RE: more info on a hopefully unsuccessful compromise
From: Deus, Attonbitus (Thor_at_HammerofGod.com)
Date: 07/14/03
- Previous message: Sergey Latkin: "Re: more info on a hopefully unsuccessful compromise"
- In reply to: Dial Joe: "RE: more info on a hopefully unsuccessful compromise"
- Next in thread: David Gillett: "RE: more info on a hopefully unsuccessful compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Jul 2003 13:29:42 -0700 To: Dial Joe <joe.dial@siemens.com>, "'herman@mediachron.com'" <herman@mediachron.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 10:23 AM 7/14/2003, Dial Joe wrote:
>Hi Herman,
>I'll jump in on the renaming the administrator account.
>First My disclaimer: I am not a (fulltime) Windows Administrator and
>I don't even have an MCSE, but I have been told that renaming the
>Administrator account is of little value (Well, actually the MCSE
>that told me said *no* value) since the Security ID for the
>Administrator account is a well known value, and this is what
>hacking/cracking attempts use instead of the user name. My (so
>called) expert said that an NT/2K/XP script kiddie could connect to
>the machine and exploit it without even knowing that the
>Administrator account was renamed. I (personally) usually rename
>it, then create a disabled guest account called
>administrator, just in case someone gets physical access to the
>machine and wants to *let their fingers do the walking*...
>
>If anyone on this list can confirm or deny the value of renaming the
> Administrator account with more info than just *somebody who has
>been right before told me* then I would love for them to enlighten
>me.
Hey Joe- et al-
To be specific, renaming the administrator account when one can hit
the
machine with NetBIOS/CIFS is of little value for the reasons you
state. However, when it comes to deploying Terminal Services,
renaming the
administrator account has real value. Since a TS logon is a "local"
logon,
and the administrator account cannot be locked out for "local"
logons,
renaming the administrator for machines accessible via a TS logon can
most
definitely help thwart brute force attacks. IOW, if I know you have
not
renamed your admin account from "administrator," then I can hammer on
it
all day long knowing that the account won't be locked out.
T
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBPxMSuohsmyD15h5gEQJH9QCgoUHDdCt2Tx2DuRpWsic7HKTAcEcAn1A0
/ASAJEoMmovG1tUocSfqZFRU
=xN5G
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
- Previous message: Sergey Latkin: "Re: more info on a hopefully unsuccessful compromise"
- In reply to: Dial Joe: "RE: more info on a hopefully unsuccessful compromise"
- Next in thread: David Gillett: "RE: more info on a hopefully unsuccessful compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
