Re: Firewall and Security

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Dave Nickason [SBS MVP] (gwdibble_at_NOSPAM.frontiernet.net)
Date: 04/06/04 

Date: Tue, 6 Apr 2004 10:53:44 -0400

Why do you think unauthorized users are accessing your network? Do you
allow inbound access at all? I would immediately up your security logging
to see what's going on with server access. I audit account logon failure
and regular logon failure, account management success and failure, and
policy change success and failure. It is recommended to audit account logon
and regular logon success as well, and this would be good advice in your
case (in case someone is getting in by accessing a valid account). Also,
you should implement account lockout and complex passwords immediately. If
you find that someone is in fact accessing your network, you can shut down
inbound access at the Linksys as a temporary first step.

This topic lends itself to a wide variety of opinions. Mine would be to use
ISA and 2 NICS. If you have Premium, you're all set. If not, I'd upgrade.
My reason for thinking this is that IMO that's the most standard, most
supported configuration. You can get great ISA support in this group, at
www.isaserver.org, and in the MS ISA groups.

"Kevin Gal" <anonymous@discussions.microsoft.com> wrote in message
news:18a8701c41b9c$1aa62240$a501280a@phx.gbl...
>I believe that my server SBS2003 is getting logged on to
> unknown users. I am using a Lynksys Router with the
> firewall enabled, with all the right ports forwarded. I
> only have one NIC card on the server, I really don't
> think that I am safe. Should I install another NIC can
> and then reconfigure the Email and INternet connection or
> would I be better off going to a software Fire Wall and
> if So which one.
>
> Also is there a way to restrict access to only certain IP
> address or MAC addresses?