RE: Renaming Administrator account
From: Gary Everekyan (karo_at_onnik.com)
Date: 11/16/05
- Previous message: dave kleiman: "RE: What server hardening are you doing these days?"
- In reply to: Derick Anderson: "Renaming Administrator account"
- Next in thread: Depp, Dennis M.: "RE: Renaming Administrator account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Derick Anderson'" <danderson@vikus.com>, <focus-ms@securityfocus.com> Date: Tue, 15 Nov 2005 20:33:22 -0500
My 2 cents...
Icing with bland flavor.
Turn on audit and you have introduced a very small bump for a determined
individual....
A small blip on your radar that would not be there, if you did not invest 2
seconds of admin time.
Regards,
Gary Everekyan
CISSP, CISM, ISSAP, ISSPCS, MCSE, MCT
gary_everekyan@hotmail.com
"High achievement always takes place in the framework of high expectation"
-Jack Kinder
-----Original Message-----
From: Derick Anderson [mailto:danderson@vikus.com]
Sent: Tuesday, November 15, 2005 4:21 PM
To: focus-ms@securityfocus.com
Subject: Renaming Administrator account
A question for the list, inspired by the server hardening/break in
threads:
Is changing the Administrator account name really worthwhile or not? My
largely unfounded, sparsely researched opinion is this:
So far I haven't read a convincing argument for changing the name of the
administrator account, and there's one reason I've chosen not to - account
lockout policy. Only the domain Administrator account is exempt from lockout
unless there's a special dispensation for Domain/Enterprise admins I don't
know about. So choosing another account (and thus changing the SID) would
take away the protection(?) against a DoS attack on the Administrator
account.
As for providing extra security, I believe it's security by obscurity.
In order to access password-based systems, you have a set of public
knowledge (username) and private knowledge (password): known * unknown =
unknown, or in a (non)mathematical sense for brute force attacks, 1 * ?
= ?. Now let's say you change the Administrator password, what have you
gotten? Unknown * unknown = unknown, or ? * ? = ?. You've changed the
equation but not the outcome. I realize that changing the name prevents
automated attacks but can't this be defeated by not allowing direct remote
Administrator access? (no VPN account, no OWA account, servers locked up in
a datacenter...)
Basically what I'm asking is whether changing the account name is a
fundamental princple or just icing on the cake.
Derick Anderson
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: dave kleiman: "RE: What server hardening are you doing these days?"
- In reply to: Derick Anderson: "Renaming Administrator account"
- Next in thread: Depp, Dennis M.: "RE: Renaming Administrator account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
