 |
 |
hi, I saw a message on the UNISOG mailing list about a security "tool" being developed that would brute force attack terminal services. I've been using terminal services for remote access to my servers, so this concerned me. Basically it grinds through, testing passwords on the administrator account (which apparently canned be locked out for too many bad password attempts). Unless you watch your log files closely, you might never notice. The web page describing TSgrinder is at http://www.hammerofgod.com/download.htm One nice thing about the developer is that he mentions ways to prevent this tool from working. Two of them are renaming the admin account and setting the pre-login legal notice. I had already renamed the admin account on my domain, I think now I will go through all the workstations and rename those admin accounts too. More information on setting the legal notice is at http://support.microsoft.com/default.aspx?scid=kb;EN-US;q101063 I ran the following .reg file on all my systems offering a terminal services connection: -------- legal-notice.reg -------------------------- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "LegalNoticeCaption"="Important Notice:" "LegalNoticeText"="No Unauthorized Access Allowed!" ---------------------------------------------------------------------------------------------------------- Hopefully this keeps me at least two steps ahead of the people that have blank passwords on the admin account. If anyone has further thoughts on this, please let me know. And this info also applies to the remote console feature in WinXP Pro. -jav * John Valenti Systems Analyst, Labor & Industrial Relations * * 408 S Kedzie Hall, Michigan State University, E. Lansing, MI 48824 * * (517) 353-1807 fax (517) 355-7656 [log in to unmask] *