Re: Security Question
- From: "kj" <kj@xxxxxxxxxxx>
- Date: Fri, 10 Nov 2006 11:16:30 -0700
A simple ldap query will return the administrator account, but in Windows
2003 AD "anonymous" ldap queries aren't allowed. However, a logged in user
with no other special privileges can easily determine the name of the
Administrator account. While a typical user isn't going to know how to do
this (or care probably), spyware/malware or such could easily do this under
the user credentials. As Les said this "obscurity" measure isn't a
significant security layer for a determined intruder.
That said, I'm not aware of any spyware that has been found to do this, but
it is certainly possible.
--
/kj
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
wrote in message news:%23hIktUOBHHA.3928@xxxxxxxxxxxxxxxxxxxxxxx
SMTP tar pit feature for Microsoft Windows Server 2003
http://support.microsoft.com/kb/842851
Getting a valid email address is one thing; the planets would have to be
aligned with the stars for someone to get a valid username from an AD
harvest, but if the email address is <name>@domain.com and the user
account is <name>, then it's a no brainer.
I see quite a few installs like this - I don't really like it but it's
because of defaults. Customizing user account and email address generation
is an obscurity measure, not effective against a black hat but keeps the
dabblers moving on.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
understand." - Confucius
"cjobes" <cjobes@xxxxxxxxxxxxx> wrote in message
news:uEgA%23KJBHHA.1196@xxxxxxxxxxxxxxxxxxxxxxx
Les,
Can you elaborate a bit more on this?
--
Claus
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
wrote in message news:eMtbFTIBHHA.1220@xxxxxxxxxxxxxxxxxxxxxxx
From an AD harvest? If AD filter is on, this is one of the caveats -
hence the use of tarpitting for mitigation.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
understand." - Confucius
"cjobes" <cjobes@xxxxxxxxxxxxx> wrote in message
news:%23I2lDv0AHHA.144@xxxxxxxxxxxxxxxxxxxxxxx
Hi all,
A first for me, so I would like to get some feedback from other admins.
As a standard, we always change the Administrator account name to
something else. For the first time we had a breakin attempt at one of
our clients (SBS2003/ISA2004) that was using the correct renamed admin
account name. Now, the password is pretty complex but I still don't
like the fact that 50% of the safeguard is out there. Does anybody have
an idea how an outside hacker would be able to obtain that username?
--
Claus
.
- Follow-Ups:
- Re: Security Question
- From: cjobes
- Re: Security Question
- References:
- Security Question
- From: cjobes
- Re: Security Question
- From: Les Connor [SBS Community Member - SBS MVP]
- Re: Security Question
- From: cjobes
- Re: Security Question
- From: Les Connor [SBS Community Member - SBS MVP]
- Security Question
- Prev by Date: Re: long shot on recovery
- Next by Date: Re: SBS2K3 antivirus protection - suggestions?
- Previous by thread: Re: Security Question
- Next by thread: Re: Security Question
- Index(es):
Relevant Pages
|
