Ok. But are any of these hacks and attacks exploiting security holes in the GCN itself? From your description, it sounds like they are using exploits at the web server and database level, not taking advantage of unique problems within the GCN application itseld. Especially with DOS and DDOS attacks... there is absolutly nothing you can do at the application level about such an attack. Once the request gets past the firewall and the web server has answered the request, it wouldn't matter if the GCN could detect the attack. It would still be busy with the requests. To stop DOS attacks you need a good firewall router... and I mean a GOOD one, like one of the Cisco pix firewalls. These stop DOS packets before they are even forwarded to your web server, and they handle logging and admin alerts themselves. They can also screen out most hack attacks. You can also use Microsoft's ISA server, or a similar 3rd party product in place of, or better yet in addition to, a good deticated firewall. However; you also should secure the IIS web service itself. Patching it is one step, and careful configuration is another. These two alone will prevent 95% of attacks even if there isn't a firewall helping out. If you need more, there are also 3rd party add-ons at the IIS server level. Logging can also be handled here either by IIS's built in logging, or by 3rd party add-on products. Another important thing. If you want to stop hackers from hijacking a user's session, your most effective first line of defense is to use SSL (https). This encrypts the communication making playback, and hijack attacks very difficult. But once you get to the GCN application itself, if you haven't stopped the hacker before they get there, you are likely in trouble no matter how well coded the GCN may or may not be. The GCN has pretty strong security for a web application. Using an HttpModule and storing almost everything in the database allows the GCN app to check user credentials before serving up ANY resource, including images. But if the IIS server is hacked, or the web server's OS itself is hacked, or if the Database Server is hacked... you are screwed, and nothing in the GCN is going to stop the hacker. I would disagree with the notion that GCN has significant security holes. It has some "weaknesses" such as non-encrypted user passwords, but this is only an issue if the hacker can gain access to the database server directly, or gain enough control over one of your web apps to issue a database query of their choice... and the CSK doesn't make this easy as long as IIS itself is property configured. I would also disagree that logging is a useful feature of the GCN itself. The best place to log access is at the web server, or even better at a router before the web server. Afterall, the GCN is only one possible app on a web server. Hackers may be gaining access to GCN by compromising non-GCN pages, directories, or sites on the same server where any logging by GCN itself would not show anything at all.