Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Removing Local Admin Accounts - What do you think?

from [Rob Thompson] Network Security [Permanent Link]
Subject: Re: Removing Local Admin Accounts - What do you think?
Date: Tue, 29 Jan 2008 19:15:51 -0800
I wanted to thank every one that responded to the e-mail that I sent out previously (below). I had intended on writing back my 2 cents on the whole thing and acknowledge receipt of the responses, a while ago. I got wrapped up and haven't really been able to get to too much else... I didn't mean to be rude.

Anywho - I think that it is a bad idea to remove the Local Admin acct. With the account gone, the only thing you are really doing is inhibiting the functionality of your IT department.

If someone is going to do something malicious to the machine, they are going to do it whether that account is there or not.

Again, thank you very much to every one that responded. I really do appreciate your time.

----- Original Message -----
From: listbounce@securityfocus.com <listbounce@securityfocus.com>
To: security-basics@securityfocus.com <security-basics@securityfocus.com>
Sent: Sun Jan 13 11:19:16 2008
Subject: Removing Local Admin Accounts - What do you think?

Dear List,

I am looking for a general consensus from my peers.  If you are able to
answer this with definite knowledge and not an assumption and you fully
understand what you are saying, please reply to this message.  I do not
mean to be rude, but if you are not sure, please do not respond to this
message.

I am asking this as I will be presenting this to a company, as they have
proposed this idea and I want to show them exactly what they are
considering getting themselves into.

What is your professional opinion on removing the local administrator
account?

Does this pose a security risk to have a local administrator account on
a computer, so that IT staff (which are the only people in the
organization that are entitled to this user/pass) can do work on a
computer in a way that can not be "securely" audited?  What I mean by
this is, they all use this one account (for emergencies only), instead
of using their own credentials over the network - thereby showing the
local admin account was used, but not who used it.

What are the risks involved in removing this account?

Is this a general best practice, from a security point of view?

If not, what is the best practice from a security point of view?

Lastly, do you believe or not, that if the IT staff wanted to compromise
a box, anonymously, would they really need this local administrator
account on the box?  Or would they still be able to do this, without the
account there?  Why?

I sincerely appreciate your time and thank you in advance for any
answers that you may pose.  Also, if you see something that I did not
consider in my questions, please feel free to include that as well.

Please remember, if you think that this is a wise decision or not,
PLEASE state your answers and why.



--
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
|                         _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|                        / \  |
|                             |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Certificate error.. Pharming attack?, Security Basic
Next by Date:  Law Enforcement Foresics Tools, Michael Condon
Previous by Thread:  RE: Removing Local Admin Accounts - What do you think?, Timmothy Lester
Next by Thread:  Re: Removing Local Admin Accounts - What do you think?, krymson
Indexes:  [Date] [Thread] [Top] [All Lists]