Copyright Goodheart-Willcox Co., Inc. 471 Chapter 15 Network Security disabled. When communicating with a device, always use a secure protocol like SSH instead of unsecure protocols like Telnet. Finally, if the device uses encryption, en- sure that you are generating new keys from time to time. An extra step that can be taken is to create a fi le hash of critical fi les, such as confi guration fi les. Th is allows the current fi le on the device to be checked against the stored hash if you suspect someone has altered it. Th is process is also used for monitoring fi le integrity. Th e switch ports on a network are also particularly vulnerable to a variety of attacks. Th ere are snooping attacks, such as DHCP snooping and fl ooding attacks, that must be guarded against. Th e most common mitigation step is to ensure switch- port protection. Th at means that one cannot connect to a port on a switch unless the MAC address of the device being connected has been previously authorized to con- nect to that specifi c port. 4.6 NET Tech Tip Some network administrators set up a fake administrator account and limit the fake administrator’s abilities to control or modify the network resources. This is intended to mislead intruders. 3.5 NET User Account Passwords After installing the network operating system and patches, the next major item of concern is password protection. Th e network administrator can do much to ensure proper passwords and techniques are used. An administrator can educate system users on choosing a proper password and establish password policies. Educating us- ers includes teaching them about poor and secure passwords. Establishing password policies includes setting defaults for password histories, age, and length. Poor passwords contain common names, words, or sequential numbers or let- ters. Th e following are some examples of poor passwords: 3.5, 4.5 NET ■ Jamie ■ Reds ■ password ■ secret ■ TopSecret ■ love ■ 12345 ■ abcde ■ AbCdE ■ A1B2C3 ■ 1q2w3e4r Poor passwords match words commonly found in the dictionary or contain names familiar to the password’s owner. Poor passwords also include keyboard combi- nations that are easy for the password owner to remember. Look at the password 1q2w3e4r in the previous list. Th e 1q2w3e4r password may look like a secure pass- word. However, by locating the letters and numbers on your keyboard to reveal the pattern, you will see that it is not. Keyboard patterns are not secure, but they are better than most typical poor passwords. Another common password that should be avoided is a Social Security number. A Social Security number is easily identifi ed by its nine-number sequence. When a Social Security number is cracked, the intruder can gain access to other personal information. Never use your Social Security number as a password under any circumstance.