Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Looking to harden a windows server:

Status
Not open for further replies.

klepty

IS-IT--Management
Apr 25, 2007
5
US
This Windows 2000 server has been hacked twice. Recently someone got in and put a few hard to remove trojans on the system as well as creating their own login. I want to find some software or configuration that will block an ip after 3-4 unsuccessful remote logins and ftp logins.

Any ideas? For Windows 2000 and 2003
 
If no one needs to gain access remotely, the simpliest method is to just turn off the internet by changing the gateway value. When you have to download updates or something else, just switch it back momentarily. I use this at several sites and it totally eliminates and possibility of anybody getting in.
If you need it turned on in order for some authorized users to log in remotely, then it is a matter of ensuring that your firewall is adequate and properly configured.
If more than 1 person has remote access, the possibility exists that the source is 1 of these individuals.
Is remote access allowed? Are ports open on the firewall?
 
Also bare in mind besides implementing a good firewall, if you leave your server in its default configuration, you are asking for trouble. There are many free resource available for confinguring security on your server (just google Hardening Windows Server security)
Since it sounds like this server is used with IIS (since you have FTP logons) I would recommend moving your website to Windows 2003/IIS6 or use a secure FTP server
 
Setup your Windows Account policy so that you require COMPLEX passwords 16 characters or more AND auto-lockout the account for a period after 3 or 4 failed logins.
 
The most useful step would be to firewall the server, blocking ports and services not essential. ie: if they're getting in through IIS, remote it, Terminal Services, etc.

Portscan your server from an outside host and see what you come up with; you may be surprised.

I see password hardening mentioned in this thread; that's a good idea; but an even strong solution would be to deploy a security template with 'stronger' settings. There's some default ones on Windows 2003, as well as 2000 - hisec* could help you. I googled and found the following site with a tad more info -


Good luck!

- John C. Young
jcy@nevermind.org
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top