Question 2 - Why is my connection so Slow?

A customer calls inquiring as to why their connection seems so slow. The customer has been running a ftp server on their mail server and that service was not properly configured to hackers have used the site to distribute "warez" and pornography. Their connection appears slow because all of their bandwidth is being used by people getting illegal software.

Some Lessons I picked Up

Know what is running on your network.

All allowable traffic, in and out, should be in your firewall rules explicitly.

Really know what services are running on your network.

You should really be aware of any incoming IP packets. Each externally addressable (and accessible) service provides a means for someone to get into your site.

Make sure you really need to run that externally accessible service on your network.

It is pretty rare that customer's intend to run ftp sites.

Don't "throw" test boxes outside the firewall or install services haphazardly on servers.

Some companies want to test out a new application but don't want to go through setting things up on a firewall just of their little quick test. These things almost are never really quick and the boxes seem to stick around. Pretty soon they are forgotten. Very frequently a box thrown on the network to trial software is NOT properly secured.

It is not unusual for people to install services (or simply fire up existing services) on a server for temporary reason. It is very common, for instance, when someone needs a very large file that can't be emailed for the IT department to simply fire up the ftp server on the Exchange box.

Bad things happen when you take steps to provide a quick solution for a problem that involves going outside your usual procedures. In the above instance, the service should have been deactivated when the need for it was no longer there.

Know Your Services - Configure them properly

Make sure that you know the service you are configuring. Particularly in a Microsoft environment, where the basic mechanics of running services make it easy for someone with little knowledge of the service to run it, you need to go back and make sure things are configured correctly.