 |
Abstract
Determining what steps need to be taken to secure a system is one of the most frustrating things that system administrators have to do. This white paper provides a method for getting a Win2K server to a "secure" baseline. From this baseline you can work forward to install additional services. The focus of this white paper is on the Win2K server, but much of the information is applicable to Win2K Professional as well.This paper is excerpted and modified from Chapter 21 of the Windows 2000 Security Handbook (ISBN: 0-07-212433-4, copyright Osborne/McGraw-Hill) authored by Phil Cox and Tom Sheldon
I hope this proves helpful,
Phil
This following files are currently available:
HardenW2K13.pdf: Hardening Windows 2000 version 1.2
home_Low.ipsec: IPSec filters to block inbound connections to NetBIOS/SMB ports (ews)
home_User.inf: IPSec filters to set Local Security Policy for a home user configuration (ews)
secureWebServer.ipsec: IPSec filters to only allow inbound http by default. Additional filters defined for https, smtp, NetBIOS, ICMP (ews)
Web_Secure.inf: IPSec filters to set Local Security Policy for a web server configuration. Note that this Web Server template was partially created on a Windows 2000 Professional System, so Power Users (or related SID) may be present in rulesets, instead of Server Operators. (ews)
Note on Windows 2000 Templates and IPSec filters
Descriptions:
Please test all templates on non-production servers. I haven't had time
to fully test all file and registry changes on production systems. please
send comments and feedback to Eric
Schultze or Phil Cox
|
|
 |
Boston | New York | Washington | San Francisco | Los Angeles | Sacramento | Tampa
Call 1-888-749-9800 info@systemexperts.com
©Copyright SystemExpertsTMCorporation, 1995 - 2004. All rights reserved.
All trademarks used herein are the property of their respective owners.