Computer Performance

Google

Web Search Site

3CX Phone System for Windows - VOIP IP PBX

3CX Phone System for Windows -
VOIP IP PBX

Get your 5 free applications now

Application Publishing with 2X ApplicationServer

Who is looking at your server?

Have you renamed the Administrator's account?

Litmus Test

 

 

Best Practice (Litmus Test)

Professionals rename the Administrator Account

Amateurs as usual, leave security as the default settings

Rename your Administrator account

Renaming the Administrator account is the single best practice you can do to secure of your system.  It amazes me that companies spend thousands on security reports but do not rename the Administrator's account.  Also remember to delete the description:  Built-in account for administering the computer/domain when you rename the account.

The two points are: 

1) Every hacker knows that Windows Server 2003 has an account called Administrator

2) By design, the Administrator account cannot be locked out.  So hackers can try as many times as they like to discover the password.

Create a Dummy Administrator Account

My mate 'Barking' Eddie renames the original Administrator = fredb, then creates a new dummy Administrator account with only guest rights.  This drives hackers mad because they cannot understand why the Administrators account does not do what they want!   He even adds the description:  Built-in account for administering the computer/domain to the dummy account.

Notes on Best Practices for the Administrator account

In Server Windows 2003 you CAN disable the Administrator account.  Best practice would only disable the original administrator if you had created another account with at least account operator privileges.

SG wrote to me pointing more security measures for the Administrator account:-

Deny Access to this computer from the network.  SG reminds me that this account has a SID ending in 500 which cannot be changed.  As a result, hackers using RedButton will always know which account is the original administrator and attack it.

You could also set a Security Policy which adds additional restrictions for anonymous connections to Do not allow enumeration of SAM accounts and shares.

For much more on Server 2003 security - check this section.

Security Warning

Warning about Microsoft: - Microsoft is configured for ease of use.  However with knowledge and skill I believe you can make Windows Server 2003 and Windows 2000 as secure as Novell or Unix.

Guy's warning:  - The more security you have, the more work there will be for the administrators.

Firstly, decide on an appropriate level of security for your organisation.  Take passwords as an example: - ordinary companies do not need complex passwords, which users have to change every month.  Whilst it would be inappropriate for banks to allow blank passwords which never expired.  

Litmus Test: Professionals use account lock out

 Account lockout - if an organisation has thought about account policies then they are probably professionals.  However, this is a classic case of there is no 'right answer'.  

Several Universities admit problems with account lockout.  Immature undergraduates deliberately lockout their friends accounts by typing in the wrong password.  If they can lock out a lectures account they think it's hilarious.  (Sad people, but we have to deal with them.)

Guy's first suggestion was to add donotdisplaylastusername setting to the Winlogon part of the registry.  This prevents users seeing the account that previously used the machine.   Secondly I showed the administrators how to set up auditing; then we could see which workstations the rogue passwords were coming from.

Litmus test: Amateurs security audit log is empty

Amateurs will almost certainly have a blank Audit log.  Professionals will have data on unsuccessful logon's and audits of sensitive files.

Tip: For the Boss.  If I was the boss I would have a meeting with my network manager and ask to see the security log options.  Just asking for this information will jog the network manger's memory.  The hidden message is that even the techie's actions are accountable.  If the network manager is honourable then they will have nothing to fear.  If they are a rogue, then okay they can get around it by deleting the log, but that in itself would be suspicious.

Another of Guy's Solarwinds IpMonitorLitmus Tests - Performance Monitoring

Professionals install ipMonitor (40% off until Sept 26th)
Consequently they can see instantly which servers are short of resources, and which are running smoothly.  

Amateurs
Keep their fingers crossed that the servers have enough memory and disk space.

Free Download of SolarWinds ipMonitor

TrainSignal - Recommended Training VideosNetwork security is complex.  As an MCT trainer, I can thoroughly recommend TrainSignal because they provide practical hands on training.  In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material.  You can either take one module, for example Network Security or go for a combination of modules.  See more about Network Security training here


Download my Jumbo Litmus Test eBook $5.95

Litmus TestsOver 40 of Guy's litmus tests.  Have fun while you learn about Windows Server 2003.  Stacks of ideas to check your servers, networks and security.

Your eBook has printer friendly pages and lots more screen shots.

 

 

 

 

Sign up to my new Ezine and get a free Best Practice ebook. 

 

 *

Google

Webcomputerperformance.co.uk

Guy Recommends: SolarWinds Exchange Monitor

Exchange Monitor from SolarWindsHere is a free tool to monitor your Exchange Server

 

Home Copyright © 1999-2008 Computer Performance LTD All rights reserved

Please report a broken link, or an error.