Post by Killer on Oct 26, 2004 7:37:54 GMT -5
SYSTEM: Rename The Administrator Account
By Diana Huggins
Many hackers will argue that this won't stop them, because they will use the SID to find the name of the account and hack that. Our view is, why make it easy for them? Renaming the Administrator account will stop some amateur hackers cold, and will annoy the more determined ones. Remember that hackers won't know what the inherit or group permissions are for an account, so they'll try to hack any local account they find and then try to hack other accounts as they go to improve their access. If you rename the account, try not to use the word Admin in its name. Pick something that won't sound like it has rights to anything.
Another strategy is to create a local account named Administrator, then give that account no privileges and a 10+ digit complex password. This should keep the script kiddies busy for a while. If you create a dummy Administrative account, enable auditing so you'll know when it is being tampered with. You should be able to catch the culprits in the act before they are able to gain access to your systems.
By Diana Huggins
Many hackers will argue that this won't stop them, because they will use the SID to find the name of the account and hack that. Our view is, why make it easy for them? Renaming the Administrator account will stop some amateur hackers cold, and will annoy the more determined ones. Remember that hackers won't know what the inherit or group permissions are for an account, so they'll try to hack any local account they find and then try to hack other accounts as they go to improve their access. If you rename the account, try not to use the word Admin in its name. Pick something that won't sound like it has rights to anything.
Another strategy is to create a local account named Administrator, then give that account no privileges and a 10+ digit complex password. This should keep the script kiddies busy for a while. If you create a dummy Administrative account, enable auditing so you'll know when it is being tampered with. You should be able to catch the culprits in the act before they are able to gain access to your systems.