Dear All,

I am concerned about the security of my network which is connected to the
Internet.
We are using NT 4.0 SP6a, OP4, IIS 4.0 and Proxy server2.0 also.

What kind of security threats we can face ? Also with regards to IIS ?
What measures should we take ?
What sort of security can we implement other than NTFS and patches on IIS ?
Should we use any other software to tighten the security ?

Suggestions and advices are needed and appreciated.

Here's a couple links to start with...
http://www.securityfocus.com/ http://www.ntsecurity.com/

There is a great deal of information to know about security. New exploits all the time. IIS services are some that get exploited frequently.

Getting a firewall between the NT server and the Internet would be a good place to start after you have applied all the Microsoft patches and hotfixes.

MS Knowledge Base has a security checklist somewhere on Technet which would be wise to follow. Don't have the specfic link handy but start looking at http://www.microsoft.com/technet/security

You might also want to get ZoneAlarm and a port sniffer program. It will sniff out the open ports on your machine which are vulnerable and open to hackers while you're online. It's helped me to close these ports on a Windows 2000 Server system that I didn't even realize were open to hacking.