What can I do to stop

[MrLinus]

Firewalls make it really easy to block attackers. And some firewalls do so automatically. The challenge is to properly lock down the boxes without a dependence on a firewall. This is why I suggested talking to Pooh. I've poked his box a few times. I was impressed as to how well it was locked down without a firewall.

[mark_boyle2002]

I've poked his box a few times

something you two want to tell us ?

[UpperCell]

nihil: I am trying to test those tools for him as I have the same OS, but only the first link even works for me. The top link doesn't seem to have stuff that would help too mutch. The crypto whatever is obviously for 9x or win2k with FAT32 perhaps.

We really need to know what services you have to keep running. That will help Pooh Tzu Sun as well. Whatever you don't need, you need to figure a way to turn off. No use having extra places to 'poke' your box. At least let us know what your box has to continue doing (Serving web pages, administering a domain, providing terminal services etc...) .

MsMittens brought up a good point above, HUGE HORRIBLE PASSWORDS that should not occur anywhere else in the natural world If there's any doubt about the characters you can use, to test I just set the password for one account to ~!@#$%^&*()_+{}|:"<>?`-=[]\;',./ It works just fine(remember, I have the same thing your working with). Don't use that exactly it's predictable in it's own way. Use the most random ass password that you can remember, if you can't remember, write it down somewhere SUPER SECRET. Don't worry about how long it can be either, it can be stupid long if your up for it. Since your in such a class, I'm sure you've heard this half a million times, I don't care, usually nobody listens. Consider this # 500,001. If you have no firewall, he could probably find a way to sneack lopht crack in there (remotely, following the rules), and with enough time he's got you no matter what. So a password of, say, 25 characters that changes each day, while stupid complicated, could be the difference between a hacked box and one standing above the crowd.

If he's using any dirty tricks like keyboard loggers, you may be screwed no matter what. This especially true if their physical loggers, these can be embedded in the keyboard itself. Were I challenged in class to secure my box, I would seriously consider bringing my own keyboard... DON'T DO THAT, you'd look like an uber dork He's an instructor and has a certain reputation to uphold, he may resort to such things if your box is otherwise secure.

Hope this helps, more as it randomly crosses my mind,

Jon.

[Draco980172]

A few more things to look at are:

Services: stop and disable any service that you don't have to have.
IP filtering: Turn on an use IP filtering. Only allow the ports that you absolutely have to.

You may not be able to down load a firewall but that doesn't mean that you can't reduce your attack surface.

Have you changed the NTFS permissions on your hard drives? By default the everyone group has full access to your computer. Just be careful not to be to restrictive here, Since you are a domain controller you will have to leave somethings a little more open. ie replace everyone full with authenticated users read/execute/list

Disable the Guest account.

Rename the administrator account

Disable Anonamous access

Setup account lock out policies

Just to help you know when he has been comming at you setup a dummy Administrator account, remove it from all groups and turn on auditing for this account. That way you can see any attempts to use that account in you logs.

You might try applying the HISECDC.inf in the local security policy. If that one breaks to much then try the SECUREDC.inf and then the BASICDC.inf. Remember that you can alwas go back to the original local security policy by using the "setup security.inf"

Disable the remote registry service!

Just remember that if configured properly a Windows server can be just as secure as any other OS.

Good luck!