This is the situation, I have a machine running Windows Server 2003 which I am using to run software to manage different network devices. This machine is also my Syslog server. This machine and all other machines are behind a PIX firewall. However, I have this machine configured for Remote Desktop Connection, so I have the port for Remote Desktop open on the PIX. Well, yesterday for no apparent reason the machine rebooted itself and stated that the Operating System was missing I rebooted the machine and when I did the system stated that a system change had occur, it stated that I had added a Hard Drive which I did not. So I rebooted the machine and Windows Server 2003 started up again. My question is how I can find out if some got into the machine without my authorization. Also, how safe is leaving Remote Desktop port open to the internet, how easy is it to enter the correct password at the Windows login screen?
Thank You very much.