PLEASE HELP

[Mali Kirchner]

I hv one XP PRO as a gateway and a Win2K Server as PDC and several XP and
Win2K clients...
Three XPs are configured to be accessed from outside via the gateway...I hv
a fixed IP address and I configured the NIC to the FIXED IP as follows:

Firewall enabled, no NETBios

and yet, today, one user's XP was taken over by a hacker....to my dismay!!!!
He was just there moving the mouse around and stuff...

The user had iMesh on and was accessing some downloads....

Please help figure this one out as well as a way to block an invasion when
one like this occurs !!!

URGENT HELP MUCH APPRECIATED!!!!

Mali Kirchner

 

[Colin Nash [MVP]]

Based on the information you provide, I can only suggest that you should
format the machine and reinstall everything from scratch. That's the best
thing to do if you ever want to be able to trust that machine as being
secure again.

As far as prevention: A better firewall would help, but at the end of the
day the user needs to take responsibility for their actions and be more
careful. If they cannot be trusted to do this, the administrator needs to
enforce a security policy. If your gateway firewall is allowing these
machines to be accessed from the outside, then make sure you are putting
them in a proper DMZ-- that means separate them from the rest of your
network and never trust those XP machines as much as the ones on your
internal network. Read some books on firewall configuration if that is new
to you, since its a big topic.

 

[Lanwench [MVP - Exchange]]

To add to Colin's reply - I'd get a decent router/firewall instead of using
ICS. Also don't grant any users local admin rights on their computers. In
the firewall block all outbound ports (as well as unneeded inbound ports)
except those needed - port 80, 443, etc. Make it a corporate policy that no
software is to be installed by users, ever (some may be installable even
without local admin rights).

 

[Rick]

Shoot the user!

then follow the above advice. But shoot the user first!

Rick

 

[Mali Kirchner]

Thanks to all for their opinions !!!
The user can be educated (he's the boss!) and it's his best intertest
staying away from things like iMesh...
and while on the subject, I ran into a software (kaazalite ++ kpp) that
apparently keeps "holes" closed...has anyone seen/tried/verified if this is
true?

Again, many thanks for the help...what a group!!!!
Mali Kirchner

 

[Lanwench [MVP - Exchange]]

You're welcome - best of luck. I don't let *any* peer to peer file/music
sharing software on any of the networks I support.