Re: RWW Security was compromised.
From: Alan Billharz [MSFT] (alanbill_at_online.microsoft.com)
Date: 01/25/05
- Next message: Eric: "Re: Sending out mass email, please help!"
- Previous message: Merv Porter [SBS-MVP]: "Re: RWW Security was compromised."
- In reply to: Marina Roos [SBS-MVP]: "Re: RWW Security was compromised."
- Next in thread: Bryce: "Re: RWW Security was compromised."
- Reply: Bryce: "Re: RWW Security was compromised."
- Reply: Joe: "Re: RWW Security was compromised."
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 24 Jan 2005 17:37:02 -0800
Larry,
By default, we do apply an account lockout and logon failure audit policy by
default in SBS 2003. However, administrator accounts cannot be locked out by
it, because if the administrator account could be locked out, it would be
pretty easy for someone to launch a denial of service attack against your
network by simply logging in to that well-known account with a bunch of bogus
passwords.
If your administrator account is still named "administrator," then your
network is only as secure as your administrator account's password. And if
you're not using strong passwords, then your network could be easily
compromised. And this applies to any Internet-facing authentication
interface: not just RWW, but any authenticated web site hosted on your server
(e.g. OWA, SharePoint), VPN, or even a Remote Desktop connection to your
server.
The bottom line: follow the SBS security best practices listed on the To Do
List, including renaming the administrator account to a lesser-known name,
and requiring strong passwords for all of your users. Remain vigilant by
examining your server's performance reports regularly for high numbers of
failed logons and other strange activity. This will help to keep your
network protected from attackers and alert you to potential attempts to
compromise your network's security.
-Alan
"Marina Roos [SBS-MVP]" wrote:
> Hi Larry,
>
> Remove the admin account from the RWW group or use a really really strong
> password, something like a passphrase with at least 14 characters. The admin
> account never gets locked out when trying to log in like it does with common
> users.
>
> --
> Regards,
>
> Marina
> Microsoft SBS-MVP
> One of the Magical M&M's
>
> "Larry K" <tech@pcmavericks.com> schreef in bericht
> news:%23XduJhmAFHA.2568@TK2MSFTNGP11.phx.gbl...
> > One of our clients RWW was compromised over the weekend. Apparently
> they(the
> > hack) setup a script to crack the password on the username: adminitrator
> and
> > password. How do I know? I don't. What I do know is that there were around
> > 580 attempts to login as administrator via RWW and one worked! So the
> > password wasn't so good. It had 7 characters and numbers uppercase and
> > lower. They accessed an application server and logged into 4 other
> accounts.
> > I'm at a loss with this one. RWW doesn't lock anyone out after failed
> > attempts. Is there a way to lock down RWW?
> >
> > Larry K
> >
> >
>
>
>
- Next message: Eric: "Re: Sending out mass email, please help!"
- Previous message: Merv Porter [SBS-MVP]: "Re: RWW Security was compromised."
- In reply to: Marina Roos [SBS-MVP]: "Re: RWW Security was compromised."
- Next in thread: Bryce: "Re: RWW Security was compromised."
- Reply: Bryce: "Re: RWW Security was compromised."
- Reply: Joe: "Re: RWW Security was compromised."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
