OT: Server woes...Need advice to set it up right Options

[swood]

Right now we're running (don't laugh) Windows NT with a router that has a static IP. The last straw was on Friday I was typing up a major memo and someone hacked into my pc and took control of it. I ripped the fricken cord out of the wall to end it. Of course my tasks were screwed. (IMG:style_emoticons/default/headbang.gif) (IMG:style_emoticons/default/headbang.gif) (IMG:style_emoticons/default/headbang.gif) (IMG:style_emoticons/default/headbang.gif)

We're getting a new server, need a new OS with some serious security and obviously a new router that's not static. I don't know jack, we have one guy that is in charge of this stuff, but hey, we're just landscape architects, not computer studs.

Any advice? We have about 12 work stations at present. Is Workstation 2003 good for the server and then WinXP for each station?

Oh yeah, currently we're using eTrust anti virus.

Muchos Muchos Grassy Ass for your help.
Steve

[fiid]

Are you talking about a small office LAN here?

I would get one of those router firewall jobbies on there. You can get them now that support VPN access in case you need to access your stuff remotely.

Run XP Home or professional on all the workstations. I would run win2k server on the server box, or the new (is it w2k3 server?) .

Most importantly - get a firewall. And keep up to date with the windows updates. You can get XP to do that part for you as well.


Fiid.

[Rockaria]

The best advice I can give is simple:

1) Don't ever, never, ever, leave an admin account (Or any account for that matter) with a null password. Windows loves to do this automaticaly and its easy to miss when setting up.

2) Don't ever, never, ever use a real word as a password. Or use just words, or use just numbers. You password should be like this [ 8Yz914u ] Impossible to crack a password like that. I know its hard to remeber, but what is harder? Dealing with a hacker, or remebering a hard password?

3) Make sure any ports you are not using are CLOSED.

4) Always patch your OS keeping it current and watch out for update/security risk notices on your system.

5) use wild ass port numbers if you have to use FTP or Telnet on your Windows server. If you can use a wild ass port number for the WWW server as well. Port 80 will get hacked in a second, port 9142 won't (This is harder to do for a business).

6) Set audit policies on Login and acess so you can watch what is happening when. A daily look at this may give a clue to a person trying to hack you.

7) and my favorite... UNIX ROCKS! (Though I do have four nt and three W2k servers)

There are a ton of other things to watch out for. But these are the ones I have seen hackers use mostly. I was setting up a server on Friday and got half way through. Stupidly I left it on that weekend and came back to a hacked up mess. I learned a lot from that... I basicaly wiped the machine and stated fresh.


Good luck.

[redshift]

I use 914 for all my userids and passwords, makes it easy to remember.



914

[-P-]

I wouldnt worry about the static vs dynamic issue. I would follow everything Rockaria mentioned on your computers.

Explain your setup to us and we can offer advice.

I assume you have a small lan ~5 computers and a server (not sure what it does...file/accounting server?) If it doesnt host a publicly needed service (HTTP, SMTP, FTP, etc...) I would grab a linksys or netgear router for ~100 bucks and plug your cable/dsl/ whatever inet connection you have into it and use NAT. NAT, in the most common use, allows all of your internal computers to use non routable private addresses and share a public address. Unless you specifically forward traffic into your LAN, like you might if your server was say a web server, then chances are good that you have a head start on having a secure network. Combine this with strict email policies (ie no HTML email) and proactive updating of patches and virus definations and you should do alright. If you want something a bit more robust and feature packed look into SOHO firewalls from Sonicwall.

[KaptKaos]

Steve,

Just sent you a PM. Take a look. Call me if you have questions.

- Joe