|
-
August 26th, 2002, 03:02 AM
#1
Registered User
 Security advice needed - rename CMD.EXE
Hi everyone,
I would like to get your response on a security issue.
I want to further more secure my NT 4.0 System by renaming the CMD.EXE (or command) to another filename (E.g. 1x2.exe).
Doing so will prevent "Outsiders" from Runing the command prompt (Easily).
Two simple questions:
A. can it be dangerous? (I mean can it f$%k my NT System by any means?)
B. Will it really matter so much? (Will it make me secure against Professional Hackers - and not by a Script kiddie..).
I would like to get as many responses as possible.
P.s. - Firewall is just not enough.
Thank you
Gabriel
Real stupidity beats Artifical Intelligence
Avatar courtesy of A D E P T
-
August 26th, 2002, 11:02 AM
#2
Registered User
How about simply making the "Run" command unavailable from the Start menu and removing the sortcut to access "DOS mode" from the "All users" profile?
I'm on Win98 right now and can't test it, but if it works that would prevent any possible errors renaming the file itself.
-
August 26th, 2002, 11:11 AM
#3
Registered User
some more ideas...
i would edit the user's policy so that they can't get into the following places...
command prompt...
conrtol panel.
change printers.
change network settings..
i don't remember where to get into the policy, i know how in win2k, but i knw that this is commpletly different in nt40...
there will be many many websites to help you out..
-
August 27th, 2002, 02:22 AM
#4
Registered User
As much as I appriciate you're help you didn't get my point...
I meant to prevent access to CMD for Hackers - not by my users (which know nothing about Hacking.).
Sorry for not making it clear in the original post.
Thanks (Again),
Gabriel Levi
-
August 27th, 2002, 03:38 AM
#5
Driver Terrier
Originally posted by Gabriel
As much as I appriciate you're help you didn't get my point...
I meant to prevent access to CMD for Hackers - not by my users (which know nothing about Hacking.).
Sorry for not making it clear in the original post.
Thanks (Again),
Gabriel Levi
Firewalls are a much better idea, set up correctly they will prevent access... what firewall are you using?
-
August 27th, 2002, 10:40 AM
#6
Registered User
 ahhh...i see...
then i would recomend a firewall, and end user education...
-
August 27th, 2002, 12:45 PM
#7
You must be gettign hit with one of the many many variants of RFP lotsa them floating around still
best ways we had found to defend is like you suggested, rename the cmd.exe command, it never impacted ours or our clients' server boxen..as long as authorized persons knew what the renamed file was  Some folks still need remote access and Admin rights
A better fix was to set permissions for the cmd.exe. and command.com to "no access" vs "full control" ...however this tended to screw up the schedule service since it runs as NT Authority/System, but..
**"to still use this service, open the Services in the control panel, clcik schedule, click the 'Startup...' button., services are run as the system account by default, go figure..... next select the 'This Account:' radio button, and select a different user to run at services as. "
**liberally quoted from the shop tech note pad here, so i cant give proper author credit 
We got a massive tome for secured *hah!*installs maintaining NT/2000 *bulletins/hotfixs warnings,KB articles, exploit lists, manual fixes etc etc*... its in a 3 ring binder and grows weekly!!
Last edited by NeuromancerIV; August 27th, 2002 at 01:06 PM.
"Teach the ignorant, care for the dumb, punish the stupid."
-how to live a life well spent
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks