Hello everyone,
I am new to the TechNet forum (so if this is in the wrong spot, I apologize), and a relatively new server renter. I rent a virtual server with Windows 2008 which hosts web, mysql, ftp, and game services, and I need to work on implementing some security because as of now, there is none. I haven't had the server for very long (month or two) and I've been focusing on getting everything set up and running properly and haven't really had time to sit down and really think out a good security plan. Hopefully you guys can help me.
The other day I checked the event viewer and found that I was getting about 2000 login failures a day, from different IPs, using different ports, and attempting different user names. This is what really lit a fire under my ____ and motivated me to beef up on security.
I assume the first step would be to setup a firewall, can anyone recommend a good free one for me?
Is there a way to set up a policy where after x number of failed login attempts, your IP gets blacklisted from all network activity on the server? I was thinking of writing a perl script to go through all of the logs in the event viewer to get all the IPs used and then import them into IPsec somehow, but I'm hoping there is an easier way.
And information on any other sort of security methods or techniques would be greatly appreciated. I understand that I am an idiot for having a completely unprotected server, so you don't need to point that out. I just want to take this as a learning experience and get as many suggestions and ideas from you pros as I can.
Thanks a ton in advance.
I am new to the TechNet forum (so if this is in the wrong spot, I apologize), and a relatively new server renter. I rent a virtual server with Windows 2008 which hosts web, mysql, ftp, and game services, and I need to work on implementing some security because as of now, there is none. I haven't had the server for very long (month or two) and I've been focusing on getting everything set up and running properly and haven't really had time to sit down and really think out a good security plan. Hopefully you guys can help me.
The other day I checked the event viewer and found that I was getting about 2000 login failures a day, from different IPs, using different ports, and attempting different user names. This is what really lit a fire under my ____ and motivated me to beef up on security.
I assume the first step would be to setup a firewall, can anyone recommend a good free one for me?
Is there a way to set up a policy where after x number of failed login attempts, your IP gets blacklisted from all network activity on the server? I was thinking of writing a perl script to go through all of the logs in the event viewer to get all the IPs used and then import them into IPsec somehow, but I'm hoping there is an easier way.
And information on any other sort of security methods or techniques would be greatly appreciated. I understand that I am an idiot for having a completely unprotected server, so you don't need to point that out. I just want to take this as a learning experience and get as many suggestions and ideas from you pros as I can.
Thanks a ton in advance.