Networking / Beginners

Myth 2: If We Hide It, they Not Find It

If only we had a dime for every time we have seen someone try to hide their system... Hiding the system so rarely helps. Some examples are in order. For instance, some people advocate turning off SSID broadcast in wireless networks. Not only does this mean you now have a network that is not compliant with the standard, your clients will also prefer a rogue network with the same name over the legitimate one. Oh, and it takes only a few minutes to actually find the network anyway, given the proper tools. Another example is changing the banners on your Web site so the bad guys will not know it is running IIS. First, it is relatively simple to figure out what the Web site is running anyway. Second, most of the bad guys are not smart enough to do that, so they just try all the exploits, including the IIS ones. Yet another one is renaming the Administrator account. It is a matter of a couple of API calls to find the real name. Our favorite is when administrators use Group Policy to rename the Administrator account. They now have an account called Janitor3, with a comment of "Built-in account for administering the computer/domain." This is not really likely to fool anyone.

Renaming or hiding things is generally speaking much more likely to break applications than it is to actually stop an attack. Attackers know that administrators rename things, and go look for the real name first. Poorly written applications assume the Program Files directory is in a particular place, that the Administrator account has a particular name depending on region, and so on. Those applications will now break. Arguably, they were already broken, but the result is that they no longer function.

[Previous] [Contents] [Next]

In this tutorial:

  1. Protecting Hosts
  2. Security Configuration Myths
  3. Myth 1: Security Guides Make Your System Secure
  4. Myth 2: If We Hide It, they Not Find It
  5. Myth 3: The More Tweaks, the Better
  6. Myth 4: Tweaks Are Necessary
  7. Myth 5: All Environments Should At Least Use <Insert Favorite Guide Here>
  8. Myth 6: "High Security" Is an End Goal for All Environments
  9. Myth 7: Start Securing Your Environment by Applying a Security Guide
  10. Myth 8: Security Tweaks Can Fix Physical Security Problems
  11. Myth 9: Security Tweaks Will Stop Worms/Viruses
  12. Myth 10: An Expert Recommended This Tweak as Defense in Depth
  13. Server Security Tweaks
  14. Software Restriction Policies
  15. Do Not Store LAN Manager Hash Value
  16. Anonymous Restrictions
  17. Security Identifiers (SIDs)
  18. Password Policies
  19. SMB Message Signing
  20. Networking LAN Manager Authentication Level
  21. TCP Hardening
  22. Restricted Groups
  23. Audit Settings
  24. Client Security Tweaks
  25. Firewalls
  26. IPsec Filters
  27. SafeDllSearchMode
  28. Local Administrator Account Control
  29. Limit Local Account Use of Blank Passwords to Console Logon Only
  30. Logon Events
  31. Allowed to Format and Eject Removable Media
  32. The Caution ListChanges You Should Not Make
  33. Crash on Audit Failure
  34. Clear Virtual Memory Page File
  35. Security Configuration Tools