Renaming root account
Alec Berryman
alec at thened.net
Thu Mar 3 12:57:03 GMT 2005
Craig Edwards on 2005-03-03 08:53:54 +0000:
> Basically i am aware of the fact that other systems (for example
> windows) let you change the administrative user's username to
> enhance security that little bit more.
On our networks we have certainly changed the Windows Administrator
account's name, but that's mostly because there's no good way to
remotely log in as an unprivileged user and perform the equivalent of
'su -'. [1]
I suggest that instead of changing root's username that you simply
disallow direct remote logins as root and require anyone who needs
root access to go through an unprivileged user account. I would
guess with the level of security measures you've put in place this has
already been done, but I didn't see you mention it. Certainly you
mentioned that changing root's username won't fool local users, but I
think that disallowing remote logins as root provides the same end as
changing the Administrator account on Windows.
> Security through obscurity on its own is not a good method of
> securing a network but when combined with other systems, it can be
> an advantage.
There's certainly nothing wrong with obscuring things a little as long
as it's only part of the whole security plan.
[1] I'm no Windows guru - if there is a way I'd certainly like to know!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20050303/3cf2d567/attachment.bin
More information about the freebsd-security
mailing list