Sent to you by FRANCISCO via Google Reader:
Around my network we don't have ANY user accounts called Administrator or Admin - Period.
Why you might ask?
Well for starters it's a HUGE security risk! Let's look at it like this. If a hacker wants to try and gain access to your machine the first thing they will do after a port scan is try and find your administrator password.
Most of the time automated scans search for weak passwords on commonly named administrator accounts including: Root, Administrator, Admin and foreign variations on them. If the potential attacker does not know what the account is called then they will have a MUCH harder time gaining admin access.
I learned way back when in school to not only rename my real administrator account but to create another account called Administrator with limited access.
This creates Honeypot of sorts. For a great example of Honeypot's and snooping on the snoops check out this article on using Spector.
Why is it called a honey pot? Good question read this answer below:
Winnie the Pooh is a big fan of honey. In fact, he loves it so much that he will often get his paws and even his face stuck in the honey pot! In the computer world, a Honey Pot is a computer (or network of computers) designed to detect and monitor hackers. The idea is that the hacker will be lured in and trapped by the honey pot.
Now I don't go crazy and give this sudo admin account an easy password either, after all the unauthorized user gains a small bit of access to your network that they did not have before. This is not what want. We want them to spend their time and resources looking for information that really doesn't help them. And in the process your intrusion prevention services should catch them in the act.
So really password protect your fake administrator account. Let them spin their gears getting something that is no where near as critical as if they got your real account - you know the one you just renamed honeyp0t 
This works on any operating system where you can rename your administrator account. Do you have other tips or tricks for securing your servers? Let us know in the comments! Put your fellow admin's on!
- Microsoft's SteadyState. Free and chock full of uses.
- What happens if I apply Vista-specific Group Policy settings to my XP machines?
- Microsoft wants you to like Vista so bad they are going to lie to you.
- Question Vista: How can I disable usb access to one workstation on my windows network?
- Did anyone know Microsoft launched a competitive file type for the PDF? Its called XPS.
Things you can do from here:
- Subscribe to Ask The Admin using Google Reader
- Get started using Google Reader to easily keep up with all your favorite sites
No comments:
Post a Comment