General discussion

Locked

Hacking ?

By maddiuex ·
Hi,
Need an answer, Have a very delicate customer, and I need to know if they are hackable. I have installed a dlink DFl300 firewall, With a Cisco 2600. The server is an exchange 5.5 with all updates and patches. Also Norton corp running, I have shut down all web services. Is this enough????

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by jschein In reply to Hacking ?

What's their i.p. address and I'll let you know...

tsk tsk, just kidding.

The only way to ensure they are not hackable is to:

1. have the latest sp's for the OS.
2. latest firmware on router
3. Most restrictive settings on the router needed for business to run
4. log auditing on the router to ensure the admin can monitor log files for malicious behavior.
5. Ensure Anti-Virus updates definitions at least 3 times a day (new def's come out randomly and a server needs to be always up - to - date)


It sounds good so far, but you are never "not hackable". Only thing to do now is to sit back and watch logs / traffic. Most hackers get info into the system, either by an inside job, friend, or sending a worm of sorts through the mail system.

I hope this helps you, but once again, no system is unhackable. New security protocols, updates, and firewall rules are what keeps them out. Follow all of these rules and you should be good to go.

Good luck.

Collapse -

by maddiuex In reply to

Poster rated this answer.

Collapse -

by sgt_shultz In reply to Hacking ?

we need a due diligence list don't we. check out www.cert.org for help along those lines. ditto to previous answer and sounds like you are not doing too bad. remember: no security without physical security. you will vomit learning how easy it is to crack everything if can get hands on server (or router). maybe consider how things might easily change in future if unauthorised software gets installed or new worm types emerge, pissed off admin leaves etc etc so you can warn customer: if not maintained not secured. lots of security tools out there you can use to try to hack into your own public servers. have you considered a DMZ for your public mail server...good work shutting down web services, how about other unneeded services...dcom springs to mind (smile). do you have pcanywhere, remote commander, such installed on the server (!!), anywhere on network? the only thing i would add is to harden your os a little further than the security patches by shutting down exploitable services your are not using and other measures. check out the hardening your os section on www.cert.org and try to hack into yourself. it just a spectacular opportunity...
last defense are your backups make em robust and go as far back historically as you can....after you get this all set and you are sitting back letting your intrusion detection software scan the logs for you, figure out how you are gonna stay current on the latest security threat, get all the workstations up to snuff on the critical updates and hardening etc etc and start to work on your network policy manual. start to educate users about social engineering basics and the value of strong and regularly changed passwords, of leaving their machines logged out etc etc dangers of kazaa etc. like the guy says if someone wants you you are gonna get it. best thing is to keep head down and remove big holes...which you are doing...

Collapse -

by maddiuex In reply to

Poster rated this answer.

Collapse -

by Curacao_Dejavu In reply to Hacking ?

nothing to add to those answers, but ...
remember that you can hacked from the inside too.
like answer # 1 said , keep updated with the os and exchange patches.
go to sans.org to check out the guides on how to secure servers.
And when is all said and done, check the logs of the firewall, and install a packetsniffer on your lan and monitor also whats happening from the inside before you get burned from the inside before knowing what happened.
I know about the MS proxy 2 and isa server that you can run exchange server complety behind the firewall, (not dmz) that would be more secure still.


Leopold

Collapse -

by Curacao_Dejavu In reply to

just remembered:
on your internet mail connector, on the routing tab, specify you may use the server for relaying, else people will use your exchange server as a relay server for spam.
also check out www.exchangefaq.com

Leopold

Collapse -

by maddiuex In reply to

Poster rated this answer.

Collapse -

by maddiuex In reply to Hacking ?

This question was closed by the author

Back to Desktop Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums