Intrusions

[Rey]

Hi,

I have a box running windows 2000. We use this box as a proxy server
in our DMZ, so it does not have much security.
I have two accounts in it and there are people trying to break into it
using this accounts. Did I do something wrong when creating these
accounts? Is there anything I can do so people are not able to see
these accounts and use them? I have the security settings to lock the
accounts after 5 attempts to log into this machine, and to tell you
the truth, it is kind of difficult to keep unlocking this accounts.
Another thing is, when I looked at the event viewer there is an
ANONYMOUS logon by domain NT AUTORITY. Does this have anything to do
with what I mentioned above? Do I have to change the restrictions for
anonymous connections?

Thanks.

Rey

 

[Jeff Cochran]

I have a box running windows 2000. We use this box as a proxy server
in our DMZ, so it does not have much security.

It should still have security. Even more in fact.

I have two accounts in it and there are people trying to break into it
using this accounts. Did I do something wrong when creating these
accounts? Is there anything I can do so people are not able to see
these accounts and use them? I have the security settings to lock the
accounts after 5 attempts to log into this machine, and to tell you
the truth, it is kind of difficult to keep unlocking this accounts.
Another thing is, when I looked at the event viewer there is an
ANONYMOUS logon by domain NT AUTORITY. Does this have anything to do
with what I mentioned above? Do I have to change the restrictions for
anonymous connections?

First, block all access to the DMZ in your firewall. Then open only
the access you need. That should not include NetBIOS ports if at all
possible, and if you must, from LAN to DMZ only.

Beyond that, it's basic security:

http://securityadmin.info/
http://www.microsoft.com/security/

Jeff