General discussion

Locked

Security windows nt4.0

By kashmeir63 ·
Hi,
I have a windows nt4.0 bdc running microsoft's vpn(pptp). W/a adapter for the lan and a adpter for the internet. When I look in the event viewer(security), I could see the people that logoff and logon. Sometimes I could see people trying to get into the network, they appear to be trying different passwords, etc for a continuous amount of time to get in.My question is: When I see this happening what could I do to stop them from trying while I'm here watching them? I'm unable to reboot the server because of programs running on it. Also, if I'm correct they are using the internet ip address to try to get into the network. How can I stop this type of problem? I hope I explained this clearly. Thank you in advance.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Security windows nt4.0

by TheChas In reply to Security windows nt4.0

Best advice, add a firewall to your system.

Yes, there are tools that you can use to track down hackers who are not using proxy servers. However, you don't want to encourage the hackers, or need to continually monitor the VPN.

A good firewall will help you block the hackers automatically.

Chas

Collapse -

by kashmeir63 In reply to Security windows nt4.0

Poster rated this answer.

Collapse -

Security windows nt4.0

by pabica In reply to Security windows nt4.0

If you have implemented a good "Defense in Depth" philosophy, you should have a good perimeter router followed by a firewall and then your internal network.

Put your RAS server on the network and parallel the firewall, or configure the firewall to send the PPTP traffic to just the RAS server...

If you have an external router, you could put an access rule on the router to prohibit the suspected hacker IP any access to your network, not letting the bad guy in anywhere is your best bet..

OBTW... putting a remote access application on a domain controller of any kind is not a good security posture.. if the machine is compromised, your entire domain is accessible to the attacker... segregate your remote access functions to a dedicatedsystem and protect, harden and watch it carefully..

Thanks,
Bill..

Collapse -

by kashmeir63 In reply to Security windows nt4.0

Poster rated this answer.

Collapse -

by kashmeir63 In reply to Security windows nt4.0

This question was closed by the author

Back to Security Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums