Workstations and home PCs may not be as prone to attack as networks or servers, but they may contain sensitive information, such as credit card information, that would be damaging if stolen. They may also be used by attackers as a "slave" machine in coordinated attacks, without the user's knowledge. Knowing the vulnerabilities of your workstation can save you the headache of having to reinstall your operating system — or having your administrator do it for you.
Bad passwords are not invalid when running Red Hat Linux. However, a bad password is one of the easiest ways for an attacker to gain access to a system. For more on how to avoid common pitfalls when creating a password, see the Section called Password Security in Chapter 4.
Although an administrator may have a fully secure and patched server, that does not mean that remote users are secure when accessing it. For instance, if the server offers Telnet or FTP services over a public network, an attacker can capture the plain text usernames and passwords as they pass over the network, and then use the account information to access the remote user's workstation.
Even when using secure protocols, such as SHH, a remote user may be vulnerable to certain attacks if they do not keep their client applications updated. For instance, v.1 SSH clients are vulnerable to an X-forwarding attack from malicious SSH servers. Once connected to the server, the attacker can quietly capture any keystrokes and mouse clicks made by the client over the network. This problem was fixed in the v.2 SSH protocol, but it is up to the user to keep track of what applications have such vulnerabilities and update them as necessary.
Chapter 4 will discuss in more detail what steps administrators and home users should take to limit the vulnerability of computer workstations.