Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Journey to Secure a Windows 2000 Server

Status
Not open for further replies.
Michael42

Michael42

Programmer
Oct 8, 2001
1,454
US
Hello,

I am having a heck of a time staying ahead of hackers on a Win 2k Web server. I have renamed my root, guest and IIS accounts but I can see from my logs that hackers have found the account names.

1. How can I conceal User Account names from hackers?
2. Concerning what I have done below, is there anything other than using LINUX that I have missed?

Other things I have done:
1. Installed latest Service Pack and updates (and stay on top of this).
2. Installed Firewall Software.
3. Install Virus and Spyware detection software.
4. Disabled all unrequired Services and Accounts.
5. Locked down Security Policies on accounts.
6. Removed common 2000 shares ($name etc.).

Thanks for your advice,

Michael42



 
Sort by date Sort by votes
If you have done all that PROPERLY, there should not be any hackers getting in.
If they still do, pull out the internet and start fixing it ASAP!

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
How Do I Get Great Answers To my Tek-Tips Questions? See faq222-2244
 
Upvote 0 Downvote
Oh and if you have the budget i would recommend a hardware firewall, even a budget one should provide better security than a software firewall.
 
Upvote 0 Downvote
I agree with bofhrevenge2, get a seperate firewall. An old PC and smoothwall which cost nothing should be enough.

On a second point make sure that what ever option you go for configure your firewall properly. For your web server, know what ports you require and disallow all others. e.g connections in on a basic web server should be port 80 (maybe 81, 8080 and 8081). If you are using https 443. FTP 21. You should also restrict what connections your web server makes out.

Run IIS lockdown and lock down as much as possible. This is fairly easy if you are only using static html pages. If you are using asp pages make sure you select the relevant options.

When renaming user accounts use "invisible" characters, see ASCII charts, use ALT + 3 numbers. Also passwords should be at least 15 characters and use "invisible characters". Remove discriptions from accounts. Create a dummy Administrator account with proper description, remove from all groups, disable and set a very long password. May slow down some hackers.


If you know Linux then definitely use it. Will require hardening as well.

Best of luck.

 
Upvote 0 Downvote
Linux is all well and good but is not actually more secure than Windows.

Either one is open to the world unless configured properly.

I agree with the above - hardware firewall and proper locking down of ports should make you safe. It works for millions of other people.

<signature for rent>
 
Upvote 0 Downvote
Are you saying that your server was hacked, then you were patching the holes trying to get them out and they keep getting back in? Typically when something like that happens, you'll want to pull the server out of production, archive any data that you need (web sites, etc) and then wipe the server and rerun from scratch. Once your box has been exploited, you'll never be 100% sure that you don't have some backdoor on the system after it has been cleaned.
 
Upvote 0 Downvote
Hey All,

Thanks for the suggestions they are very useful.

I think I have to agree that I was hacked and yet another reload is in order.

As many of you I'd like to keep my investment in Windows as I am getting good at knowing where hackers tend to put things etc. (thanks to all of you). I am not at this point yet with LINUX. If I was being hacked with LINUX I may not detect it...scary.

-Michael42


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
250
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
283
suncit
suncit
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
200
MaioMaio
MaioMaio
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
213
antonio_dsanchez
antonio_dsanchez
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
259
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top