What can I do to stop - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: What can I do to stop

  1. #11
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Firewalls make it really easy to block attackers. And some firewalls do so automatically. The challenge is to properly lock down the boxes without a dependence on a firewall. This is why I suggested talking to Pooh. I've poked his box a few times. I was impressed as to how well it was locked down without a firewall.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #12
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499
    I've poked his box a few times
    something you two want to tell us ?

  3. #13
    Senior Member
    Join Date
    Apr 2003
    Posts
    147
    nihil: I am trying to test those tools for him as I have the same OS, but only the first link even works for me. The top link doesn't seem to have stuff that would help too mutch. The crypto whatever is obviously for 9x or win2k with FAT32 perhaps.

    We really need to know what services you have to keep running. That will help Pooh Tzu Sun as well. Whatever you don't need, you need to figure a way to turn off. No use having extra places to 'poke' your box. At least let us know what your box has to continue doing (Serving web pages, administering a domain, providing terminal services etc...) .

    MsMittens brought up a good point above, HUGE HORRIBLE PASSWORDS that should not occur anywhere else in the natural world If there's any doubt about the characters you can use, to test I just set the password for one account to ~!@#$%^&*()_+{}|:"<>?`-=[]\;',./ It works just fine(remember, I have the same thing your working with). Don't use that exactly it's predictable in it's own way. Use the most random ass password that you can remember, if you can't remember, write it down somewhere SUPER SECRET. Don't worry about how long it can be either, it can be stupid long if your up for it. Since your in such a class, I'm sure you've heard this half a million times, I don't care, usually nobody listens. Consider this # 500,001. If you have no firewall, he could probably find a way to sneack lopht crack in there (remotely, following the rules), and with enough time he's got you no matter what. So a password of, say, 25 characters that changes each day, while stupid complicated, could be the difference between a hacked box and one standing above the crowd.

    If he's using any dirty tricks like keyboard loggers, you may be screwed no matter what. This especially true if their physical loggers, these can be embedded in the keyboard itself. Were I challenged in class to secure my box, I would seriously consider bringing my own keyboard... DON'T DO THAT, you'd look like an uber dork He's an instructor and has a certain reputation to uphold, he may resort to such things if your box is otherwise secure.

    Hope this helps, more as it randomly crosses my mind,

    Jon.

  4. #14
    Junior Member
    Join Date
    Sep 2003
    Posts
    21
    A few more things to look at are:

    Services: stop and disable any service that you don't have to have.
    IP filtering: Turn on an use IP filtering. Only allow the ports that you absolutely have to.

    You may not be able to down load a firewall but that doesn't mean that you can't reduce your attack surface.

    Have you changed the NTFS permissions on your hard drives? By default the everyone group has full access to your computer. Just be careful not to be to restrictive here, Since you are a domain controller you will have to leave somethings a little more open. ie replace everyone full with authenticated users read/execute/list

    Disable the Guest account.

    Rename the administrator account

    Disable Anonamous access

    Setup account lock out policies

    Just to help you know when he has been comming at you setup a dummy Administrator account, remove it from all groups and turn on auditing for this account. That way you can see any attempts to use that account in you logs.

    You might try applying the HISECDC.inf in the local security policy. If that one breaks to much then try the SECUREDC.inf and then the BASICDC.inf. Remember that you can alwas go back to the original local security policy by using the "setup security.inf"

    Disable the remote registry service!

    Just remember that if configured properly a Windows server can be just as secure as any other OS.

    Good luck!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •