on Tuesday, this week all our network was extremely slow. We reviewed everything in our network, and our ISP also did.
We review with our ISP our bandwidth and they said it was caused because multiple Windows Update running at the same time... We had the issue during all day long.
I was surprised and something did not make sense to me so I continue reviewing until I could check our DMZ that has a WebServer (uploaded by one of our son's associate). The thing is that we had this server consuming all bandwidth. Yes, I know there should be a wrong security configuration on it but I write this forum to ask how can I detect when a hacking (DDoS against us or any other hacking technique) process is in progress.
Is there any software you may recommend me to detect potential instrusions or attacks to our network? We have a Windows Server 2008 R2 with IIS as Webserver and Sharepoint services in the DMZ.
I know we have to move the webserver out from our network to outside our company, but meanwhile this happens (get authorization from associates) I need to secure the webserver for not having the same issue again.