securing OWA 5.5

[VERSA]

Hi,
What is the best way to protect the signin page from Password cracking using Brute-force. We have our policy setup to lock accounts after 3 logon failures. However, Today I had an unknow IP/host trying to logon and causing one of my accounts to lock-out every 20 seconds.

Any suggestions? Tips? Services provided by Vendors?

Thank you in advance.

 

[1666]

Have you got any logging setup (in IIS) to see the IP of the user trying to get in? Are you using SSL (128 bit)at all? How up to date is your software i.e. service pack, IIS lockdown tool, run the Microsoft security analyzer (download it), where is the OWA on your network? Behind the firewall, infront or in the DMZ zone which is best.....

Let me know....

 

[VERSA]

I do have the IIS Server logging. I already included the IP of the offender host. However I would like to prevent future attacks.
I am not using SSL; even though it is agood idea. How does that really help? That would provide a SSL Tunnel, but the webuser can still do a Brute force attack, wouldn't he?

Running IIS 4.0 with NT.4.0 will all patches and SP applied.

OWA is in my DMZ. I have a firewall in front it. I am also filtering all port, but port 80 in Network Card.

 

[1666]

Is it always the same IP? How do you access the OWA server from the internet, I hope it's not somewhere silly like a link in your company website?

 

[VERSA]

It only happened once. so it is only 1 IP.

There is no link. I wondered if the searched maybe in Google for servers with OWA?