Watching for RWW breakins
- From: "jjjdavidson" <jjjdavidson@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 19 May 2005 07:55:02 -0700
I'm nervously configuring RWW for our SBS 2003 Standard server (2 NICs &
router). I'm doing everything I can find to protect it, including changing
the Administrator account name, setting really obnoxious passwords, setting
IP address filters in the router, and forwarding a nonstandard port to 443
for HTTPS access.
My question is: How do I tell if I'm unsuccessful? Other discussions here
have emphasized monitoring the security log, but what on earth do I watch
for? On our little network (~10 workstations) the security log gets 25-40K
entries per day; I had to increase the log size to 100Mb to hold a week's
activity. In the last 24 hours, it shows 11,500 event 540 (successful
network logon) including about 100 Administrator logons, many of them in the
middle of the night. Is there a way to filter the security log to sort out
RWW logons? Is there something else I can be monitoring?
(Put me down as one more vote for being able to block Administrator from RWW.)
Thanks a ton.
.
- Prev by Date: Email question
- Next by Date: Re: No internet connection
- Previous by thread: Email question
- Next by thread: Re: Watching for RWW breakins
- Index(es):
Relevant Pages
|
Loading
