Windows 2000 Security Considerations

[Previous] [Next]

The material in this section covers security issues specific to Windows 2000.

Review, Update, and Deploy the Provided Hisecweb.inf Security Template

We've included a security template on the companion CD, named Hisecweb.inf, as a baseline applicable to most secure Web sites. The template configures basic Windows 2000 systemwide policy.

Perform these steps to use the template:

  1. Copy the template to the %windir%\security\templates directory.
  2. Open the Security Templates tool, and look over the settings.
  3. Open the Security Configuration And Analysis tool, and load the template.
  4. Right-click the Security Configuration And Analysis tool, and choose Analyze Computer Now from the context menu.
  5. Wait for the work to complete.
  6. Review the findings, and update the template as necessary.
  7. Once you're happy with the template, right-click the Security Configuration And Analysis tool and choose Configure Computer Now from the context menu.

Configure IPSec Policy

You should seriously consider setting an Internet Protocol Security (IPSec) packet-filtering policy on every Web server. This policy provides an extra level of security if your firewalls are breached. Multiple levels of security technology are often considered a good practice.

In general, you should block all TCP/IP protocols other than those you explicitly want to support and the ports you want to open. You can use the IPSec administration tool or the IPSecPol command line tool to deploy IPSec policy.

Secure the Telnet Server

If you plan to use the Telnet server included with Windows 2000, you should consider restricting the users who can access the service. To do this, perform the following steps:

  1. Open the Local Users And Groups tool.
  2. Right-click the Group node, and choose New Group from the context menu.
  3. Enter TelnetClients in the Group name box.
  4. Click Add, and add the users who are to have telnet access to the computer.
  5. Click Create and then Close

When the TelnetClients group exists, the Telnet service will allow only those users defined in the group to have access to the server.



Designing Secure Web-Based Applications for Microsoft Windows 2000 with CDROM
Designing Secure Web-Based Applications for Microsoft Windows 2000 with CDROM
ISBN: N/A
EAN: N/A
Year: 1999
Pages: 138

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net