Re: Securing against an internet based intrusion
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 24 Feb 2006 18:44:58 -0600
That is the job of a firewall to prevent a user from the internet from
trying to access your computer via a server service such as file and print
sharing or Remote Desktop. Most users do not have a need to offer such to
internet users and you can go to a self scan site like
http://scan.sygatetech.com/ to if there are any ports open to your network
that could expose a vulnerability. If you do have a need to provide access
to legitimate users from the internet then it is best to use a device like
an ipsec endpoint firewall or a VPN server that allows l2tp connections only
as that would prevent a malicious user from trying to guess passwords since
his "computer" could not authenticate to your VPN. L2tp/ipsec requires
certificate or pre shared key for computer authentication.
All that aside the operating system would record failed logon attempts and
assuming auditing of logon/account logon events was enabled in security
policy you would see the failed logon attempts recorded. If account lockout
was enabled then the legitimate account could be locked out which can lead
to a denial of service as you mention. If you enforce strong and complex
password it is extremely unlikely that the attacker would gain access and
would probably quit after a short period of time. It is much slower and more
difficult to try and crack passwords over the network that if a user has
direct physical access to the computer itself. In high security
environments implementation of ipsec [requiring computer authentication]
and/or something like smartcards and requiring their use can mitigate old
fashioned password attacks. Again a properly configured firewall ideally at
the perimeter of the network is your best defense from such attacks ever
reaching your computer in the first place. The link below may be of
interest. --- Steve
http://www.microsoft.com/technet/security/topics/auditingandmonitoring/securitymonitoring/default.mspx
"Ari" <nomail@xxxxxxxx> wrote in message
news:rb2vv1h7emejrmtqi36g4as3c74bb7mkdl@xxxxxxxxxx
I like to run a tight ship and have taken some security measures to
help keep my system more secure. One topic I've never seen discussed
before is what measures the OS takes if it detects multiple guesses of
the administrators password via the internet-which is likely an
attempt to gain unauthorized access.
I have renamed the administrators account to an unusual name, so
(presumably) an intruder has to somehow figure out the account name
that has administrative privileges. But, let's say this has been done,
and the intruder begins guessing passwords, hoping I was stupid enough
to use a blank line or an easy to guess password (such as
'administrator'::>).
What is to stop the intruder from running all the possible
combinations of passwords until the system unlocks for him (or her).
Clearly, such an attack should (at the very minimum) alert the
keyboard operator and should slow down acceptance of guesses to give
the kb operator more time to respond. But, stopping the computer from
operating if this is detected amounts to an easy means of launching a
denial of service attack....so, clearly shutting down the computer is
not an option.
Just exactly what does XP do when it detects multiple wrong guesses of
the administrators password? Is this issue someting I don't need to
worry about (because XP has it covered), or does XP sit there and
watch it happen?
Thanks,
Ari
.
- Follow-Ups:
- References:
- Prev by Date: Re: Shared folder security tab...Windows 2003 server
- Next by Date: Re: What is Logon Process Name:DCOMSCM
- Previous by thread: Re: Securing against an internet based intrusion
- Next by thread: Re: Securing against an internet based intrusion
- Index(es):
Relevant Pages
|
|
