Deus ex Machina (sugarbeet) wrote in diyhosting,
Deus ex Machina
sugarbeet
diyhosting

  • Mood:

Needing help with security on Windows SBS2003 server with Exchange

Can someone help me with some basic security on my SBS2003 server, with particular regards to e-mail security. I am not idiot but I have not done server or LAN support for a living since NT 4.0 and 95. I spent the last 10 years doing Cisco Networking and Telecom work. I installed and ran a Win 2K server with exchange for a year or so and now SBS 2003 for a few years just to keep some skills up.

I only host a few personal websites and one e-mail domain with just a couple e-mail accounts. I also have a POP3 connector to pull e-mail in from an ISP for an old e-mail address. I run it in my basement on a DSL with static, public IP addresses with a Cisco router acting as my firewall. I am also running Symantec Corporate Antivirus 8.1 and I have Windows Intelligent Messaging Filter configured. I believe I am up to date on all my service packs and updates. I have done basic thing like using hardened passwords and disabled the default administrator account. I admit that I have not changed my passowrd in a while but I changed them today.

One of the main things I am concerned about is unauthorized users sending mail through my server. My girlfriend and I am really the only people that would normally send mail from one of several machines that would all be on the same local IP subnet. I primarily use Outlook to manage my mail, but I have also used, outlook express, netscape, thunderbird and OWA. The main symptom of how i know is that I have a security problem is that I when i go to Exchange System Manager and look at the Queues for my server, I see about 40 SMTP connectors set up for domains that I do not manage or support. All but one have at least one message waiting in the queue. I have frozen them for now, but more will keep getting added and I have know idea how people are able to do it. When I get my daily reports, I have seen that often I get dozens of failed attempts of trying to log into my server via Terminal Services/RDP.

What can I do or or look at to see how my system is compromised and what people are doing or trying to do on my server. What are some other things I can do to improve security on my server and harden it against attacks. Whenever I try to google for tips, I find really in depth instruction that I don't understand or are for more complicated installations. I have done some things in the past to tighten up things and have screwed up my server. So more often then not, i choose to do nothing then risk messing things up.
Subscribe
  • Post a new comment

    Error

    Comments allowed for members only

    Anonymous comments are disabled in this journal

    default userpic

    Your IP address will be recorded 

  • 2 comments