Hi everyone,
I would like to get your response on a security issue.
I want to further more secure my NT 4.0 System by renaming the CMD.EXE (or command) to another filename (E.g. 1x2.exe).
Doing so will prevent "Outsiders" from Runing the command prompt (Easily).
Two simple questions:
A. can it be dangerous? (I mean can it f$%k my NT System by any means?)
B. Will it really matter so much? (Will it make me secure against Professional Hackers - and not by a Script kiddie..).

I would like to get as many responses as possible.

P.s. - Firewall is just not enough.

Thank you
Gabriel

How about simply making the "Run" command unavailable (http://www.winguides.com/registry/display.php/151/) from the Start menu and removing the sortcut to access "DOS mode" from the "All users" profile?

I'm on Win98 right now and can't test it, but if it works that would prevent any possible errors renaming the file itself.

i would edit the user's policy so that they can't get into the following places...

command prompt...
conrtol panel.
change printers.
change network settings..

i don't remember where to get into the policy, i know how in win2k, but i knw that this is commpletly different in nt40...
there will be many many websites to help you out..

As much as I appriciate you're help you didn't get my point...
I meant to prevent access to CMD for Hackers - not by my users (which know nothing about Hacking.).

Sorry for not making it clear in the original post.

Thanks (Again),
Gabriel Levi

Originally posted by Gabriel
As much as I appriciate you're help you didn't get my point...
I meant to prevent access to CMD for Hackers - not by my users (which know nothing about Hacking.).

Sorry for not making it clear in the original post.

Thanks (Again),
Gabriel Levi

Firewalls are a much better idea, set up correctly they will prevent access... what firewall are you using?

then i would recomend a firewall, and end user education...

You must be gettign hit with one of the many many variants of RFP lotsa them floating around still

best ways we had found to defend is like you suggested, rename the cmd.exe command, it never impacted ours or our clients' server boxen..as long as authorized persons knew what the renamed file was :D Some folks still need remote access and Admin rights

A better fix was to set permissions for the cmd.exe. and command.com to "no access" vs "full control" ...however this tended to screw up the schedule service since it runs as NT Authority/System, but..

**"to still use this service, open the Services in the control panel, clcik schedule, click the 'Startup...' button., services are run as the system account by default, go figure..... next select the 'This Account:' radio button, and select a different user to run at services as. "

**liberally quoted from the shop tech note pad here, so i cant give proper author credit :confused:

We got a massive tome for secured *hah!*installs maintaining NT/2000 *bulletins/hotfixs warnings,KB articles, exploit lists, manual fixes etc etc*... its in a 3 ring binder and grows weekly!!