IWSEC
Wed Sep 21 05:28:04 CDT 2005
Hi,
It all sounds good - yup VPN's would be better and yup they are a complete
pain with other peoples firewalls, I gave up a while ago. Another couple of
things you could think about (please ignore if you have already done this):
1. Enable the Account Lockout and Account Lockout Threshold in your local
security policy. I have mine set fairly loose at 10 invalid logon attempts
and locked out for 30mins - I reason that if anyone types their password in
wrongly over 10 times they deserve to have to wait half an hour to try again!
But it does stop password crackers etc from being able to hammer your server
for hundreds of attempts a minute.
2. Enable Password Complexity in the local security policy
Cheers
IWSEC
www.iwsec.co.uk
"MCSEGURU" wrote:
> Great Tips.
>
> Most have been implemented. I do leave it open, mostly for my own access
> convenience while traveling (althougth VPN would be safer, other peoples
> Firewalls can make this a challenge at times). FTP root-dir has no write
> access at all. Only one "hidden" vir-dir has write access, and it's limited
> to only one account. Anonymous access has been disallowed, although I've
> thought of creating an anonymouse Vir-Dir with read-only access for a honey
> pot. However, I am unsure if the anonymous would be able to traverse parent
> paths, and elevate ones self. That much "hacking" knowledge I'm afraid I
> don't have.
>
> Thanks.
>
>
>
> "IWSEC" <IWSEC@discussions.microsoft.com> wrote in message
> news:890E49E5-0540-4205-A785-7C2A687A17D4@microsoft.com...
> > Hi,
> > Here's some suggestions:
> >
> > 1. Edit the local security policy and only allow the specific accounts (or
> > groups) that need to be able to access the server over a network.
> > 2. Once you have renamed your admin account, create another account called
> > Administrator and give it no rights or permissions. That way a hacker
> > wastes
> > his time trying to break what he thinks will give him admin permissions.
> > Hopefully you will see this traffic in the logs and could block his IP
> > address.
> > 3. Do you need FTP to be available to anywhere or is there only specific
> > fixes IP addresses that will access it? If so tie down the firewall to
> > only
> > allow FTP to those specific addresses.
> > 4. Make sure your FTP root is configured for specific accounts only and no
> > anonymous logons are allowed.
> >
> > Hope that helps!
> >
> > Cheers IWSEC
> > www.iwsec.co.uk
> >www.iwsec.co.uk/frontpage
>>
> > "MCSEGURU" wrote:
> >
> >> An unknown user used a program to try to script through about 8 different
> >> usernames, and like 300 passwords each in attempts to hack my FTP Server
> >> on
> >> my SBS 2003 Premium Server. Dilema, I hadn't ever created a "just in
> >> case"
> >> backup admin account. I try to never use admin privledges on the server,
> >> and with the negative implications of following the recommendations to
> >> rename Administrator, I have hesitated to do so, however after 300 failed
> >> login attempts, the Administrator account was locked out. Now I've
> >> recovered my access to my system, but I have some "obscurity" goals I'd
> >> like
> >> to try.
> >>
> >> I have found the following and implemented it:
> >>
http://support.microsoft.com/default.aspx?scid=kb;en-us;826270
> >>
> >> Now I would like my FTP SVC to at the least broadcast external.domain.com
> >> rather than server.domain.local on the "Connected to:" line. Any other
> >> recommendation on securing my "Read Only" FTP server would be greatly
> >> appreciated.
> >>
> >> Thanks,
> >>
> >>
> >>
>
>
>