Results 1 to 8 of 8

Thread: I need to secure my member server

  1. #1
    Junior Member
    Join Date
    Oct 2002
    Posts
    18

    I need to secure my member server

    I have an NT4.0 Network. I have PDC BDC proxyserver exchange server etc. Other then those I have a member server which stores some important files and stuff. I need to have a best intrusion detection program that would easily run on NT4.o member server. For security reasons I have un-shared all my drives and I've hidden my computername from the network.
    But I still need to know if some one tries to enter or actually entered into my system and messed with my stuff.

    Is there any good intrusion detection software..(free) that would secure my member server?

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    321
    hey,

    there are a couple of intrusion detection system available for free, but they exist mostly for *nix platformes. So use a google search or look through forums
    I strongly suggest updating nt4 at least with the correct service pack...
    unsharing the drives is a good too

    gd luck
    assembly.... digital dna ?

  3. #3
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Make sure you have hardened the box. If you need information on this, do a search here at AO first, then Google if you need to. Other than that, you can search for a free host-based IDS on Google as well, although I am not sure that you will turn up much that is free for NT. Make sure that your SP is up-to-date as nabylbt said already.
    Opinions are like holes - everybody\'s got\'em.

    Smile

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Posts
    339

    Re: I need to secure my member server

    Is there any good intrusion detection software..(free) that would secure my member server?
    Naturally, I'd go to Google, and search for "free intrusion detection software". Just as simple as that. Anyway, I recommend Snort, it's free and it can run on Windows. There are also (free) front-ends for Snort available.

    How you know you can find such info at AO but not at Google still confuse me tho...

    Peace always,
    <jdenny>
    Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
    I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds


  5. #5
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953

    Post You speak of xploits ?

    Start looking for exploits- That's what the bad guys are gonna do. No serious expert is going to care about your lil' system. Most intrusions/attempts are made by skript kiddies...
    yeah, I\'m gonna need that by friday...

  6. #6
    The most important thing, as *nabylbt* said is to run the correct service pack. I think it is like 6a or something. Most of the security exposure in NT 4.0 is due to the fact that most people dont apply the service packs in a timely manner.

    To harden the box, there are a few easy things you can do to prevent NT 4.0 "paint-by-the-numbers" attacks:

    1. Enable the RestrictAnonymous registry key. This will prevent null session users from enumerating your user information.

    2. If you dont need to use NetBIOS shares, DONT. You said above that you already took all the shares off. Are you still sharing c$, admin$?

    3. Install passfilt to enforce strong password requirements on your box. Download l0phtcrack and run an audit of the users on the machine to ensure they are using strong passwords.

    4. Ensure that any additional services you are offering on the machine are updated to the latest patch.

    5. Rename the administrator and guest account.

    There are whole books written on NT hardening. These are just a few thoughts.

    Good luck hardening NT

    ~Xe

  7. #7
    Junior Member
    Join Date
    Oct 2002
    Posts
    8
    better yes, disable and rename your guest account.. complex passwords are also a good start.. along with the most recent service pack (6a). i assume it goes without saying you're using NTFS with fairly tight settings? and lastly, how secure is the server itself? can people access it locally?

    ps: HERE is a pretty good PDF on hardening NT servers.. another must bookmark

    -scoob8000
    Blessed be the pessimist for he hath made backups.

  8. #8
    Junior Member
    Join Date
    Oct 2002
    Posts
    18
    THanx a lot guys for giving me such valueable information. I 'm new here on AntiOnline after and i find this site very useful ............

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •