I created a list of inactive accounts and, working through the list with a couple of long-time employees, removed over 50 accounts that still had access to the network, the staff site and the intranet software.
I've also changed all server admin passwords and updated all the ODBC pointers to a new single-purpose account on MySQL. I've also got a plan with about two dozen touch-points that is being addressed by me and three others that work at the same level as I do.
Next on to IIS and the FTP servers that were running. There are over 160 sites in IIS and 100+ users on FTP. Resolving those users with our other list, and cross-checking against active clients, we were able to stop 40+ sites in IIS (30 more are suspect) and firm up the FTP server.
We're getting a whole lot of traffic from someone trying to brute the admin account on that box...will have to watch that for the time being, but the bigger plan is to move it inside the firewall and close down that channel. We're also scrubbing them now at 3 attempts (instead of 5) so hopefully that will slow their efforts. I changed it to a strong pass, so by brute they're just wasting their time.
No comments:
Post a Comment