Thu, Jan 27 2005 21:05
A little bit of Wolf
So I was helping out an SBSer and doing some investigation of the server and tonight was reading Robert Hensing's posts on “Anatomy of” and Wolf.
Wolf you say? See when the PSS team [either technical support or in this case Security] want to further investigate they give you a bit of code to pull a detailed file of your system. It's how they can look at the box and see what's up. It's kinda cool the information that they can use and review.
Remember my ranting about knowing your log files? Tony rightly points out that the manual installation setup of ISA server 2000 [our current one] on SBS 2003 does not set up monitoring out of the box and you/we need to ensure it's turned on. Go into ISA management, click on monitoring configuration and ensure that the logging of ISA is what you want and it is enabled like you want it: This is the default for the packet filters one.
Remember the default location where the log files will be:
I cannot stress enough how important it is to have these audit log files turned on...for the firewall, for the IIS, for the security log, don't disable ANY auditing. If you think the log files are too “noisy“... tough. Deal with it. Trust me, you'll want that “just in case“. Windows 2000 didn't have much event logging enabled. Windows 2003 does.
Robert Hensing points out the other advantages of 2003 and I'd like to point out our comparisons in SBSland:
- 2003 allows you to set up a blank password but YELLS loudly when you stupidly do [but keep in mind that if you do this [now hold on to your hats folks because this is a true statement, as stated by password experts] this blank password can not be access via the network. So if we truly wanted to “lock“ down our Administrator account from an Internet outsider brute attack, we “could“ make it blank. Now I'm not quite sure that I'm quite comfortable with a blank password thank you very much INSIDE my office... so I think I'll opt to have a STRONG longer than 15 character password on my admin account.
- We DO have a firewall that if we use two network cards it is enabled BY DEFAULT.
- We don't quite have everything off by default, and that's actually why you don't want to run the Security Configuration Wizard on our SBS boxes as we are pretty darn tuned as it is.
If I could tell every SBSer in the world what's the one thing they could do to make their systems more secure...what would I tell them?
I'd say get the fear of God and Dr. Jesper Johansson in you and choose better passwords....excuse me..... passPHRASES. Start with that ONE small step... one change in human behavior and you make one GIANT leap for a more secure system.
Filed under: Security