• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 421
  • Last Modified:

Critical Errors In Security Log

We are running SBS 2003 Premium with ISA 2004. Everyday i get this log and it always has errors. My question is the Logon Failures. There are several thousand and I would like to know if I should be concerned that someone is trying to hack into our system. I have attached a screen shot of the log error Logon.docx
0
csk2512
Asked:
csk2512
1 Solution
 
jmlambTechnical Account ManagerCommented:
I would be concerned if anyone was trying repeated attempts to logon to the Administrator account and was failing. Even more so because the source IP address appears to be external to your network. Are you port forwarding all traffic to your SBS server, or have no firewall in between it and your ISP equipment?
0
 
csk2512Author Commented:
Not sure I understand. We do not have a hardware Firewall, but we are using ISA Server. Also, how can I check if we are port forwarding all trafiic to our SBS server?
0
 
jmlambTechnical Account ManagerCommented:
Unfortunately I'm not familiar with ISA server. I'll ask a Mod to add that zone for you to get some extra exposure.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
Keith AlabasterEnterprise ArchitectCommented:
How many failed entries are there per day in the log?
Check your external router - that will tell you what traffic is being forwarded to ISA.
0
 
csk2512Author Commented:
I only have a DSL Modem. Is that considered an external router? The number of failed entries per day varies, but it is usually either a few hundred or up to 1000.
0
 
ghemstromCommented:
What you see when it comes to logon attempts is probably what any internet connection would experience:

1. Change your administrator user name into something less ordinary than administrator. That would double the security of logons.

2. See to that you have a password of maximum security level for this administrator user.

Is the domain name correct, i. e. the domain name of your domain - then you have to check whether you have a client who make unsuccessful attempts to log in.

A router ( < $ 150 ) between the modem and your network would effectively block all these attempts from your computer. And you get a lot less to administrate.

If you have clients login on to the network from outside then an installation of a VPN would be appropriate but that is beyond the scope of this discussion. (VPN = virtual private network  using encrypted communication between your network and clients)

0
 
TolomirAdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now