Re: Can't Install ISA!
- From: Colin <Colin@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 29 Aug 2007 09:36:00 -0700
Hi Richard,
Yes, it's usually the data that is the the valuable bit, not the hardware.
Sounds like you are getting SMTP Auth attacks - there's quite a few of us
getting this lately and as you've got port 25 wide open, there's not a lot
you can do about it except ensure your passwords are strong. A firewall/ISA
isn't going to help in this situation as it would also have port 25 open to
let through your SMTP mail (well, you could use one to block the IP's these
attacks are coming from but you'll find they change quite frequently). You
should still have a firewall in place though to protect against other
attacks. Can't you convince the powers that be that this an essential piece
of equipment ?
Regards Colin.
"the_nextman" wrote:
On Aug 28, 10:30 pm, Colin <Co...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:.
Hi Richard,
Glad to hear that you were referring only to RWW, OWA etc - hosting
external/public websites is not recommended on SBS. I'm a little concerned
you are getting attempted logons as high as 12000 attempts per day - RWW,
like normal domain logon should lockout an account (except the
administrator's which should have a complex pass phrase) after 50 attempts
(by default, although this can be lowered). What I'd recommend is this:
Put a business class hardware firewall in front of your SBS box.
Implement a 2 factor authentication system if you can afford it - there are
several ways to do this - some firewalls will have this feature or you could
go down the road of DeepNet, RSA or RWW Guard etc
If this is out of the question budget wise, then how about locking down
access to the server (via your firewall/router) from your staff's ISP IP
blocks only ?
You can also implement remote access lockout (VPN) so if your staff fail to
enter the correct credentials 'x' number of times, then their account is
locked out for 'x' number of hours. You could also edit the SBS Account
Lockout policy so if staff enter their RWW logon details incorrectly 'x'
number of times, they are locked out for 'x' minutes. It looks as though you
already have a complex password/passphrase policy in place so I won't suggest
you change this (12000 attempts a day and no one getting in - or at least it
looks that way).
How many nodes are on this network and if it went down, what would it cost
you to get it back up, including downtime, lost business etc ? I'm only
asking you this to see how much we can invest in your new security policy :)
Seriously though, you need to get something in place in front of that server
and quick.
Regards Colin.
"the_nextman" wrote:
On 28 Aug, 18:44, Colin <Co...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi Richard,
Are you hosting publicly accessible websites on your SBS Server ?
Regards Colin.
"the_nextman" wrote:
On 28 Aug, 14:48, Colin <Co...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi Richard,
I don't have an answer to the ISA issue but what are the security issues you
recently experienced ? As you intended to use ISA, you presumable have 2
NIC's in your SBS box. Prior to installing ISA did you enable the Windows
Firewall on the server ? Have you also got a firewall in front of your server
?
Regards Colin.
"the_nextman" wrote:
Hi all,
Hope this is the appropriate forum? If the ISA group is more
appropriate please let me know...
Setup is a single Windows 2003 Small Business server with SP2 and R2.
Has been working fine for a long time (all aspects, Exchange,
management functions, etc).
Decided that I needed ISA on there due to some recent security
problems and as it's included I thought "why not?".
When I run the ISA 2004 installer from the premium technologies (R2)
disc, it gets as far as installing the MSDE and then fails with:
Wizard cannot install ISA Server 2004. Please try again. If this
problem persists go tohttp://www.microsoft.com/smallbusinessserver.../sbs/support.
I found this posthttp://www.eggheadcafe.com/aspnet_answers/isaenterprise/Apr2006/post2...
where someone reports the same issue, and tried the resolution. That
is:
Launch the ISA 2004 MSI package manually and install ISA: <cd drive>:
\ISA2004\FPC\MS_FPC_SERVER.MSI
This installs with no problems and prompts me to reboot. I reboot the
server, and then try to run Setup.exe to install the remaining
components, but it gives me the error:
"error opening installation log file varify that the specified log
file location exists and is writable"
When I search for this message, I see a lot of sites listing the
Windows Installer error codes but no real solutions, and I'm quite
lost on how to proceed. There is nothing recorded in Windows event
viewer related to this.
I have tried running Setup.exe both from the installation media, and
also by copying all files to a local disk. Same thing. I'm running as
domain administrator so I don't think it can be a permissions issue.
Does anyone know where the installer is trying to create the log file?
Does anyone have any ideas?
Many thanks in advance for any advice
Richard- Hide quoted text -
- Show quoted text -
Hi Colin
Thanks for the reply.
I don't have an answer to the ISA issue but what are the security
issues you recently experienced ?
- Repeated (like, 12,000 times a day) failed login attempts as someone
(or something) tries usernames/passwords against one or more of our
websites. IIS has no rate-limit on failed login attempts. I'm not sure
ISA does either but I'd just like some more control over what's going.
The other features look nice.
As you intended to use ISA, you presumable have 2 NIC's in your SBS
box.
- Two NICs, yes
Prior to installing ISA did you enable the Windows Firewall on the
server ?
- Firewall was enabled by the Configure Internet Connection in tasks
list - not too sure I understand this actually, as it's not the ICS/
Firewall and it's not the ISA firewall. But it's definately on.
Have you also got a firewall in front of your server ?
- Not currently.
Many thanks, Richard- Hide quoted text -
- Show quoted text -
Hi Colin
We host the SBS website (remote web workplace), outlook web access,
microsoft CRM and a couple of others.
They are all for internal use (not public) however often people are on
the road etc and it would be hard to restrict by IP address I think.
Many thanks, Richard- Hide quoted text -
- Show quoted text -
Hi Colin
Thanks very much for the advice.
We did have a spare SonicWall TZ170 I was planning to install, but
then I fried it by plugging in the wrong power supply :S.
Unfortunately I will not be able to get approval for a new one - hence
why I started looking into ISA.
I did look at locking down access by IP address, however I can not
seem to get it to work correctly. For instance, our LAN is
192.168.2.x. When I set "All computers will be denied access" and
enter the exception Network ID: 192.168.2.0 and Subnet 255.255.255.0,
no-one can access the site. Perhaps I am going about this
incorrectly?
We do have an account lockout policy however I'm not sure if this is
relevant as whoever is trying this seems to be randomly guessing user
names (stuff like "root", "webmaster", etc)?
The problem is that this is cheap hardware, and not really business
critical. Our main business is hosted in a server farm out of a
datacentre. This server is a single box, in our office, that provides
file sharing, print, Exchange, CRM and RWW to about 6 - 8 people
internally, and maybe 3 - 4 externally. We have good backup and if it
was to go down it would not be too bad (the server is a very cheap
Dell that has expanded heroically to fit a number of roles).
However I am concerned about the security of the data held within.
It's just that I will not get a budget for new software or hardware,
so if I can solve this with the built in tools or by changing settings
that would be great.
As a footnote, the attempted logins from earlier in the week have now
tailed off. Although I would like to be sure I am safe if it happens
again.
Many thanks again,
Richard
- References:
- Can't Install ISA!
- From: the_nextman
- RE: Can't Install ISA!
- From: Colin
- Re: Can't Install ISA!
- From: the_nextman
- Re: Can't Install ISA!
- From: Colin
- Re: Can't Install ISA!
- From: the_nextman
- Re: Can't Install ISA!
- From: Colin
- Re: Can't Install ISA!
- From: the_nextman
- Can't Install ISA!
- Prev by Date: Re: Email Duplication
- Next by Date: Moving mirrored volume to new larger disks
- Previous by thread: Re: Can't Install ISA!
- Next by thread: Re: Can't Install ISA!
- Index(es):
Relevant Pages
|
