Another security question/issue.
- From: sbsstarter <sbsstarter@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 25 Mar 2008 17:46:01 -0700
Ok; I get daily hits to the disabled admin account. Event log tells me they
are denied access. First, I was told the reason the attempts are higher than
my lockout policy is because policies don't apply to admin account - correct?
How can I find out who is making these attempts and how I can deny that
individual access? The most annoying instance happens very close to the same
time every morning at about 4:00 a.m. The logs don't give an address of the
user trying the attempted logins. What are my options?
Second, if the account is obviously disabled, why would a hacker keep
attempting to access it? It's not going to work...right?
Third, I've been noticing fail authentication attempts with the user name
MDaemon. Is that an actual service that I need to deal with, or is it an
attempt at unauthorized access?
Finally....if I've closed all ports except 25 TO the SBS box from my
external firewall appliance, why am I still seeing failed authentication
attempts on a daily basis? Is it possible to attempt a login through port 25
which is designated for exchange?
.
- Follow-Ups:
- Re: Another security question/issue.
- From: kj [SBS MVP]
- Re: Another security question/issue.
- Prev by Date: Re: As Admin, I can't view my users Roaming Profiles. What add'l security do I need to add?
- Next by Date: Re: SBS 2003 and Outlook rpc over http issue
- Previous by thread: Free disk space on SBS 2003 C-drive
- Next by thread: Re: Another security question/issue.
- Index(es):
Relevant Pages
|
Loading
