Renaming Administrator account
From: Derick Anderson (danderson_at_vikus.com)
Date: 11/15/05
- Previous message: Marcos Marrero: "RE: ISA Server or Firewall Appliance?"
- Next in thread: Beauford, Jason: "RE: Renaming Administrator account"
- Maybe reply: Beauford, Jason: "RE: Renaming Administrator account"
- Reply: James Eaton-Lee: "Re: Renaming Administrator account"
- Reply: Gary Everekyan: "RE: Renaming Administrator account"
- Maybe reply: Depp, Dennis M.: "RE: Renaming Administrator account"
- Maybe reply: DavidsonBK.Ctr_at_bic.usmc.mil: "RE: Renaming Administrator account"
- Maybe reply: Dubber, Drew B: "RE: Renaming Administrator account"
- Maybe reply: Dubber, Drew B: "RE: Renaming Administrator account"
- Maybe reply: Derick Anderson: "RE: Renaming Administrator account"
- Maybe reply: Daniel Kuhlmann: "Re: Renaming Administrator account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Nov 2005 16:21:23 -0500 To: <focus-ms@securityfocus.com>
A question for the list, inspired by the server hardening/break in
threads:
Is changing the Administrator account name really worthwhile or not? My
largely unfounded, sparsely researched opinion is this:
So far I haven't read a convincing argument for changing the name of the
administrator account, and there's one reason I've chosen not to -
account lockout policy. Only the domain Administrator account is exempt
from lockout unless there's a special dispensation for Domain/Enterprise
admins I don't know about. So choosing another account (and thus
changing the SID) would take away the protection(?) against a DoS attack
on the Administrator account.
As for providing extra security, I believe it's security by obscurity.
In order to access password-based systems, you have a set of public
knowledge (username) and private knowledge (password): known * unknown =
unknown, or in a (non)mathematical sense for brute force attacks, 1 * ?
= ?. Now let's say you change the Administrator password, what have you
gotten? Unknown * unknown = unknown, or ? * ? = ?. You've changed the
equation but not the outcome. I realize that changing the name prevents
automated attacks but can't this be defeated by not allowing direct
remote Administrator access? (no VPN account, no OWA account, servers
locked up in a datacenter...)
Basically what I'm asking is whether changing the account name is a
fundamental princple or just icing on the cake.
Derick Anderson
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Marcos Marrero: "RE: ISA Server or Firewall Appliance?"
- Next in thread: Beauford, Jason: "RE: Renaming Administrator account"
- Maybe reply: Beauford, Jason: "RE: Renaming Administrator account"
- Reply: James Eaton-Lee: "Re: Renaming Administrator account"
- Reply: Gary Everekyan: "RE: Renaming Administrator account"
- Maybe reply: Depp, Dennis M.: "RE: Renaming Administrator account"
- Maybe reply: DavidsonBK.Ctr_at_bic.usmc.mil: "RE: Renaming Administrator account"
- Maybe reply: Dubber, Drew B: "RE: Renaming Administrator account"
- Maybe reply: Dubber, Drew B: "RE: Renaming Administrator account"
- Maybe reply: Derick Anderson: "RE: Renaming Administrator account"
- Maybe reply: Daniel Kuhlmann: "Re: Renaming Administrator account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
