RE: security logon failures
- From: paploo77 <paploo77@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 15 Feb 2007 02:03:28 -0800
that is great-thanks
--
Paploo77
""Jacky Luo [MSFT]"" wrote:
Hi Paploo77,.
Thanks for posting back.
According to the security event content, I suspect that this could be a
possible attack. In the event logs, the Logon type 3 is interpreted to
Network Windows logs logon. This is a most common type that will be
generated when you access a computer from elsewhere on the network by
shared folders, printer, or IIS.
So, the most possible cause could be someone was trying to logon your SBS
server through IIS resource, such as OWA and RWW with different username
and password combinations, but failed. Also known from the event content,
the user name which the "bad guy" used to log to your server is
"webmaster". I think this user does not exist on your network. So, this
could also be some bad robots on the internet and try different server
logon with dictionary attack.
Regarding this situation, I would like to give the following suggestions:
1. Please enforce the strong password policy and make sure passwords are
well managed throughout your network.
2. Make sure the SBS websites are all SSL enabled (this is by default
settings), such as OWA and RWW. Clear text password should be encrypted by
SSL communication for safety.
3. More information:
Securing Your Windows Small Business Server 2003 Network
http://download.microsoft.com/download/1/f/1/1f15a874-f696-4992-b5ad-b1e7b25
8de1c/SecuringSBSnetwork.doc
I appreciate your time. I am happy to be of assistance and look forward to
your reply.
Best regards,
Jacky Luo (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
====================================================
PLEASE NOTE: The partner managed newsgroups are provided to
assist with break/fix issues and simple how to questions.
We also love to hear your product feedback! Let us know what you think by
posting
from the web interface: Partner Feedback
from your newsreader: microsoft.private.directaccess.partnerfeedback.
We look forward to hearing from you!
====================================================
When responding to posts, please "Reply to Group" via your newsreader
so that others may learn and benefit from this issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Follow-Ups:
- RE: security logon failures
- From: "Jacky Luo [MSFT]"
- RE: security logon failures
- References:
- RE: security logon failures
- From: "Jacky Luo [MSFT]"
- RE: security logon failures
- From: paploo77
- RE: security logon failures
- From: "Jacky Luo [MSFT]"
- RE: security logon failures
- From: paploo77
- RE: security logon failures
- From: "Jacky Luo [MSFT]"
- RE: security logon failures
- From: paploo77
- RE: security logon failures
- From: "Jacky Luo [MSFT]"
- RE: security logon failures
- Prev by Date: Re: Windows Update
- Next by Date: RE: Exchange intergration with sharepoint services
- Previous by thread: RE: security logon failures
- Next by thread: RE: security logon failures
- Index(es):
Relevant Pages
|
Loading
