locked
Security RRS feed

  • Question

  • Does some have a guideline to securing your WHS from outside intrusion. I logged on to my WHS this morning and noticed ip address I didn't recognize.  According to the Web Log addin they are coming from Poland, China, Korea. What can I do to secure my system from intruders?

    Saturday, March 28, 2009 3:13 PM

Answers

  • Well, this one I forgot - keep your routers firmware also up to date. Firmware can also have bugs and therefore be vulnerable to attacks from the Internet. And the router is the first line of defense, which blocks attacks to exploited Windows vulneribilities for all ports, which are not exposed to the Internet via portforwarding, before they even can reach the recipient.
    Best greetings from Germany
    Olaf

    • Marked as answer by xtdaddy Saturday, March 28, 2009 10:02 PM
    Saturday, March 28, 2009 9:05 PM
    Moderator

All replies

  • The IP addresses in the IIS log mean only, that somebody or something established a connection to your server, not anything else. Tihis is usual in the Internet, that bots (like those from search engines) or also malware are scanning addresses in the Internet.
    As long as you keep your WHS on the most current patch level, use strong passwords and do not establish port forwarding for more than the ports, which are necessary for Remote Access to work, you should be on the safe side.
    To even more improve the security you have only two options:
    - do not use Remote Access
    - install a WHS capable Virus Scanner

    Best greetings from Germany
    Olaf
    Saturday, March 28, 2009 3:47 PM
    Moderator
  • Thank you for your quick response. I feel a litle better now. Will a WHS virus scanner also be able to tell if an unauthorized intruder tried to acess my WHS or any of the pc's on my network? I am currently using a LINKSYS WRT 610N and have SPI firewall enabled. I just wondering if that's enough?
    Saturday, March 28, 2009 3:51 PM
  • Virus scanning software is a good idea. I have syamantec endpoint protection running on my home server for about 2 months now with no issues seems to work fairly well according to the logs. Also I felt a little unsecure about my router i was using a befsx41 (lynksys) with the SPI firewall enabled provided good protection but i wanted something a little more so i went with the RVS4000 (linksys/cisco security router) i am very pleased with besides the SPI firewall, it also has a IPS feature that you have to keep up to date within the router much like virus definitions read about it here ---> http://www.cisco.com/en/US/products/ps9928/index.html I feel pretty safe now just remember to keep up to date on all antivirus patches and security updates for windows. on every client pc. The logs in my IPS on the router show hundreds of attacks a week that are blocked mostly sql slammer worm and DoS HGOD SynKiller Flooding. one buffer overflow attck so far too. all blocked at the router.
    Saturday, March 28, 2009 5:40 PM
  • Well, this one I forgot - keep your routers firmware also up to date. Firmware can also have bugs and therefore be vulnerable to attacks from the Internet. And the router is the first line of defense, which blocks attacks to exploited Windows vulneribilities for all ports, which are not exposed to the Internet via portforwarding, before they even can reach the recipient.
    Best greetings from Germany
    Olaf

    • Marked as answer by xtdaddy Saturday, March 28, 2009 10:02 PM
    Saturday, March 28, 2009 9:05 PM
    Moderator
  • Well, this one I forgot - keep your routers firmware also up to date. Firmware can also have bugs and therefore be vulnerable to attacks from the Internet. And the router is the first line of defense, which blocks attacks to exploited Windows vulneribilities for all ports, which are not exposed to the Internet via portforwarding, before they even can reach the recipient.
    Best greetings from Germany
    Olaf


    Yes, that is easy to forget mine is up to date cant belive i forgot to mention that.
    Saturday, March 28, 2009 11:45 PM