Our company is probbly under hackers attack.

Hi,
on Tuesday, this week all our network was extremely slow. We reviewed everything in our network, and our ISP also did.
We review with our ISP our bandwidth and they said it was caused because multiple Windows Update running at the same time... We had the issue during all day long.
I was surprised and something did not make sense to me so I continue reviewing until I could check our DMZ that has a WebServer (uploaded by one of our son's associate). The thing is that we had this server consuming all bandwidth. Yes, I know there should be a wrong security configuration on it but I write this forum to ask how can I detect when a hacking (DDoS against us or any other hacking technique) process is in progress.
Is there any software you may recommend me to detect potential instrusions or attacks to our network? We have a Windows Server 2008 R2 with IIS as Webserver and Sharepoint services in the DMZ.
I know we have to move the webserver out from our network to outside our company, but meanwhile this happens (get authorization from associates) I need to secure the webserver for not having the same issue again.
LVL 2
José PerezAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Wayne88Commented:
The only way to detect a hack in progress is to have Intrusion Detection System in place.  They don't come cheap.

One that came to mind and that I've used before is eTrust Inrustion Detection but I am not sure if they are still available.  However, there are many other companies offering good IDS system.

Also, do you have a good firewall?  Good firewall such as Sonicwall can minimize such threats because their definition is updated regularly.
0
José PerezAuthor Commented:
We were recommended to replace our original Watchguard XTM515 for a Fortigate 200D Firewall.
Btw, you think this change was correct?
0
Wayne88Commented:
Sorry, I don't know too much about that specific appliance but Fortinet do make good firewall.  From my research I got:

Fortigate 200D Firewall - "Powered by FortiOS, these appliances provide visibility into and control over more than 3000 applications, top rated Intrusion Prevention and Antimalware and actionable Reporting. " - http://www.fortinet.com/products/fortigate/next-gen-firewall-200series.html

The current Watchguard XTM515 service bundle also has Intrusion Prevention Service.

The point is that one cannot recommend an appliance upgrade without finding the root cause of the problem and how was your system hacked then you will find the weak link.  Personally, I don't see much difference between the two unit but that could be because I don't know enough about it.
  However, I wouldn't be too quick to replace the firewall just yet.

Have you consult a network security consultant to analyze your environment?  That's probably the best thing you can do right now and only after their analysis then they can make recommendation.
0
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

madunixCommented:
Use cloudflare, you just need to make an account, add your website and point your DNS at them.  https://www.cloudflare.com/
0
José PerezAuthor Commented:
Sorry madunix, our policies does not allow us to use external sites for this type of job.
Thanks anyway.
0
asavenerCommented:
The only way to detect a hack in progress is to have Intrusion Detection System in place.  They don't come cheap.
Um.... Snort is the de facto industry standard, and it's free and open source.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
asavenerCommented:
If cost is a major constraint, the I suggest you do some research on Security Onion.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.