Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re[2]: About default sharing folders in Windows

From: vh <vhlist () yandex ru>
Date: Tue, 3 Jun 2003 12:16:30 +0400
Monday, June 2, 2003, 4:19:26 AM, you wrote:

JT> I strongly suggest renaming the local Administrator and Guest account
JT> to something that is not easily guessed at.  In addition, you should 
JT> probably create "dummy" accounts named "Administrator" and "Guest" 
JT> that have no rights/no group memberships and are disabled.  Monitor 
JT> the dummy accounts closely for log in attempts.

Just one note. It's always possible to determine whether user is
built-in administrator by SID value. I belive administrator account
has SID=500 and guest SID=501 even if renamed. And dummy accounts
won't have such SID values. If Null-sessions are open (it's done
by default), attacker can get SID values along with privilege and
group name. Thus, renaming administrator account may prevent from
attacking only by script-kiddies. Built-in accounts should be
renamed anyway. But, also you need to set a complicated password and
hack a registry. I'm not sure, but maybe it can be done by Local Policy
snap-in instead of direct registry changes. I belive there is
"Additional restrictions of anonymous connections".

So, be careful.

-- 
Best regards,
Martchukov Anton aka VH                        mailto:vhlist () yandex ru


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: