Date: Thu, 3 Mar 2005 07:57:02 -0500 From: Alec Berryman <alec@thened.net> To: freebsd-security@freebsd.org Subject: Re: Renaming root account Message-ID: <20050303125702.GA52534@thened.net> In-Reply-To: <4226D0A2.70508@winbot.co.uk> References: <4226C4DF.3050806@winbot.co.uk> <1109839352.4804.24.camel@red.nativenerds.com> <4226D0A2.70508@winbot.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--sdtB3X0nJg68CQEu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Craig Edwards on 2005-03-03 08:53:54 +0000: > Basically i am aware of the fact that other systems (for example > windows) let you change the administrative user's username to > enhance security that little bit more. On our networks we have certainly changed the Windows Administrator account's name, but that's mostly because there's no good way to remotely log in as an unprivileged user and perform the equivalent of 'su -'. [1] I suggest that instead of changing root's username that you simply disallow direct remote logins as root and require anyone who needs root access to go through an unprivileged user account. I would guess with the level of security measures you've put in place this has already been done, but I didn't see you mention it. Certainly you mentioned that changing root's username won't fool local users, but I think that disallowing remote logins as root provides the same end as changing the Administrator account on Windows. > Security through obscurity on its own is not a good method of > securing a network but when combined with other systems, it can be > an advantage. There's certainly nothing wrong with obscuring things a little as long as it's only part of the whole security plan. [1] I'm no Windows guru - if there is a way I'd certainly like to know! --sdtB3X0nJg68CQEu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCJwmeAud/2YgchcQRAo6kAKChVEm/jwV+6aqTDa2sXyPstgwr1QCgn0CU 3nSnCuRw4jcKKkHGEsWg5HI= =zcry -----END PGP SIGNATURE----- --sdtB3X0nJg68CQEu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050303125702.GA52534>