Can some advise me the best procedure to adopt regarding almost continuous logon attempts.

Here are examples

The logon to account: Guest
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: KOREA-7AFF675FC
failed. The error code was: 3221225578

The logon to account: IWAM_WEBCORP
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: KOREA-7AFF675FC
failed. The error code was: 3221225578

Also what is the best way to block countries or IP blocks please.

Is the best method to protect my webserving small network to put in a hardware firewall or is there a better solution? I know nothing about hardware firewalls, rules or administration.

T1 -> Managed Cisco Router -> Webservers

What would be the best testing (from the outside of the local network) of the security of my little network's servers, bearing in mind I am new at this.