Re: Protection from Hackers
From: Microsoft Newsgroups (clarence@lanicu.com)
Date: 12/03/02
- Next message: Victor: "logon message/local policy error"
- Previous message: Nico: "Very Urgent... W2000 standalone, Unlock Password"
- In reply to: Carl Hilton: "Protection from Hackers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Microsoft Newsgroups" <clarence@lanicu.com> Date: Mon, 2 Dec 2002 15:32:14 -0800
Carl,
One way to protect yourself would be to create a unique 127 character
password for each admin account then change each pass word constantly thus
all but eliminating access to a given machine. Our User Manager Pro product
does that and is now being used by one of our clients to protect 50,000
machines. Read below for more details and or contact me for a demonstration.
******* RANDOM PASSWORD GENERATOR **********
Administrators should change the built-in administrator password on all of
their workstations at regular intervals. The common local machine
administrator passwords should be changed immediately when there is turnover
in the pool of network administrators. The password should also be changed
regularly to mitigate the possibility that one or more users may attempt to
covertly crack the local administrator password on their machine using tools
such as L0phtCrack. If all administrator passwords are the same (this is
the common scenario), then a cracked local administrator password allows
unrestricted administrator access to all machines using peer-to-peer
authentication.
If the local administrator password is common to all machines, but is
changed regularly and is cryptographically complex, then brute force
password cracking tools will take longer to crack the password than the
interval between password changes. In that case, cracking passwords is a
useless exercise. If the administrator fails to change the passwords
frequently enough, or uses passwords for the common account that are too
simple, then it would be possible to successfully crack the password and
gain unauthorized access.
The goal of this add-on is to make each machine’s administrator password
different. By doing so, cracking a single password does not grant access to
all other machines. The module allows the password to be made as complex as
desired and takes care of the periodic changes without administrator
intervention. If it is desired to get the current password for a specific
machine, a built-in encrypted password recovery database can be maintained
by the program. Reporting on successful password change date and time is
also provided.
Clarence McDowell
Lieberman & Associates
Microsoft Gold Certified Tools for Windows NT/2000/XP Administrators
9107 Wilshire Blvd Ste 450
Beverly Hills CA 90210
P (01)310-550-8575 F (01)310-550-1152 www.lanicu.com
,./
"Carl Hilton" <noone@nospam.com> wrote in message
news:#XBtFt9lCHA.1324@tkmsftngp04...
> I saw a demo of a bootable floppy that launched into LINUX then the user
was
> able to reset the Administrator Password on the NT boot drive. Now I know
> that one aspect of NT security is to rename the Administrator account, but
> this program showed ALL accounts and you could select which to change....
> How can we protect ourselves from this type of breach?
>
> Carl
>
>
- Next message: Victor: "logon message/local policy error"
- Previous message: Nico: "Very Urgent... W2000 standalone, Unlock Password"
- In reply to: Carl Hilton: "Protection from Hackers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
