My 2 cents... Icing with bland flavor. Turn on audit and you have introduced a very small bump for a determined individual.... A small blip on your radar that would not be there, if you did not invest 2 seconds of admin time.
Regards, Gary Everekyan CISSP, CISM, ISSAP, ISSPCS, MCSE, MCT [EMAIL PROTECTED] "High achievement always takes place in the framework of high expectation" -Jack Kinder -----Original Message----- From: Derick Anderson [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 15, 2005 4:21 PM To: [email protected] Subject: Renaming Administrator account A question for the list, inspired by the server hardening/break in threads: Is changing the Administrator account name really worthwhile or not? My largely unfounded, sparsely researched opinion is this: So far I haven't read a convincing argument for changing the name of the administrator account, and there's one reason I've chosen not to - account lockout policy. Only the domain Administrator account is exempt from lockout unless there's a special dispensation for Domain/Enterprise admins I don't know about. So choosing another account (and thus changing the SID) would take away the protection(?) against a DoS attack on the Administrator account. As for providing extra security, I believe it's security by obscurity. In order to access password-based systems, you have a set of public knowledge (username) and private knowledge (password): known * unknown = unknown, or in a (non)mathematical sense for brute force attacks, 1 * ? = ?. Now let's say you change the Administrator password, what have you gotten? Unknown * unknown = unknown, or ? * ? = ?. You've changed the equation but not the outcome. I realize that changing the name prevents automated attacks but can't this be defeated by not allowing direct remote Administrator access? (no VPN account, no OWA account, servers locked up in a datacenter...) Basically what I'm asking is whether changing the account name is a fundamental princple or just icing on the cake. Derick Anderson --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
