Re: How do you secure a server running win2k-server?
From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 11/29/02
- Next message: Boy: "Re: How to destroy windows 2000 :)"
- Previous message: Karl Levinson [x y] mvp: "Re: Multiple administrator"
- In reply to: Toni Lassila: "Re: How do you secure a server running win2k-server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com> Date: Fri, 29 Nov 2002 10:02:23 -0500
"Toni Lassila" <mpao@mc-europe.com> wrote in message
news:b11796dd.0211282313.466e79b3@posting.google.com...
> Your best defense against DoS attacks is the telephone, i.e. call your
> ISP and let them know what's going on.
>
> > There is a 3Com Office Connect DMZ FireWall behind the ADSL router, but
I'm
> > concearned still and like some advice on what needs to be protected when
> > running a server which is publicly seen on the internet.
>
> If you've set up the correct rules on the 3Com, it should only expose
> SMTP through TCP/25 to external hosts. As such, your only concern are
> Exchange exploits and open relaying. One of the Exchange NGs is a better
> place to inquire about those.
I agree with this post. Additionally, you also want to harden the software
on your computer(s) using patches, correct configuration, third party tools,
etc. Here are some ways:
http://securityadmin.info/faq.htm#harden
I might also recommend being sure you are capturing the logging from the
firewall, using a syslog client like www.kiwisyslog.com if necessary. Also,
free software like www.mynetwatchman.com www.dshield.org is highly
recommended.
In addition to the suggestion above regarding firewall configuration, you
should also consider blocking all outbound ports [as well as inbound] except
for those services you specifically want to allow. Doing this can help you
detect and prevent compromise of your network through trojans and worms.
For example, allowing every computer on your network to send out on TCP port
25 is probably excessive and can allow your computers to spread viruses to
others undetected. Also, outbound ICMP "ping" traffic and other TCP and UDP
ports can be used to remotely control and get data from your internal
computers using a remote administration trojan. One way you can do this is
to check your firewall logs to see what ports are being used outbound, then
block everything but those ports, then research those ports one by one to
determine what they probably are and whether you want to block or permit
them as well.
- Next message: Boy: "Re: How to destroy windows 2000 :)"
- Previous message: Karl Levinson [x y] mvp: "Re: Multiple administrator"
- In reply to: Toni Lassila: "Re: How do you secure a server running win2k-server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
