Many of my clients use a server for several reasons. One is to have a centralized place to store all their files, as well as using a server to connect all the machines together. Another reason is to have the sever handle all the printers in the office—to store and handle all print jobs. Some clients of mine have their own e-mail server, making everyone's e-mail available from one centralized location.

However, the most important reason for having a small- to medium-sized server is to allow several users to use the Internet through one gateway. If they have a Windows NT Server, some use a proxy server, like Microsoft's Proxy Server version 2.0. On the Windows 2000 Server side, Microsoft put routing and remote access into the operating system to allow the same thing. Other people just use Internet Connection Sharing (ICS).

Any way you put it together, you save money on those expensive IP addresses. IP addresses can cost as much as $5.00 a month per address. One address is all that is needed if you use a proxy server for every machine in your office. However, are you really protected?

If you have a server product and want to see if you have any viruses, you must purchase an antivirus program. But wait, antivirus programs only work on workstations, including Windows 95, 98, ME, NT Workstation, 2000 Workstation, XP Home, and XP Professional.

I called McAfee and Norton and asked them how much it cost to purchase antivirus software for a server product. McAfee said it is about $2500 for protection on a server product and it installs as a service. It is a completely different product. Norton was a little cheaper, but still up there in price and it, too, installs as a service in the services class.

Based on this, my operating systems have not been checked for quite some time. One workaround was to purchase a workstation version of ether Norton or McAfee and then install it on a workstation. Then map the root drives of the server on this workstation, logging on with administrative privileges, and run a virus check on those drives. This worked for quite some time. And it was much cheaper. However, there had to be a better way.

When I was on McAfee's Web site the other day, I noticed an Online Services section, and then a VirusScan Online button. There was a free trial so I tried it. Right away it found a virus on one of my servers. It was a simple virus called the "SUN/OS defacing virus." It changes your Web site into a page with the words "F… U.S. Government," and it only does that. It was there for about a month on a back server of mine which is not a main page so I never noticed it before. I usually keep an eye on it closely but missed this one.

The Online Service worked well. However, the trial does not clean the virus or delete the files in question. You actually have to subscribe to the service. So I did! It costs me around $40.00 for two years and it does not care if you have a server or not. It works. I highly recommend it for anyone that has a server product.

Back Doors
I went to one client because they were complaining about their Internet service being very slow. They have a Windows NT server with a proxy server installed, allowing seven other machines to have access to the Internet through this service. After examining the system very thoroughly, I noticed that the logs were pointing to several hundred different sex Web sites.

I first thought that maybe someone in the office had just a little too much time on their hands. Then I looked even closer and noticed that the times were even during the day. As a matter of fact, there were some connections that just happened. Then I opened the service and noticed that there were over four thousand connections connected right then. So I quickly shut down the service.

I started looking for holes in the system, and found nothing. After several days of racking my brain, I gave up and called Microsoft. That's a $245 phone call. We talked and worked on this problem for over four and a half hours.

We completely uninstalled the entire IIS (Internet Information Server) service and rebuilt it from scratch. Still, these little guys were getting through.

We determined that all of those guys were from Japan. We did several reverse lookups and found nothing but Japanese writing on their websites. But how was I going to stop this? Microsoft told me, after talking with several technicians, that they cannot fix the problem and that they recommended re-formatting the drive and starting over.

I had the job of going in and telling the client that this is what we had to do. I ran every virus program in the world and could not find this back door. I ran the Online Virus program on this server and it came up clean. However, they were still getting through.

Microsoft confirmed that the service was installed correctly. They said that sometime during the last few months, the service acquired a virus (and they did because I cleaned it off), which left a hole in the system. At this time, someone put a small but nasty back door program in there which allowed outside people to act like a local workstation, and gave them access to the Web.

So I did reformat the drive and start over. On Microsoft's recommendation, I had the customer upgrade to Windows 2000 server, which made the IIS service become version 5.0, which closes most of those holes.

I learned a whole lot about security that week. I recommend anyone that has a server product to order the Microsoft's Security CD and run that against any of their IIS servers. It helped me a lot.