Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Renaming Administrator account

from [Beauford, Jason] Network Security [Permanent Link]
Subject: RE: Renaming Administrator account
Date: Tue, 15 Nov 2005 17:34:49 -0500 
Accounts retain their SID's when you rename them.  Renaming the admin
account defeats "dumb" worms/virus/trojans etc, and that's about it.
Determined black hats will know what to look for.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q243330

JMB 

        |  -----Original Message-----
        |  From: Derick Anderson [mailto:danderson@vikus.com] 
        |  Sent: Tuesday, November 15, 2005 4:21 PM
        |  To: focus-ms@securityfocus.com
        |  Subject: Renaming Administrator account
        |  
        |  A question for the list, inspired by the server 
        |  hardening/break in
        |  threads:
        |  
        |  Is changing the Administrator account name really 
        |  worthwhile or not? My largely unfounded, sparsely 
        |  researched opinion is this:
        |  
        |  So far I haven't read a convincing argument for 
        |  changing the name of the administrator account, and 
        |  there's one reason I've chosen not to - account 
        |  lockout policy. Only the domain Administrator 
        |  account is exempt from lockout unless there's a 
        |  special dispensation for Domain/Enterprise admins I 
        |  don't know about. So choosing another account (and 
        |  thus changing the SID) would take away the 
        |  protection(?) against a DoS attack on the 
        |  Administrator account.
        |  
        |  As for providing extra security, I believe it's 
        |  security by obscurity.
        |  In order to access password-based systems, you have 
        |  a set of public knowledge (username) and private 
        |  knowledge (password): known * unknown = unknown, or 
        |  in a (non)mathematical sense for brute force attacks, 1 * ?
        |  = ?. Now let's say you change the Administrator 
        |  password, what have you gotten? Unknown * unknown = 
        |  unknown, or ? * ? = ?. You've changed the equation 
        |  but not the outcome. I realize that changing the 
        |  name prevents automated attacks but can't this be 
        |  defeated by not allowing direct remote Administrator 
        |  access? (no VPN account, no OWA account, servers 
        |  locked up in a datacenter...)
        |  
        |  Basically what I'm asking is whether changing the 
        |  account name is a fundamental princple or just icing 
        |  on the cake.
        |  
        |  Derick Anderson

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ISA Server or Firewall Appliance?, James Eaton-Lee
Next by Date:  RE: ISA Server or Firewall Appliance?, Jim Harrison (ISA)
Previous by Thread:  RE: Renaming Administrator account, Gary Everekyan
Next by Thread:  RE: Renaming Administrator account, Depp, Dennis M.
Indexes:  [Date] [Thread] [Top] [All Lists]