Very well put!
Lars
Bill Vermillion wrote:
> On Tue, Jun 19, 2001 at 12:33:44PM -0500, Cameron Haegle thus
> sprach:
>
> > I come from the Windoze side of the playground, where you are able
> > to rename the Administrator account name, in order to provide a
> > bit more security.
>
> > Can a similar thing be done with FreeBSD?
>
> You could, but what you are proposing is the classic 'Security
> through obsurity model'. That never works.
>
> Root is a traditional account name since 1969, but it also maps to
> user ID 0 as someone else mentioned. Every system requires
> a user ID 0 no matter whether it is root, larry, manny or moe.
>
> Make sure that no one can log in as root anywhere except at the
> console. You can even elminate root login at the console if your
> system is not in a 10000% secure location :-)
>
> Then the only memember who can use root are those you put in the
> 'wheel' group.
>
> Let's get back to UID 0 for a moment. If anyone can get into that
> machine, even if they don't have the ability to become super user,
> and you have named your root account mxtylplx, then anyone on that
> machine will know that is the admin account by listing any
> directory in which used ID 0 has a file it owns.
>
> Don't putz around with security 'ideas'. Do security in the right
> manner. Limit the wheel account users. Make sure they keep their
> login password secure, and keep the root password secure.
>
> Get rid of all telnet account and put in SSH so that no clear text
> passwords ever cross the net. That's just a small step on the
> way, to locking down a system, but just changing login names won't
> do it.
>
> Bill
>
> --
> Bill Vermillion - bv @ wjv . com
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
