Re: Firewall and Security

From: Kevin Gal (anonymous_at_discussions.microsoft.com)
Date: 04/06/04 

Date: Tue, 6 Apr 2004 09:05:02 -0700

How do I change the lock out defaults etc and how do I
check to make sure the Logons are audited?
>-----Original Message-----
>Why do you think unauthorized users are accessing your
network? Do you
>allow inbound access at all? I would immediately up
your security logging
>to see what's going on with server access. I audit
account logon failure
>and regular logon failure, account management success
and failure, and
>policy change success and failure. It is recommended to
audit account logon
>and regular logon success as well, and this would be
good advice in your
>case (in case someone is getting in by accessing a valid
account). Also,
>you should implement account lockout and complex
passwords immediately. If
>you find that someone is in fact accessing your network,
you can shut down
>inbound access at the Linksys as a temporary first step.
>
>This topic lends itself to a wide variety of opinions.
Mine would be to use
>ISA and 2 NICS. If you have Premium, you're all set.
If not, I'd upgrade.
>My reason for thinking this is that IMO that's the most
standard, most
>supported configuration. You can get great ISA support
in this group, at
>www.isaserver.org, and in the MS ISA groups.
>
>"Kevin Gal" <anonymous@discussions.microsoft.com> wrote
in message
>news:18a8701c41b9c$1aa62240$a501280a@phx.gbl...
>>I believe that my server SBS2003 is getting logged on to
>> unknown users. I am using a Lynksys Router with the
>> firewall enabled, with all the right ports forwarded. I
>> only have one NIC card on the server, I really don't
>> think that I am safe. Should I install another NIC can
>> and then reconfigure the Email and INternet connection
or
>> would I be better off going to a software Fire Wall and
>> if So which one.
>>
>> Also is there a way to restrict access to only certain
IP
>> address or MAC addresses?
>
>
>.
>

Relevant Pages