Our company is probbly under hackers attack.
Hi,
on Tuesday, this week all our network was extremely slow. We reviewed everything in our network, and our ISP also did.
We review with our ISP our bandwidth and they said it was caused because multiple Windows Update running at the same time... We had the issue during all day long.
I was surprised and something did not make sense to me so I continue reviewing until I could check our DMZ that has a WebServer (uploaded by one of our son's associate). The thing is that we had this server consuming all bandwidth. Yes, I know there should be a wrong security configuration on it but I write this forum to ask how can I detect when a hacking (DDoS against us or any other hacking technique) process is in progress.
Is there any software you may recommend me to detect potential instrusions or attacks to our network? We have a Windows Server 2008 R2 with IIS as Webserver and Sharepoint services in the DMZ.
I know we have to move the webserver out from our network to outside our company, but meanwhile this happens (get authorization from associates) I need to secure the webserver for not having the same issue again.
on Tuesday, this week all our network was extremely slow. We reviewed everything in our network, and our ISP also did.
We review with our ISP our bandwidth and they said it was caused because multiple Windows Update running at the same time... We had the issue during all day long.
I was surprised and something did not make sense to me so I continue reviewing until I could check our DMZ that has a WebServer (uploaded by one of our son's associate). The thing is that we had this server consuming all bandwidth. Yes, I know there should be a wrong security configuration on it but I write this forum to ask how can I detect when a hacking (DDoS against us or any other hacking technique) process is in progress.
Is there any software you may recommend me to detect potential instrusions or attacks to our network? We have a Windows Server 2008 R2 with IIS as Webserver and Sharepoint services in the DMZ.
I know we have to move the webserver out from our network to outside our company, but meanwhile this happens (get authorization from associates) I need to secure the webserver for not having the same issue again.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry, I don't know too much about that specific appliance but Fortinet do make good firewall. From my research I got:
Fortigate 200D Firewall - "Powered by FortiOS, these appliances provide visibility into and control over more than 3000 applications, top rated Intrusion Prevention and Antimalware and actionable Reporting. " - http://www.fortinet.com/products/fortigate/next-gen-firewall-200series.html
The current Watchguard XTM515 service bundle also has Intrusion Prevention Service.
The point is that one cannot recommend an appliance upgrade without finding the root cause of the problem and how was your system hacked then you will find the weak link. Personally, I don't see much difference between the two unit but that could be because I don't know enough about it.
However, I wouldn't be too quick to replace the firewall just yet.
Have you consult a network security consultant to analyze your environment? That's probably the best thing you can do right now and only after their analysis then they can make recommendation.
Fortigate 200D Firewall - "Powered by FortiOS, these appliances provide visibility into and control over more than 3000 applications, top rated Intrusion Prevention and Antimalware and actionable Reporting. " - http://www.fortinet.com/products/fortigate/next-gen-firewall-200series.html
The current Watchguard XTM515 service bundle also has Intrusion Prevention Service.
The point is that one cannot recommend an appliance upgrade without finding the root cause of the problem and how was your system hacked then you will find the weak link. Personally, I don't see much difference between the two unit but that could be because I don't know enough about it.
However, I wouldn't be too quick to replace the firewall just yet.
Have you consult a network security consultant to analyze your environment? That's probably the best thing you can do right now and only after their analysis then they can make recommendation.
Use cloudflare, you just need to make an account, add your website and point your DNS at them. https://www.cloudflare.com/
ASKER
Sorry madunix, our policies does not allow us to use external sites for this type of job.
Thanks anyway.
Thanks anyway.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If cost is a major constraint, the I suggest you do some research on Security Onion.
ASKER
Btw, you think this change was correct?