I'm sitting here watching all of the attempts of hackers trying to probe, prod and hack our servers at the planet and it's really starting to get to me. It's almost a full time job just to try and keep them out. I know there are others out there just like me and I'd like to find out what if anything is working for others. I really wish theplanet could at least filter some of the crap out that we receive but trying to get someone to do that is like pulling teeth.

I'm actually on the verge of pulling the plug on the whole thing and going to shovel ^%&* somewhere to try and make some money. This is ridiculous.

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://forums.theplanet.com/index.php?showtopic=89123



* That really works, if you take the time to go thru all of its steps... enjoy!

APK

P.S.=> It's geared MOSTLY towards end-users (folks w/ a single machine online connected to the internet, w/ no home LAN etc. et al), but, it can be adapted to those running servers (&, it warns which steps aren't adviseable for those with servers + back office type apps such as IIS/SQLServer etc. et al as well & why, most importantly)...

Since you mention you run a server here? You may additionally wish to look into guides that secure say, IIS (Microsoft Internet Information Server) &/or SQL Server (if your website is database driven for instance via SQLServer by Microsoft) also.

Once you're done doing those things (securing the OS itself, & then the backoffice type apps you use/run)?

Test your applications + websites driven off of your setup once you try all of that from that guide & others for SQLServer + IIS (assuming you use those here, you may use other tools such as Apache & MySQL etc., & guides exist for 'security hardening' those as well)...

Good luck, I know how you feel: The web's gone a "bit nuts" the past 3-5 yrs. now with all the hacker/cracker types out here now... apk

APK,

Thank you so much for your response. I'm looking into it right now, let you know my outcome(score) You're right about the internet going nuts. You know what i've also noticed is it's gotten worse with the economy. Do you use any type of communication/monitoring tools for windows? I'd truly like to stop some of these port scanners in their tracks but I can't seem to find anything that will recognize an ip scanning different ports and then block it. That would be truly nice. I realize that most "TRUE" hackers use a compromised machine so finding the exact ip is almost impossible, stopping the scan in it's tracks shouldn't be that hard. Ok so we'd have to recycle through all the ip's every now and then but at least we can stop any immediate danger. I know their are "VERY EXPENSIVE" IDS or intrusion detection systems out their but who has a budget for that, not I.
I'm going to look into CIS Tools. Thanks again! Seriously.

You're welcome, & I hope this helps you out... it's WHY I put this guide out for "normal folks" (& with the guidance of the CIS Tool, because it makes securing a system (not JUST Windows NT-based ones mind you either, but, also *NIX variants as well) as simple/easy as it gets, w/ out having to know a lot of the "internals" of Windows etc. et al) - it was part of my 2008 "New Year's Resolution", to "Do a good deed"...



Well, you may not LIKE your score too much, & honestly? It's NOT that important...

Were I you??

I'd be more concerned with following the advisement of CIS Tool, & shoring up what it shows you.

The rest of the guide MOSTLY applies to end users & how to keep safe® online, by far, using some (well, I feel they are) common-sense measures, but, I also largely TRIED to explain WHY those suggestions work, with examples of attacks that used that which I warn folks about + how to stop it etc..



Probably - people imo @ least? Well, MOST aren't "inherently evil" (for whatever that means) - I think they get caught in things they cannot keep up with or afford & turn to crime to survive them... but, what do I know?

I do agree with you here though, it has gotten much worse than it was circa 1994-2002 or thereabouts. From 2003 onwards, imo, it started up with all these hijacks thru webbrowsers, email, even other apps, & tons of "spam" mails etc. et al... @ least, WORSE THAN EVER BEFORE!



TcpView is nice, it'll do PART of the job, but you have to be there to monitor it... so, you're probably looking for more, like something that works remotely & can signal you etc. et al remotely.

Anyhow - You can make the Windows firewall (& others) maintain a log you know, but, it is sort of a hassle to keep up on it, but, worth the doing nevertheless - especially on a server. This leads to another idea, not TOO hard to make either, that I lead into IF YOU WRITE CODE... later on though in this reply.



Have you looked into "IDS" (intrusion detection systems)? They're more of that nature...

Myself?

I use a (on my home workstation @ least) combination of a hardware NAT true "stateful packet inspecting" linksys unit, with software firewall (Windows), packet filtering (easy to implement, it's in that guide), & IP Security Policies... if anyone can "blow thru that"? My hat's off to them... honestly.



Closing available ports is what I'd recommend... & stopping ANY services you do NOT need to be running - especially those that maintain "LISTENING" status (a tool like TcpView can show you this much)...



Heh, as I quoted you earlier? I mentioned/noted IDS's & you've already apparently looked into them (I don't read someone's FULL reply, I quote & reply as I go, not to miss any points they make as I go)



No problem - Good luck, & what I gave you is a start... but, that IDS stuff, though expensive, might tend to 'automate' much of what you're looking to do... but, IF you keep logs from say, your Windows Firewall, or a hardware based unit, AND you can code (or, someone you know can)?

Well, writing a program to parse a log file is NOT a big huge trick & then sending emails via say, SMTP is not another huge trick either... you can "rig up/home brew" a solution for that which can 'warn you remotely', pretty fairly easily...

APK