Link to home
Start Free TrialLog in
Avatar of mkramer777
mkramer777Flag for United States of America

asked on

compromised server

Had some weird stuff happen to our Win 2003 Standard server over the weekend.  Failed audits and a username that was created.  Had an outside tech company take a look and they said that the server was compromised.  Nothing was actually done to the server.  All that they found is someone looked around and then logged off.  They decided to go through some procedures to band-aid the problem but they said if they wanted us to prevent this from happening again they could go through the whole server and check where the vulnerabilities are and find a solution for them.  The cost they said would be $4000.  So my question is should I let them do this for that amount or are there some things that I can do to reduce this threat in the future either through software or securing the system myself?
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

$4,000 - Ouch!

I wouldn't bother.  Check your firewall and make sure you know what ports are open and if they are needed.  Don't open port 3389 to the server, use a different port or program for remote access, make sure Windows has all available updates installed and monitor invalid login attempts in your security logs.
Oh - and also change ALL passwords to ALL accounts, making sure you have strong passwords as a requirement and disable / delete any no longer used / needed accounts.

Some useful reading:

http://alanhardisty.wordpress.com/2010/09/28/increase-in-frequency-of-security-alerts-on-servers-from-hackers-trying-brute-force-password-programs/
Avatar of mkramer777

ASKER

How would I go about closing port 3389 and disabling access to the server using remote access?  So you think the need to pay someone $4000 for doing this is not needed?
SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
How would I contact a qualified EE expert on this issue?  Never done that before.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial