Best way to filter worm attacks from my Netopia R9100

I am being wormed.  And while I am comforted by the fact that my Windows security seems pretty solid, my server gets hit every sec at times.  I want to block this traffic at the router.  I run POP3, SMTP, and RDP, Outlook Web Access.  I have some filters set up on the router that seem to do a good job, except for all these failed logon attempts.  grc.com reports first 1056 ports as all closed.

So...how should  I make sure that my router is locked down aganst the worm attacks?  What more can I do in general?

Specific help directed toward Netopia filter sets would be appreciated.  If it makes sense to break this question down into more specific pieces, let me know.

LVL 11
QuetzalAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

chicagoanCommented:
The basic premise is to block all ports not necessary to the functions of the public services.
If your audience is private, you can further restrict access by address or consider a VPN to exclude access from non authorized people.
If the audience is global and the attacks are on ports you have to open for functionality, you can either analyze the traffic and start blocking netblocks either manually or with a reactionary IDS system, or live with the reality that open ports are a magnet for vulnerability probles.

While I'm not familiar with the Netopia interface, your application is an extremely common one and I would think the vendor has a standard template to help you lock it down as much as possible.

I assume you're running these service on a seperate ISA machine and your Exchange services are locked down to the corporate lan and the ISA machine only, if not that is an avenue you should pursue as well.




0
KingHollisCommented:
Quetzal,
The basic premises outlined by chicagoan are echoed by me. More importantly though, you sould understand that you are talking about a router. It isn't a firewall in the truest sense-- it will only filter traffic not inspect it. So you can say, "I want to block everything but TCP/80, TCP/443, TCP/3389, etc.", but you have effectively just left these holes open. The router isn't able to tell if the port 80 traffic is HTTP or not. The packets could be trojans or other malevolent malformed packets disguised as HTTP taffic. What you need to invest in is a decent stateful packet inspection firewall with application proxy filtering. Otherwise, just having these services hanging off the Netopia router will eventually lead to some unwanted traffic.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.