Intrusions

  • Thread starter Thread starter Rey
  • Start date Start date
R

Rey

Hi,

I have a box running windows 2000. We use this box as a proxy server
in our DMZ, so it does not have much security.
I have two accounts in it and there are people trying to break into it
using this accounts. Did I do something wrong when creating these
accounts? Is there anything I can do so people are not able to see
these accounts and use them? I have the security settings to lock the
accounts after 5 attempts to log into this machine, and to tell you
the truth, it is kind of difficult to keep unlocking this accounts.
Another thing is, when I looked at the event viewer there is an
ANONYMOUS logon by domain NT AUTORITY. Does this have anything to do
with what I mentioned above? Do I have to change the restrictions for
anonymous connections?

Thanks.

Rey
 
I have a box running windows 2000. We use this box as a proxy server
in our DMZ, so it does not have much security.
Click to expand...

It should still have security. Even more in fact.
I have two accounts in it and there are people trying to break into it
using this accounts. Did I do something wrong when creating these
accounts? Is there anything I can do so people are not able to see
these accounts and use them? I have the security settings to lock the
accounts after 5 attempts to log into this machine, and to tell you
the truth, it is kind of difficult to keep unlocking this accounts.
Another thing is, when I looked at the event viewer there is an
ANONYMOUS logon by domain NT AUTORITY. Does this have anything to do
with what I mentioned above? Do I have to change the restrictions for
anonymous connections?
Click to expand...

First, block all access to the DMZ in your firewall. Then open only
the access you need. That should not include NetBIOS ports if at all
possible, and if you must, from LAN to DMZ only.

Beyond that, it's basic security:

http://securityadmin.info/
http://www.microsoft.com/security/

Jeff
 
Back
Top