How safe is a default install ?

cooljimy84

cooljimy84

cooljimy84

Associate
Joined
28 Dec 2006
Posts
587
Location
Epsom Downs
I've just popped server 2003 R2 SP2 on my file server (at home)

I've just left every thing on default, part from the firewall which i have switched on and configured. I log on as a user that is an administrator and run bittorrent for downloading linux iso's etc...

I've got AVG on it as well

I've turned off P'n'P on the router and i have set an open port for bit torrent

i've also shared the second drive as read only.

But i've not run the Security configuration wizard ...

How safe an i ?

Ish ...?
 
safe from what exactly?! here are some basics to go through... assuming you mean 'external sources' then the only direct access to your server from outside is via the hole you have poked in your firewall for bit torrent. keep an eye on whether there are any vulnerabilities within this software you are using that allow your server to be remotely taken over. obviously any files received over bit torrent (as well as any other external source) have the potential to be not quite what it says on the tin so treat these with caution. similarly, any activity on the server that opens an outbound connection through the router can potentially allow reverse communication to occur, so watch out for the usual spyware/trojans/backdoors etc. do you have wireless on your home network? if so then you need to take the appropriate action to secure this to prevent unauthorised use. ensure your systems have all the latest patches and hot-fixes installed. use decent strength passwords on your accounts. dont use accounts with unnecessarily elevated privileges. if you mean 'internal sources' then you need to be searching google for tips on hardening windows - turning off unnecessary services etc...assuming there is someone on the inside of your network that has the skill to be able to get admin rights on your box this is! just remember that there is no such thing as a 100% secure system, but above are just some of the basic steps towards mitigating obvious risks.
 
Last edited:
why are you running Bittorrent on a server and not a workstation?!
I guess you have setup SBS just as a "look see" and not wanting to use it for anything business crucial?!

Rob
 
the reason i have used it is becuase i can't share my drives on XP if i use the hardware raid, so i stuck on sbs 2003 so i could use the software raid.

I'm a home user and is not being used for any thing apart from internal LAN file sharing, TVeristy and bittorrent

Reply to atomiser

I've got a 12+ long password on both accounts. I've also got peerguidain on the box, which will ony run if i'm an admin.... so i created a second admin account, (so at least i'm loggging on and running things through administrator)

Many thanks i'll have a look at the wizard as it disables services and bits i don't need....
 
If you have a NAT router it'll be "reasonably" secure, if you put it on a public network I think you'd last a few minutes at worst, a few hours at best.....
 
So long as it's had the windows updates run, has AV software and the firewall enabled then that's about secure as you can get with running any hardening tools.

I've run a W2K3 webserver for nearly 3 years sat on my network with just ports 80 and 443 open in the firewall (both hardware and the Windows firewall) and I've never seen any problems. You get the occasion instance in the logs of someone trying to run really old ASP / PHP / Indexing script but they were all patched a long time ago.

It's all about surface attack area - if someone cant get into your machine in a very short space of time then they'll skip to the next one as they will find insecure machines pretty quicky.

You also run everything as Administrator. Obviously that's not a good idea (as everyone says), but I CBA with the hassle of running a limited account and then switcing to make changes, so I created a second admin account, disabled the first and run under that. It's not a massive improvement security wise but if someone is targeting the "Administrator" account they'll find it disabled and wont know the name of the other account I run under.
 
cooljimy84 said:
I've also got peerguidain on the box, which will ony run if i'm an admin.... so i created a second admin account, (so at least i'm loggging on and running things through administrator)
Click to expand...


Log on with a 'normal' user account and use runas to run the app with admin credentials?
 
cheers guys, i'll try disabling the administrator account and create a new user with admin rights...

It's behind a hardware firewall, but i do have a static IP, as i run a VM machine for a rather naf website for some programs i need to download if i'm out and about....

Many thanks
 
to be honest it's a file server for me... it's just the hardware raid was hacking me off so i wanted to see if i got the same problem with software raid (which i don't)
 
Aye, but it's not very funny when your server gets compromised and someone sets up an open SMTP relay on port 25.
 
I'd not trust ISA simply because it sits on Windows.
I dont meant it in the usual MS bashing sense, it's just that as it sits on Windows that it open up another layer to secure as well.

Up until recently I ran a Watchguard firewall that I got from Ebay for £30.
Not the most up to date in the world but it's a hardware firewall based on a hardened linux kernel - yummy.
 
Admitidly Windows Firewall is an oxymoron but I don't know of another solution (either hardware or software) that offers application layer filtering that is as granual as ISA 2006. It is also a very robust VPN server - one which is easy for admins and users to manage!

The main problem with ISA is that it is too expensive for SMEs.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom