As I open the logs files on my honeypot server I see there multiple brute force attacks on my ftp server. They are using administrator and every possible combination of letters and characters. I sit for a a moment and think to myself. What if I had not renamed my administrator account? Would my FTP server have been compromised?
This question or questions bring me ultimately to answer the question of why you should rename your domain administrator account. There are going to be certain servers like Microsoft FTP through IIS that do not allow you to set settings based on how my incorrect attempts before a user is locked out. Regardless how can you lock out the one account that has access to your entire network? First I will just say I don’t believe entirely in security through obsecurity. However, it is definitely a mechanism you can put in place to further protect your network. When hackers try to brute force your network you can almost ensure yourself they’re going to try to use “administrator” as their user.
You might be asking at this point. Ok so if I rename my domain administrator account how will I access items that require this permission. This is a good question. Basically what I would recommend is create an account named admin-username. Username of course being your user name or any other users who need to manage your domain. Once you have done this I would recommend renaming your domain administrator account to something obscure. Then set the password and make it very long and difficult to brute force attack. When that is complete save that password somewhere secure in case the day comes when you need it.
Since I’m on this note. There is another very important security measure administrators should take. NEVER use your domain admin account to login on a daily basis. You should be logging in to your network just like every other user. With an account that has absolutely no administrator permissions. If you need to install new hardware or software or change system settings then do a runas. Or simply log off and log back in as administrator. I cannot tell you how many machines or networks get infected because users are logging in as administrator when they don’t need to be. Don’t get lazy and complacent do the right thing today.