windowsupdate.microsoft.com does not catch all patches. use the hotfix checker utility on the box to make sure you have all updates installed and that they install correctly. We have had to reapply several patches (esp ms01-044) a couple of times because they didn't get installed right. you can get the checker from m$ at http://www.microsoft.com/technet/security .
/ljb
-----Original Message-----
From: John Tolmachoff [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 9:49 AM
To: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] Blackmail by hacker
There is a lot of information about your setup you have left out, but
here are some basic steps. Use NTFS permissions on the server
religiously. Deny Anonymous logins. Establish password policies. Require
SMTP authentication, deny users the right to change passwords, and
establish new passwords for all users, deny relay. Set up auditing.
Change the name of the computer administrator account. Go to Microsoft's
website, windowsupdate.microsoft.com, and run all updates, then go to
the downloads page and update IIS.
If you would like more direct assistance, email me directly.
John Tolmachoff, Network Engineer
211 E. Imperial Hwy., Suite 106
Fullerton, CA� 92835
714-578-7999, ext. 104
[EMAIL PROTECTED]
www.reliancesoft.com
�
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Kyrre Wathne
Sent: Thursday, September 20, 2001 5:47 AM
To: [EMAIL PROTECTED]
Subject: [IMail Forum] Blackmail by hacker
Hello. I'm being blackmailed by a user who claims he has gained
unauthorized
access to other users' accounts. I'm running IMail 6.06 with the user db
in
MSSQL 7. Am also running IIS5 on the same server. Any ideas on how I can
track down potential security holes?
Thanks,
Kyrre
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
