a good habit to follow such as every month or after a few weeks. It’s tempting to create a simple password that can easily be remembered. However, that invites an easy attempt for crackers to obtain access since it would make things easier for them too. This also applies to having a too short of a password. Server administrators should not have a password used for several services running on the server. If the password is obtained by hackers they have access to several other services on the server. This would be the same nightmare scenario as a hacker obtaining root access on a Linux or Unix server and administrator access on a Windows Operating System. A good password should include letters and numbers. It should also have special characters and capitalization and be at least 10 characters long.
In a home office, keeping passwords written on paper can be safer than stored on a home office computer. If the computer is compromised, everything else can be hacked into since they would have access to all your other passwords, including banking information as well as a dedicated server root password. An alternative might be passwords stored on a smartphone with a password on wake-up.
Sending password information is also a vulnerability. Emailing a password is considered un-secure in most cases especially without using SSL and via cleartext instead of a hashed format.
The human factor
The hardest parts are the human factor. Most people do not want to remember long passwords like dedicated server passwords for fear of simply forgetting them or cannot be bothered with. A password management application can help with this. It can be either via a smartphone app, securely on a workstation or simply written down in a private office. Using different passwords as often as possible will limit the damage done if a password is obtained somewhere within a working environment.
A harsh but possibly necessary solution may be to state a strict security policy. If breached or not followed, penalties could be involved on staff. Better yet, stern reminders for adhering to password policies should be enforced. Several third parties are also able to offer their services of testing security and launching spoof attacks on online businesses. This discovers week points such as some employees who should be reminded of strict server password rules and requirements. Better this way via a controlled and planned incident than to end up with a genuine successful outside attack.