eggster34
asked on
account lockout on windows 2000
H:ello
I have a windows 2000 domain controller that is also running a web server and an ftp server.
some character keeps performing a brute force attack to my ftp server with the administrator user and just trying to guess the password.
I need to configure policies to
-- audit these attacks in the event viewer
-- block the attacker from connecting to the server for 30 minutes (without locking down the administrator user.)
I have a windows 2000 domain controller that is also running a web server and an ftp server.
some character keeps performing a brute force attack to my ftp server with the administrator user and just trying to guess the password.
I need to configure policies to
-- audit these attacks in the event viewer
-- block the attacker from connecting to the server for 30 minutes (without locking down the administrator user.)
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I have windows 2000.
I use this guide:
http://support.microsoft.com/kb/320053/en-us
to rename the domain administrator account only, but nothing happened although I applied the secedit /refreshpolicy machine_policy setting.
does this procedure not work on domain controllers / domain accounts?!?
I use this guide:
http://support.microsoft.com/kb/320053/en-us
to rename the domain administrator account only, but nothing happened although I applied the secedit /refreshpolicy machine_policy setting.
does this procedure not work on domain controllers / domain accounts?!?
ASKER
hello?
Sorry, I missed that question somehow:
please take a look at: http://support.microsoft.com/kb/259576
( http://www.microsoft.com/windows2000/docs/grouppolwp.doc )
please take a look at: http://support.microsoft.com/kb/259576
( http://www.microsoft.com/windows2000/docs/grouppolwp.doc )
This could be usefull too:
http://www.digitalriver.com/dr/v2/ec_Main.Entry17C?SID=26412&SP=10023&CID=117017&PID=313036&PN=1&V1=313036
#
BlackICE Server Protection delivers bulletproof protection, with defenses against specific attacks directed at Windows NT or 2000 servers. BlackICE Server Protection detects, identifies and blocks attacks before they can compromise a system. Protect your home network or small office with BlackICE Server Protection. BlackICE Server Protection's award-winning technology:
# Protects servers by scrutinizing all traffic into and outfrom a server, constantly on the lookout for suspicious activity and ready to aggressively defend against attack
# Blocks malicious activity from the source of the attack and denies improper access while leaving legitimate traffic unaffected
# Alerts users attempted attacks and logs all suspicious activity so that sophisticated users or service providers can identify and neutralize the threat at its source
# Secures dial-up, DSL, or cable modem Internet connections 24 hours a day, 365 days a year
http://www.digitalriver.com/dr/v2/ec_Main.Entry17C?SID=26412&SP=10023&CID=117017&PID=313036&PN=1&V1=313036
#
BlackICE Server Protection delivers bulletproof protection, with defenses against specific attacks directed at Windows NT or 2000 servers. BlackICE Server Protection detects, identifies and blocks attacks before they can compromise a system. Protect your home network or small office with BlackICE Server Protection. BlackICE Server Protection's award-winning technology:
# Protects servers by scrutinizing all traffic into and outfrom a server, constantly on the lookout for suspicious activity and ready to aggressively defend against attack
# Blocks malicious activity from the source of the attack and denies improper access while leaving legitimate traffic unaffected
# Alerts users attempted attacks and logs all suspicious activity so that sophisticated users or service providers can identify and neutralize the threat at its source
# Secures dial-up, DSL, or cable modem Internet connections 24 hours a day, 365 days a year
Here is a link to the shareware version:
http://www.softsea.com/review/BlackICE-Server-Protection.html
http://www.softsea.com/review/BlackICE-Server-Protection.html
Security
Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection. Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.
32K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
The final recommendation would be to just change the name of the administrator so technically the administrator acct doesn't exist anymore. I know its possible but would have to look up just how its done again though.