On 2016-10-25 19:51, G. wrote:
On Tue, 25 Oct 2016 17:48:45 +0300, Sampsa Laine
wrote:
Also, is renaming the SYSTEM account likely to
break stuff? They seem to be
targeting that specific username so I figured I?d change it to STALIN or
something?
Instead of renaming it, you may want to disable interactive logins for the
SYSTEM account altogether, or you may want to investigate about tightening
timeouts for the intrusion detection function (see SHOW INTRU command), so
that VMS will not allow logins from accounts for which a certain threshold
has been reached, even if the attacker guesses the password. :)
Totally agree on disabling interactive logins. But I would perhaps limit
that to just network logins. (I believe VMS can also make that distinction.)
However, if the intrusion system disables the account, it becomes a
rather ugly DOS vector. Not sure how they were thinking there...
Johnny