1. Explain why it is important to rename the default local administrator account?
There are certain reasons that the default local administrator account should be renamed. The local administrator account is the gateway to get the illegal access to a network through any of the computers. Whenever the hacker tries to get access to any network, then the local administrator account is their main target, because they know if they can access the local administrator account, then they can get access to all the information stored on all the computers in the network. The default local administrator account is the most powerful account that has privileges above the other accounts on all the systems on the network. There are others reasons as well that show the importance of default local administrator. It can also add more computers in the domain and even can install programs and change credentials of all the other accounts in the network. Moreover, it can also create Group Policy Objects. It means that the local default administrator needs to be protected in every possible way. Most of the attacks on the networks or the computers are on the local administrator account as it has the most powerful privileges on the computer and the network. There are different ways that can be used to protect local administrator account like reset the description, configuring a complex password, a false account or renaming it. The best way is to rename the default local administrator account so that the attackers are not aware of which specific account they need to attack in order to take control of the whole network (Melber, 2005). The default name of the administrator gives the target to the attacker and they exactly know which account they need to hack. So the best way to protect the account is by renaming it with some random name so that the attacker could not know which of the accounts the administrator is. This can be the best way to protect the computer and the network from the malicious attacks.
2. What is the purpose of the “Account Lockout Policy” implemented in step 4?
The accounts in the windows let the users give a separate workspace on the same computer system or on a network. It is common that every computer that is connected to a network will be password protected. So whenever there is an attack on a computer or a network first of all the hackers try to get access to the accounts on the computer by guessing the password or trying random words. Moreover, there is specific software as well that use different words and phrases and this sort of attack is called Dictionary attack. The accounts are needed to be protected in a way that the attackers find it hard to get the access by making a random guess or trying different software who could make a combination of passwords. Windows 2000 and the latest version give another privilege to the windows users that they can make secure their user on the computer systems by defining the Account Lockout Policy (Melber, 2009). This policy works in a very efficient way, it keeps on checking the number of attacks on an account. If the number of the wrong passwords on the account increase by the defined in the account lock policy, then the respective is blocked. There are three policy settings that can protect the account from malicious attacks that are
- Account Lockout Duration
- Account Lockout Threshold
- Reset account Lockout counter after
The account lockout duration defines that for how long an account should be locked if the wrong passwords are entered. The account lockout threshold defined that after how many wrong attempts the account should be locked. The reset defines that after how much time the lockout counter should take after the failed login attempts.
This policy should be defined for every account on the computer system in the network so that it can assure the safety and security of the network. This will let the hackers give minimum chance to hack the account and wait for long if the number of failed logins exceeds than defined lockout threshold.
3. What attack may be possible by implementing an Account Lockout Policy on a Windows machine that has remote desktop enabled?
Windows machines also offer an inspiring feature to its users to access their account on a computer using the remote desktop using the internet services. It gives the users ease to access the computer from anywhere in the world if the remote computer is connected to the internet. This lets the users access the other computers as well through LAN as well (Melber, 2009). As with the ease and features of the machine that has the remote desktop enabled, there are certain threats attached as well as the hackers are also looking for the ways to reach into the network and the accounts on the computer by attacking at the remote desktop feature. They have implemented several applications that have the ability to hack the remote desktop enabled machines over the internet. As by default, there is no account lockout policy configured on the windows machines, the attackers try to login to the computer by trying different combination by thousands of times. Once they gain access to the computer they have the liberty to install different malware and change the Account lockout policy. This gives them a gateway to spreading the virus by installing viruses on the network and also on different websites. The machines with the remote desktop enabled should also set their account lockout policy so that the number of login attempts through remote desktop connection could be noted and the account could be locked after a number of failed login.
4. Find out why it is important to disable the storage of the LAN manager hash value and write the answer.
In order to understand that why it is important to disable the storage of LAN manager gash values in the windows machines, it is important to understand what is LAN manager hash values and why it is used. The LAN manager hash value is the type of encryption that Windows uses in some of its new operating systems later Windows 2000. However, in the newer version, it is set to be disabled by default. It is the type of the encryption methodology that is quite easy to be cracked giving an easy way to the hackers to access the passwords stored in the computer (Alexander, 2005). The password stored in LAN manager hash value is easy to be cracked by the use of brute forces. The password when store using LAN manager hash is stored in forms of hash that is worst encryption technique, there are certain reasons behind calling it the worst encryption method. The maximum length of the password that is stored using LAN manager hash is only 14 characters, and the Windows converts this password into two parts 7 characters each. It means that there is only less key space from characters. Considering this set of characters, once the password will be divided into seven parts, even fewer characters will be used to find out the two parts of the password store in LAN hash. Moreover, the password is totally converted into the upper case leaving the coding system behind and giving ease to the attackers to find out the password. This shows that the password that is stored using the LAN manager hash values are quite easy to be cracked using the brute forces from the attackers. Sad is to know that Microsoft is still giving support of its LAN manager hash values in its newer versions of Windows but luckily it is disabled by default.
5. What standards are followed when enforcing password complexity requirements in Group Policy?
We have been focusing on the importance of the group policy in the Windows operating system and what can be done in order to secure the user accounts with the password and different group policy. Considering that password is quite important in all the aspects, so the password must be chosen very wisely. In order to make the user select the appropriate password that is not easy to be hacked, it is better to define a better group policy that lets them choose a complex password. There are certain standards that should be followed for the selection of complex password and could be imposed in the Group Policy. One of the standards that should be defined in the group policy is that the account name should not be used as the password for the same account (Microsoft, 2014). This policy can be defined as if there are more than three characters of the name in the password, then it should not be accepted. However, if the password contains less than three characters of the account name it can be used. The other standards for choosing the complex password in the group policy can be that the password should be composed of at least following three groups:
- Upper letter case (A-Z)
- Lower letter case (a-z)
- Numerics (0-9)
- Special Characters (!@#$% etc.)
These are the standards that will enforce the selection of complex passwords and these should be enabled in the group policy. If the passwords of the accounts in the network on each computer will be complex, then it will be hard to hack them.
Alexander, Z., 2005. How Secure Is Your Password?. [Online]
Available at: http://www.techgalaxy.net/Docs/Security/How_secure_is_your_password.htm
[Accessed 22 9 2014].
Melber, D., 2005. Protecting the Administrator Account. [Online]
Available at: http://www.windowsecurity.com/articles-tutorials/windows_os_security/Protecting-Administrator-Account.html
[Accessed 22 9 2014].
Melber, D., 2009. Top 10 Windows Security Configurations: Where and How! (Part 2). [Online]
Available at: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Top-10-Windows-Security-Configurations-Where-How-Part2.html
[Accessed 22 9 2014].
Microsoft, 2014. Password must meet complexity requirements. [Online]
Available at: http://technet.microsoft.com/en-us/library/hh994562(v=ws.10).aspx
[Accessed 21 9 2014].
Tulloch, M., 2004. Home Articles & Tutorials Authentication, Access Control & Encryption. [Online]
Available at: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Implementing-Troubleshooting-Account-Lockout.html
[Accessed 22 9 2014].