1. We are running a terminal server on a Windows 2000 server. It has IIS on it. Someone was able to connect to the system, install some sort of SQL exploit tool as well as a mail blaster. How did this happen and how can we prevent it from happening again?