General discussion

  • Creator
    Topic
  • #2135341

    Network security

    Locked

    by leon ·

    I am responsible for lan with one NT server and about 20 clients(win 9x,NT4 & win2k). We are connected to the Internet via dsl behind a flowpoint 2200 router. Daily, I am experiencing at least 4-5 login attempts from sources outside our network. What can I do to prevent this constant intruder attempts?

    Help!

All Comments

  • Author
    Replies
    • #3618509

      Network security

      by key ·

      In reply to Network security

      You are in the passive role. One thing you can do is to enhance your network security and backup all important data regularly. You cannot stop the theif to try to steal your stuff, but you can prevent them from breaking in.
      Good Luck!

      • #3441272

        Network security

        by leon ·

        In reply to Network security

        The question was auto-closed by TechRepublic

    • #3618368

      Network security

      by erikdr ·

      In reply to Network security

      Okay with ‘enhance your network security’. A few tips:
      * A firewall. As the router might not have these options, a separate one will be needed.
      Could be a low-cost PC with Linux, a medium-cost black box solution similar to the router or a medium-cost Windows firewall. The latter might maybe be co-hosted on the NT Server, will depend on how much outbound traffic your clients have.
      * Keep firewall configuration simple. Probably two segments, external and internal, might do – no complete DMZ (DeMilitarisedZone aka perimeter, this would be a 3rd segment).
      * Did you already add NAT to the router or the NT Server? This could be a first step, now even without a firewall the intruders cannot access your internal IP adresses as easy as they cando now.

      At your service,

      – The Netherlands

      • #3441273

        Network security

        by leon ·

        In reply to Network security

        The question was auto-closed by TechRepublic

    • #3618307

      Network security

      by zen37 ·

      In reply to Network security

      Best option, get a firewall. You should not have an Internet connection without a firewall to protect your interests.

      Low cost solution, have your router drop ports tcp/udp 137 to 139. This will prevent people on the outside to even “see” your server, much less connect to it.

      But get a firewall anyways.

      Good luck

      • #3441274

        Network security

        by leon ·

        In reply to Network security

        The question was auto-closed by TechRepublic

    • #3619597

      Network security

      by penguinsrule ·

      In reply to Network security

      Yet another chance to plug OpenVMS – even though it’s been going away for decades there are “No known penetrations”, and ruled “UNHACKABLE” by DEFCON9

      If it works, it works. I’ve been working with VMS since 1984, and I’ve never had a problem with this.

      • #3441275

        Network security

        by leon ·

        In reply to Network security

        The question was auto-closed by TechRepublic

    • #3630186

      Network security

      by charley ·

      In reply to Network security

      Any flavor of UNIX will do the job you need. There are also add-on solutions for Windows to provide Network Address Translation (NAT).

      I would, however, reccommend against using any of the Windows solutions as the NAT software is only as secure as the host environment. As another poster pointed out, some some flavors of UNIX are more secure than others. If, however, we assume that you do not have any services on your internal network which NEED to be visible from the Internet, then all you need to do is shut down ALL ports. This will, generally, provide all the security you need.

      Your NAT server should be wired into your network between your DSL router and your internal network. Assuming you don’t have any internal routing needs, your config might look something like this:

      DSL –>[NAT] –> Office Switch

      In a simple configuration, like this one, you don’t even need a lot of hardware to do the job. I run a fairly high-traffic (Symmetric 768k DSL at ~70% load on average) office with a Pentium 120 w/128MB RAM and a pair of Intel EtherExpress Pro 100+ NICs. FreeBSD runs the show nicely. Given that I already had the hardware and the OS, which includes the NAT server software, is free, net layout was about 4 hours of my time (clean OS install) for a grand total of ~$120. That’s it.

      • #3441276

        Network security

        by leon ·

        In reply to Network security

        The question was auto-closed by TechRepublic

    • #3619927

      Network security

      by bmcgrath ·

      In reply to Network security

      The above security recommendations are certainly valid. Perhaps the most imortant point here is that you are in a passive role. There is nothing to be done to prevent someone scanning or probing your network from outside. The fact you’re aware of itis a good first step.

      1. Be sure you don’t have any unneeded services enabled on your hosts. Disabling ports 137-139 is good advice if you not dependant on NetBios.

      2. Yup! Get a firewall NOW! You may ste strict ingress/egress settings by Source/Destination IP address or packet type.

      3. As was suggested, do not underestimate adequate and appropriate backups of your systems! Too large a percentage of professionals out there don’t even address this issue to an adequate extent. Read up on it; implement it.

      If you on the Net, you’ll be scanned! Period!

      Assess your vulnerbilities thoroughly, and put together a security policy that addresses the threats to those vulbnerabilities, and implement your policy’s procedures.

      You’refighting a moving target, and it’s just going to be a part of daily life. Nuff said!

      • #3441277

        Network security

        by leon ·

        In reply to Network security

        The question was auto-closed by TechRepublic

    • #3619902

      Network security

      by penguinsrule ·

      In reply to Network security

      Another thought for you – Basically there are two ways of looking at security – #1 locking everything down #2 auditing like crazy and then there’s a happy medium. If you don’t have a lot of success locking everything down, then by all means audit everything like crazy and then find out the source of the intruder attempts. Sometimes these attempts is just hardware, but if it’s a person and you do a good job auditing, then you can track down who it is and then involve the proper authorities.

      • #3441278

        Network security

        by leon ·

        In reply to Network security

        The question was auto-closed by TechRepublic

    • #3629980

      Network security

      by dpimlott ·

      In reply to Network security

      If you have any kind of connection to the internet I would recommend some kind of firewall, or at the absolute minimum some kind of packet filter on the gateway to the internet.

      I would recommend that the firewalling machine is on a separate machine.

      I would go for either:
      – an old PC with either OpenBSD / or linux (although I personally use FreeBSD…) which is cheaper but slightly harder to setup and maintain)

      – a hardware based solution from NetScreen (the 5XP sounds about right for your needs) which is more expensive (about 300 British pounds) but is childs play to set up.

      • #3441279

        Network security

        by leon ·

        In reply to Network security

        The question was auto-closed by TechRepublic

    • #3547087

      Network security

      by tobewan ·

      In reply to Network security

      My recommendation is to go with Linux-based firewall and the best option for that is SmoothWall. Check out http://www.smoothwall.org.
      It’s a load’n’go firewall solution. You get easy installation and configuration, web-based admin (no command line needed), includes caching proxy, vpn, dmz interface, dhcp, etc. And the price is right = $0.

      • #3441280

        Network security

        by leon ·

        In reply to Network security

        The question was auto-closed by TechRepublic

    • #3567534

      Network security

      by mwasaa ·

      In reply to Network security

      I believe that one of the chief solutions is having the gateway different from the main server. Let all your internal activity be monitored by a server which is not connected to the router.
      You can have a simple PC then configured as your gateway and thus improve on your security the more the gates one has to go through the more difficult a task becomes

    • #3441271

      Network security

      by leon ·

      In reply to Network security

      This question was auto closed due to inactivity

Viewing 10 reply threads