Dave Stone
asked on
High-Risk Intrusions on new Exchange Install (Symantec - Sonicwall)
Hello,
We have installed a new Exchange server on our single domain network. Since configuring another public IP to accomodate it we are getting many "High-Risk Intrusion Detected" alerts from the Symantec Endpoint we have running on this server. It is mostly:
Attack Signature
Web Attack: Remote OS Command Injection
with some:
Attack Signature
Attack: D-Link DSL 2750B Arbitrary Command Execution
The attacking IP's change so I can't blacklist them on the firewall. We are using Sonicwall NSA 2650 as a firewall. Is there anyway to stop these attacks? I realize that the Endpoint protection is doing what it should but I am concerned that eventually the bad guys will get through.
We have installed a new Exchange server on our single domain network. Since configuring another public IP to accomodate it we are getting many "High-Risk Intrusion Detected" alerts from the Symantec Endpoint we have running on this server. It is mostly:
Attack Signature
Web Attack: Remote OS Command Injection
with some:
Attack Signature
Attack: D-Link DSL 2750B Arbitrary Command Execution
The attacking IP's change so I can't blacklist them on the firewall. We are using Sonicwall NSA 2650 as a firewall. Is there anyway to stop these attacks? I realize that the Endpoint protection is doing what it should but I am concerned that eventually the bad guys will get through.
See what Firewall settings you can set in the Sonic Wall to stop most attacks right at the firewall. We do this on Juniper and smaller Cisco boxes and Symantec is not showing any attacks in its Intrusion System.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you