|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Only one reason to obscure the admin account?
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: Only one reason to obscure the admin account?
- From: Dominique Brezinski <dom_brezinskiSECURECOMPUTING.COM>
- Date: Sat, 27 Feb 1999 09:35:45 -0800
- Approved-By: Russ.CooperRC.ON.CA
- Comments: To: Mark <markNTSHOP.NET>
- In-Reply-To: <001c01be6194$0ccba7c0$5567aecffrog.dev.nul>
- References: <61143C10CC8AD211A2F10000F878E683066905ns.rc.on.ca>
- Reply-To: Dominique Brezinski <dom_brezinskiSECURECOMPUTING.COM>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
At 07:26 AM 2/26/99 -0700, Mark wrote: >Russ, > >You wrote in your reply to "Re: [NTBUGTRAQ] IIS4 allows proxied password >attacks over NetBIOS" the following statement: > >> 4. Strong passwords *and*, for the very first time I can think of, >> finally a *good* reason to rename the Administrator account...;-] > >Don't you think that every wanna-be-NT-intruder on the planet knows about >this account, and would obviously try to brute force it? Isn't that a darn >good reason to obscure the account in some preferred manner? > >If not, then please tell me and all the list readers why obscuring that >account serves no purpose, please sir. I don't understand your rational on >this... Well, it is usually trivial to get the user name list from an NT box. The Server service or SNMP are examples of services that just give the information up to almost anyone. If, and only if, you block access to such services that can be used to get user names, then renaming the administrator account will provide you with an extra level of protection (that is not trivial to defeat). I can't even begin to tell you now many NT boxes I have seen with 139 open, the Server service enabled, and a renamed admin account. This provides no added protection, and usually the admins get more lax about controls on the admin accounts due to the false sense of security. Nobody renames root on *nix, they just don't allow remote logins as it ;) Renaming the admin account does add protection on IIS servers that are well configured, and this is probably the place it makes the most sense to do it. There are others as well, but in many applications it currently does not make sense to do it because it provides no added security IMHO. Dominique Brezinski CISSP (206) 898-8254 Secure Computing http://www.securecomputing.com
- Follow-Ups:
- Re: Only one reason to obscure the admin account?
- From: David LeBlanc <dleblancMINDSPRING.COM>
- From: David LeBlanc <dleblanc
- Re: Only one reason to obscure the admin account?
- References:
- Re: IIS4 allows proxied password attacks over NetBIOS
- From: Russ <Russ.CooperRC.ON.CA>
- From: Russ <Russ.Cooper
- Only one reason to obscure the admin account?
- From: Mark <markNTSHOP.NET>
- From: Mark <mark
- Re: IIS4 allows proxied password attacks over NetBIOS
- Prev by Date: Re: Only one reason to obscure the admin account?
- Next by Date: Re: Only one reason to obscure the admin account?
- Prev by thread: Only one reason to obscure the admin account?
- Next by thread: Re: Only one reason to obscure the admin account?
- Index(es):