The first two points are really for securing the administrator account
on a server or other secure machine. The admin which doesnt belong to
any group has no access to the system. If a hacker of virus were trying
to break into the Administrator, it would be nothing more than a decoy.
Blending the real administrator account is also a trick to hide its true
identity. If you have a naming scheme like lastn.f, rename the admin
account to match. That way when someone is enumerating your machine they
wont know the first place to look.
This is a real great guide for locking down admin accounts but might be
better suited for some sort of security list
http://www.microsoft.com/downloads/details.aspx?FamilyID=04d81d4f-3b02-4486-b37a-c3469048c662&DisplayLang=en
The first and last chapters are fluff but the rest is good
Nick Wells wrote:
The first to points are interesting, but it would be easier to just rename
the admin account /me thinks.
Nick Wells
Windows Administrator
I-2000, Inc
-----Original Message-----
From: John D. Patota [mailto:jpatota@ccs.neu.edu]
Sent: Monday, August 15, 2005 14:13
To: focus-virus@securityfocus.com
Subject: zotob
Its my estimate it will only be a few days until this hits windows XP.
Some useful information is at http://www.f-secure.com/v-descs/zotob_a.shtml
The biggest thing I can think of is to have users assign strong
passwords to their Administrator accounts. If you want to do things
right, take the following steps:
- Disable the Admin account entirely and take it out of every group
- Create a separate account with administrator permissions whose
username is inconspicuous
- Primarily use an account with minimal permissions, when installing
programs and doing other various administrative duties you can right
click on the program and select "run as"
This is the type of mentality UNIX and subsequently macs use that most
windows users haven't caught on to yet. I just hope when vista comes out
Microsoft will smarten up and tighten administrator access.
