You need to monitor the security state of your server and update it regularly to help prevent newly discovered vulnerabilities from being exploited. To help keep your server secure:
Audit group membership .
Monitor audit logs .
Stay current with service packs and patches .
Perform security assessments .
Use security notification services .
Keep track of user group membership, particularly for privileged groups such as Administrators. The following command lists the members of the Administrators group:
net localgroup administrators
Monitor audit logs regularly and analyze the log files by manually viewing them or use the technique describe in Microsoft Knowledge Base article 296085, "How To: Use SQL Server to Analyze Web Logs."
Set up a schedule to analyze your server software and subscribe to security alerts. Use MBSA to regularly scan your server for missing patches. The following links provide the latest updates:
Windows 2000 service packs . The latest service packs are listed at http://www.microsoft.com/windows2000/downloads/servicepacks/default.asp.
.NET Framework Service Pack . For information about how to obtain the latest .NET Framework updates, see the MSDN article, "How to Get the Microsoft .NET Framework" at http://msdn.microsoft.com/netframework/downloads/howtoget.asp.
Critical Updates . These updates help to resolve known issues and help protect your computer from known security vulnerabilities. For the latest critical updates, see "Critical Updates" at http://www.microsoft.com/windows2000/downloads/critical/default.asp
Advanced Security Updates . For additional security updates, see "Advanced Security Updates" at http://www.microsoft.com/windows2000/downloads/security/default.asp.
These also help protect your computer from known security vulnerabilities.
Use MBSA to regularly check for security vulnerabilities and to identify missing patches and updates. Schedule MBSA to run daily and analyze the results to take action as needed. For more information about automating MBSA, see "How To: Use MBSA" in the "How To" section of this guide.
Use the Microsoft services listed in Table 16.5 to obtain security bulletins with notifications of possible system vulnerabilities.
Service | Location |
---|---|
TechNet Security Web site | http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp Use this Web page to view the security bulletins that are available for your system. |
Microsoft Security Notification Service | http://register.microsoft.com/subscription/subscribeme.asp?ID=135 Use this service to register for regular email bulletins that notify you of the availability of new fixes and updates. |
Additionally, subscribe to the industry security alert services shown in Table 16.6. This allows you to assess the threat of a vulnerability where a patch is not yet available.
Service | Location |
---|---|
CERT Advisory Mailing List | http://www.cert.org/contact_cert/certmaillist.html Informative advisories are sent when vulnerabilities are reported . |
Windows and .NET Magazine Security UPDATE | http://email.winnetmag.com/winnetmag/winnetmag_prefctr.asp Announces the latest security breaches and identifies fixes. |
NTBugtraq | http://www.ntbugtraq.com/default.asp?pid=31&sid=1- 020 This is an open discussion of Windows security vulnerabilities and exploits. Vulnerabilities which currently have no patch are discussed. |