Re: Securing against an internet based intrusion
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 24 Feb 2006 21:20:31 -0600
"Ari" <nomail@xxxxxxxx> wrote in message
That is the job of a firewall to prevent a user from the internet from
trying to access your computer via a server service such as file and print
sharing or Remote Desktop. Most users do not have a need to offer such to
internet users and you can go to a self scan site like
http://scan.sygatetech.com/ to if there are any ports open to your network
that could expose a vulnerability. If you do have a need to provide access
to legitimate users from the internet then it is best to use a device like
an ipsec endpoint firewall or a VPN server that allows l2tp connections
as that would prevent a malicious user from trying to guess passwords
his "computer" could not authenticate to your VPN. L2tp/ipsec requires
certificate or pre shared key for computer authentication.
I don't know about VPN, but it sounds interesting. I did comment about
our current security in reply to Lanwench's post.
The scans at sygatetech came back negative, even without the software
firewall engaged, so I guess that hardware firewall in our DSL modem
is doing a fairly good job. The only scan I couldn't do was the ICMP
scan, which the website said isn't enabled at this time.
That is a huge plus if you have a firewall at the modem also. You need a
endpoint ipsec device or Windows Server to use VPN with ipsec. XP Pro can
take a single inbound connection as a pptp VPN server.
All that aside the operating system would record failed logon attempts and
assuming auditing of logon/account logon events was enabled in security
policy you would see the failed logon attempts recorded.
OK, I had no idea XP would log failed attempts, I'd like to know more
about this. Sounds like something many users should know about::>
I believe it is enabled by default. You can use Event Viewer to see the
security logs. You can use Local Security Policy [secpol.msc] in XP Pro only
to manage auditing under local policies/audit policy. The links below may be
helpful explaining in more detail.
http://support.microsoft.com/default.aspx?scid=kb;en-us;300549 --- works
same in XP Pro.
http://support.microsoft.com/default.aspx?scid=KB;en-us;q300958 --- ditto.
If account lockout
was enabled then the legitimate account could be locked out which can lead
to a denial of service as you mention.
OK, when you say 'IF', does that mean that it is an option to enable a
lockout if too many guesses are logged? I'd be willing to allow this
on my system as it appears that are many ways around the log in IF one
has physical access to the hardware. Does 'IF' mean I can enable a
lock out or is this option not available at all?
Yes you can use Local Security Policy in XP Pro or the net accounts command
in XP Pro and XP Home as explained in the link below. FYI if an
attacker has physical access to your computer password lockout will not
protect you as the user can resort to several methods to access your non
encrypted data including borrowing your hard drive which you may never even
know about. If that is a concern you need to physically secure your
computer to some degree which may be at minimum a sturdy computer case that
has locks the case and access to the drives/power switch and configure
cmos to boot only from system drive and password protect cmos settings.
If you enforce strong and complex
password it is extremely unlikely that the attacker would gain access and
would probably quit after a short period of time. It is much slower and
difficult to try and crack passwords over the network that if a user has
direct physical access to the computer itself. In high security
environments implementation of ipsec [requiring computer authentication]
and/or something like smartcards and requiring their use can mitigate old
fashioned password attacks. Again a properly configured firewall ideally
the perimeter of the network is your best defense from such attacks ever
reaching your computer in the first place. The link below may be of
interest. --- Steve
My passwords are proper and strong. I'll look over the link above
later tonight when the house is quieter.
- Prev by Date: Re: Is there a direct link to SP2 patch files?
- Next by Date: Re: Is there a direct link to SP2 patch files?
- Previous by thread: Re: Securing against an internet based intrusion
- Next by thread: Re: Securing against an internet based intrusion