On Thu, 2003-05-29 at 08:12, John LeMay wrote:
On my NT server, I never leave the admin account named Administrator.
As that seems to be the first thing people always try to mess with. So I usually have it named something very obscure.
I would have thought that someone who uses linux would already know that security through obscurity is a fiction that only microsoft believes anymore.
I would actually disagree. Security through obscurity works. Consider the example given. If a cracker does not know the administrator account name, nor the account name of any other user on the system, and he/she does not have physical access to the machine, how much more difficult is it for them to gain access to the machine than if they knew the admin account was simply names "administrator"? Probably difficult enough for them to give up and crack someone else's box instead.
As you might know, there are several *very easy* ways to enumerate user names on a remote NT machine. This, of course, includes the admin account name - regardless of it being renamed or not. If one knows these ways, and real crackers do, then there's no any difference regarding difficulty - whether the admin name is default or it was renamed. By renaming admin you really hide very little - practically nothing. It might work against most ignorant attackers only - this is often the case with security through obscurity. The proper way would be to take a number of preventive measures against these enumeration techniques, which is another story... something that has nothing to do with obscurity, but with real security job. Sincerely, cikasole