Re: Firewall and Security
From: Dave Nickason [SBS MVP] (gwdibble_at_NOSPAM.frontiernet.net)
Date: 04/06/04
- Next message: Dave Nickason [SBS MVP]: "Re: Firewall and Security"
- Previous message: Eugene Tan: "Re: general security question"
- In reply to: Kevin Gal: "Re: Firewall and Security"
- Next in thread: Dave Nickason [SBS MVP]: "Re: Firewall and Security"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 6 Apr 2004 12:49:08 -0400
Here's a great MS whitepaper about this topic - very long, but well worth
reading.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx
You set up lockout and auditing policies in the Domain Security Policy and
the Domain Controller Security Policy (on the server under Administrative
Tools). Make sure you set it both places. Obviously, the first applies to
all but DCs, and the second applies to only DCs. You can have the same or
different policies for each.
"Kevin Gal" <anonymous@discussions.microsoft.com> wrote in message
news:1907801c41bf0$eb16fdb0$a401280a@phx.gbl...
> How do I change the lock out defaults etc and how do I
> check to make sure the Logons are audited?
>>-----Original Message-----
>>Why do you think unauthorized users are accessing your
> network? Do you
>>allow inbound access at all? I would immediately up
> your security logging
>>to see what's going on with server access. I audit
> account logon failure
>>and regular logon failure, account management success
> and failure, and
>>policy change success and failure. It is recommended to
> audit account logon
>>and regular logon success as well, and this would be
> good advice in your
>>case (in case someone is getting in by accessing a valid
> account). Also,
>>you should implement account lockout and complex
> passwords immediately. If
>>you find that someone is in fact accessing your network,
> you can shut down
>>inbound access at the Linksys as a temporary first step.
>>
>>This topic lends itself to a wide variety of opinions.
> Mine would be to use
>>ISA and 2 NICS. If you have Premium, you're all set.
> If not, I'd upgrade.
>>My reason for thinking this is that IMO that's the most
> standard, most
>>supported configuration. You can get great ISA support
> in this group, at
>>www.isaserver.org, and in the MS ISA groups.
>>
>>"Kevin Gal" <anonymous@discussions.microsoft.com> wrote
> in message
>>news:18a8701c41b9c$1aa62240$a501280a@phx.gbl...
>>>I believe that my server SBS2003 is getting logged on to
>>> unknown users. I am using a Lynksys Router with the
>>> firewall enabled, with all the right ports forwarded. I
>>> only have one NIC card on the server, I really don't
>>> think that I am safe. Should I install another NIC can
>>> and then reconfigure the Email and INternet connection
> or
>>> would I be better off going to a software Fire Wall and
>>> if So which one.
>>>
>>> Also is there a way to restrict access to only certain
> IP
>>> address or MAC addresses?
>>
>>
>>.
>>
- Next message: Dave Nickason [SBS MVP]: "Re: Firewall and Security"
- Previous message: Eugene Tan: "Re: general security question"
- In reply to: Kevin Gal: "Re: Firewall and Security"
- Next in thread: Dave Nickason [SBS MVP]: "Re: Firewall and Security"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
