[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Critical Errors In Security Log

Posted on 2011-03-14
8
Medium Priority
?
359 Views
Last Modified: 2012-05-11
We are running SBS 2003 Premium with ISA 2004. Everyday i get this log and it always has errors. My question is the Logon Failures. There are several thousand and I would like to know if I should be concerned that someone is trying to hack into our system. I have attached a screen shot of the log error Logon.docx
0
Comment
Question by:csk2512
7 Comments
 
LVL 12

Expert Comment

by:jmlamb
ID: 35136220
I would be concerned if anyone was trying repeated attempts to logon to the Administrator account and was failing. Even more so because the source IP address appears to be external to your network. Are you port forwarding all traffic to your SBS server, or have no firewall in between it and your ISP equipment?
0
 

Author Comment

by:csk2512
ID: 35165349
Not sure I understand. We do not have a hardware Firewall, but we are using ISA Server. Also, how can I check if we are port forwarding all trafiic to our SBS server?
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 35169779
Unfortunately I'm not familiar with ISA server. I'll ask a Mod to add that zone for you to get some extra exposure.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35170512
How many failed entries are there per day in the log?
Check your external router - that will tell you what traffic is being forwarded to ISA.
0
 

Author Comment

by:csk2512
ID: 35179900
I only have a DSL Modem. Is that considered an external router? The number of failed entries per day varies, but it is usually either a few hundred or up to 1000.
0
 
LVL 2

Accepted Solution

by:
ghemstrom earned 2000 total points
ID: 35180055
What you see when it comes to logon attempts is probably what any internet connection would experience:

1. Change your administrator user name into something less ordinary than administrator. That would double the security of logons.

2. See to that you have a password of maximum security level for this administrator user.

Is the domain name correct, i. e. the domain name of your domain - then you have to check whether you have a client who make unsuccessful attempts to log in.

A router ( < $ 150 ) between the modem and your network would effectively block all these attempts from your computer. And you get a lot less to administrate.

If you have clients login on to the network from outside then an installation of a VPN would be appropriate but that is beyond the scope of this discussion. (VPN = virtual private network  using encrypted communication between your network and clients)

0
 
LVL 27

Expert Comment

by:Tolomir
ID: 36283900
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question