Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Looking to harden a windows server:

Status
Not open for further replies.
klepty

klepty

IS-IT--Management
Apr 25, 2007
5
US
This Windows 2000 server has been hacked twice. Recently someone got in and put a few hard to remove trojans on the system as well as creating their own login. I want to find some software or configuration that will block an ip after 3-4 unsuccessful remote logins and ftp logins.

Any ideas? For Windows 2000 and 2003
 
Sort by date Sort by votes
If no one needs to gain access remotely, the simpliest method is to just turn off the internet by changing the gateway value. When you have to download updates or something else, just switch it back momentarily. I use this at several sites and it totally eliminates and possibility of anybody getting in.
If you need it turned on in order for some authorized users to log in remotely, then it is a matter of ensuring that your firewall is adequate and properly configured.
If more than 1 person has remote access, the possibility exists that the source is 1 of these individuals.
Is remote access allowed? Are ports open on the firewall?
 
Upvote 0 Downvote
Also bare in mind besides implementing a good firewall, if you leave your server in its default configuration, you are asking for trouble. There are many free resource available for confinguring security on your server (just google Hardening Windows Server security)
Since it sounds like this server is used with IIS (since you have FTP logons) I would recommend moving your website to Windows 2003/IIS6 or use a secure FTP server
 
Upvote 0 Downvote
Setup your Windows Account policy so that you require COMPLEX passwords 16 characters or more AND auto-lockout the account for a period after 3 or 4 failed logins.
 
Upvote 0 Downvote
The most useful step would be to firewall the server, blocking ports and services not essential. ie: if they're getting in through IIS, remote it, Terminal Services, etc.

Portscan your server from an outside host and see what you come up with; you may be surprised.

I see password hardening mentioned in this thread; that's a good idea; but an even strong solution would be to deploy a security template with 'stronger' settings. There's some default ones on Windows 2003, as well as 2000 - hisec* could help you. I googled and found the following site with a tad more info -


Good luck!

- John C. Young
jcy@nevermind.org
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
294
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
350
suncit
suncit
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
238
MaioMaio
MaioMaio
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
244
antonio_dsanchez
antonio_dsanchez
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
308
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top