Re: How do increase security?

---

• From: "Derek" <nospam@xxxxxxxxxxxxxxxx>
• Date: Fri, 16 Jun 2006 22:49:39 +0100

---

Is there a time retriction based on number of attempts per minute?

Can I limit the attempts to 3 per minute, and after 10 unsuccessful attempts
put a 5 minute delay?


"Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
wrote in message news:uoscktXkGHA.3724@xxxxxxxxxxxxxxxxxxxxxxx

Hi Paul,

You can't stop the attempts, you can only do your best to ensure they
aren't successful. Some change the Admininstrator account name, but not
most. Your best defense is *very* strong passwords.

If you have ISA server (or can by some other way) determine that a
specific IP address is responsible (not likely, though), you could block
that IP.

--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
understand." - Confucius


"paul" <paul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:37C64F6E-AC81-47B7-A2EF-AF47404DDA2E@xxxxxxxxxxxxxxxx

When I get my performance email, about once a week I get this:

Source Event ID Last Occurrence Total Occurrences
Security 529 6/16/2006 3:22 AM 1,936 *
Logon Failure:
Reason: Unknown user name or bad password
User Name: Administrator
Domain: redrocket
Logon Type: 8
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SERVER
Caller User Name: SERVER$
Caller Domain: redrocket
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1964
Transited Services: -
Source Network Address: -
Source Port: -
Someones trying to hack the administrator account, how can I put a stop
to
this ?

.

---

• Follow-Ups:
  • Re: How do increase security?
    • From: Les Connor [SBS Community Member - SBS MVP]

• References:
  • Re: How do increase security?
    • From: Les Connor [SBS Community Member - SBS MVP]

• Prev by Date: Re: Gateway address keeps changing while on remote desktop
• Next by Date: Re: Must have missed this one--
• Previous by thread: Re: How do increase security?
• Next by thread: Re: How do increase security?
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Problems with 529 Events ... attempting to logon on some services on the SBS server. ... and then click Account Lockout Policy. ... (microsoft.public.windows.server.sbs) Re: ISA SERVER NOT STARTING ... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ... (microsoft.public.windows.server.sbs) Re: Event ID 529 ... First is a hardware firewall that sits on the perimeter of your network and requires that your users give user names and passwords, different from those for the network. ... Sometimes the Logon Type is different, also the User Name can be ... Computer: <SERVER NAME> ... Caller User Name: $ ... (microsoft.public.windows.server.sbs) RE: Logon Issue - could someone explain please ... I understand that you get security event 540 ... When a user connects to the shared folder on the SBS server, ... logon auditing, ... (microsoft.public.windows.server.sbs) Re: Another security question/issue. ... Time to audit your server and workstations with AV, Malware, and installed ... Logon Process: Advapi ... Caller User Name: servername$ ... Source Port: - ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2006-06