Re: Securing against an internet based intrusion





In news:rb2vv1h7emejrmtqi36g4as3c74bb7mkdl@xxxxxxx,
Ari <nomail@xxxxxxxx> typed:
I like to run a tight ship and have taken some security measures to
help keep my system more secure. One topic I've never seen discussed
before is what measures the OS takes if it detects multiple guesses of
the administrators password via the internet-which is likely an
attempt to gain unauthorized access.

I have renamed the administrators account to an unusual name, so
(presumably) an intruder has to somehow figure out the account name
that has administrative privileges. But, let's say this has been done,
and the intruder begins guessing passwords, hoping I was stupid enough
to use a blank line or an easy to guess password (such as
'administrator'::>).

What is to stop the intruder from running all the possible
combinations of passwords until the system unlocks for him (or her).

Clearly, such an attack should (at the very minimum) alert the
keyboard operator and should slow down acceptance of guesses to give
the kb operator more time to respond. But, stopping the computer from
operating if this is detected amounts to an easy means of launching a
denial of service attack....so, clearly shutting down the computer is
not an option.

Just exactly what does XP do when it detects multiple wrong guesses of
the administrators password? Is this issue someting I don't need to
worry about (because XP has it covered), or does XP sit there and
watch it happen?

Thanks,

Ari

I don't know whether account lockout will do anything in XP, but first step
is getting a good firewall in place between your computer and the Internet
modem/router you use - even if you use the XP firewall as well. Don't allow
any inbound traffic at all, and you're in decent shape. Depending on the
model, you may be able to turn up logging such that you can see what people
(or hijacked computers) are trying to do - even dump it out to a syslog
server.
If you use wireless, don't use a wide open access point - use WPA at
minimum.
Use a good, long, complex password on your default administrator account,
and also on your own account (and don't put your own account in the
Administrators group).


.