The material in this section covers security issues specific to Windows 2000.
We've included a security template on the companion CD, named Hisecweb.inf, as a baseline applicable to most secure Web sites. The template configures basic Windows 2000 systemwide policy.
Perform these steps to use the template:
You should seriously consider setting an Internet Protocol Security (IPSec) packet-filtering policy on every Web server. This policy provides an extra level of security if your firewalls are breached. Multiple levels of security technology are often considered a good practice.
In general, you should block all TCP/IP protocols other than those you explicitly want to support and the ports you want to open. You can use the IPSec administration tool or the IPSecPol command line tool to deploy IPSec policy.
If you plan to use the Telnet server included with Windows 2000, you should consider restricting the users who can access the service. To do this, perform the following steps:
When the TelnetClients group exists, the Telnet service will allow only those users defined in the group to have access to the server.