Hi Felix,
1. The crucial aspect is not your ports being scanned, but what services or ports you make available between your DMZ' s, LAN's and Internet via your Firewall.
2. The standard http 80 port: Its security vulnerabilities mostly rely on not any kind of FW product, but on the Web Server prog. & OS. (Especially, when IIS & Windows is the case.) The solution is;
You'd better check MS official sites for armoring WinNT or Win2K Servers, also go through IIS security checklists, install all the necessary security patches, hotfixes, SP's... and make other necessary adjustments in the IIS.
(The hacking problem you had faced was probably SADMIN/IIS worm or something like that, I presume...)
3. Even Checkpoint has some its own IDS tools, I advise you to use additional IDS program(s) independent of your FW, on (an)other server(s). Such as, IIS - RealSecure or CA - ETrust IDS.
-----Original Message-----
From: Felix [mailto:[EMAIL PROTECTED]]
Sent: 30 Mayıs 2001 Çarşamba 17:52
To: Fw-1-Mailinglist
Subject: [FW1] WebSite being Hacked!!!
Hi, all:
one of my web server (IIS4.0 on NT 4.0 SP6a) which is behind my FW1-4.1
sp3 has been hacked.
I think the hacker used script via IE explorer to hack it.
My questions are:
1. How to prevent from ports scanning through Internet.
2. How to prevent from being hacked through port 80.
3. How can I enable the Intruder Detect system (not only ip spoofing)
Thanx!
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
