Re: Renaming Administrator account
- From: "kj" <kj@xxxxxxxxxxx>
- Date: Thu, 10 Nov 2005 15:15:39 -0700
"Jim Staunton" <sbsbofh@xxxxxxxxxxxxxx> wrote in message
news:qSKcf.249984$MS3.118925@xxxxxxxxxxxxxxxxxxxxxxxxx
>
>
> A remote attacker with no local account CAN'T authenticate to the domain
> controller, and so CAN'T determine a username from a well-known SID. She
> can, however, try to crack the administrator password by brute force. A
> dictionary attack - via attempted authenticated relay on your SMTP
> server? - could look like this:
Actually if restrictanonymous isn't set to 1 or 2 then unathenticated
queries are allowed. So, yes it CAN.
>
> U: administrator P: aardvark
> U: administrator P: aardwolf
> ...
....but presuming 2003 and no intential degradion of security, alls one has
to have is a user name infered from their email address and you have a
username. So go crack that password which likely is less secure than the
administrator one is. Now you've got an authenticated ability to lookup the
admin sid and targe it appropriatly. As I recall you can get the domain
password restrictions to aid your brute force. Commonly named accounts for
third party products are also a favorite target.
>
> This is going to take a hell of a lot longer than in the first scenario,
> so I would always recommend renaming the administrator account - and not
> to something simple like "admin" :-)
I'm not saying it doesn't help, just that securing AD isn't just one or two
items, it's a continuing process.
>
> Jim
>
.
- References:
- Renaming Administrator account
- From: Arthur
- Renaming Administrator account
- Prev by Date: Re: GPO firewall domain profile setting missing
- Next by Date: Re: Does anybody know a for sure answer?
- Previous by thread: Renaming Administrator account
- Next by thread: MSExchangeIS service is Stopped.
- Index(es):
Relevant Pages
|
