Securing sever 2008 R2 along with UC520 Cisco firewall
Posted on 2012-03-27
I have been running this network for the past five years. Yesterday the new vice president of our company said we had to “turn our network over” to a Linux certified technician that flew into town. After giving him the network passwords, I informed the owner of our company about the passwords being given to the new vice president. She told me he should NOT have these and is changing everything in the network against the owner’s will. Now I am doing everything I can to try and secure the server. I have changed every user account password. Verified that all users belong to appporitate groups and elevated UAC. Last night in the event viewer, there were 1000’s of failed attempts to login through the web. This was done from multiple IP addresses. All my firewall rules were gone out of the firewall. I reset all the firewall rules up and attack was still happening. My question is: How can I stop this attack and secure my network? And can I track where this attack is coming from?