I searched the forums, but didn't see any real solutions.
One of my SBS2008 servers has been getting brute forced for about 2 days now. I just saw the logs this morning.
Event 4625, Logon Type: 10
Random usernames, including administrator, Owner, john, sally, ect....
I do have user accounts that use firstname last initial, so eventually it's bound to hit a proper name. I do enforce password complexity, but I'd hate for a lucky guess eventually to get it in. It seems to be trying a new password ever 2 seconds.
The users on this server do use RWW to remotely connect to their desktops, and I use RWW to remotely connect to the server to administrate it.
The administrator account is not disabled, I'm going to check services that require it, and take actions to disable that account.
What else can I do to secure the server.
Port 3389 is forwarded to the SBS2008 server, but after some research it looks like it's no longer needed in SBS2008+ I know it was needed in SBS2003.
So aside from removing and blocking port 3389 (assuming RWW works with out it), and disabling the administrator account what else can I do make sure I'm secure.
