Additional Information
Security Operations Guide for Windows 2000 Server, Chapter 4, Securing Servers Based on Role (http://www.microsoft.com/technet/security/prodtech/windows/windows2000/staysecure/secops04.asp)
MCSE Training Kit: Designing Microsoft Windows 2000 Network Security, Chapter 14, Securing an Extranet (Microsoft Press, 2001)
IIS Security Planning tool (http://www.microsoft.com/downloads/release.asp?ReleaseID=24973)
IIS Lockdown tool (http://www.microsoft.com/technet/security/tools/tools/locktool.asp)
URLScan security tool (http://www.microsoft.com/technet/security/tools/tools/URLScan.asp)
Secure Internet Information Services 5 Checklist (http://www.microsoft.com/technet/security/tools/chklist/iis5chk.asp)
IIS 5.0 Baseline Security Checklist (http://www.microsoft.com/technet/security/tools/chklist/iis5cl.asp)
Microsoft Windows 2000 Advanced Documentation: Mapping Certificates to User Accounts (http://www.microsoft.com/windows2000/en/advanced/help/sag_CS_CertMapAccounts.htm)
U.S. National Security Agency s Guide to the Secure Configuration and Administration of Microsoft Internet Information Services 5.0 (http://www.nsa.gov/snac/win2k/guides/w2k-14.pdf)
315669: How to Harden the TCP/IP Stack Against Denial of Service Attacks in Windows 2000
309677: Known Issues and Fine Tuning When You Use the IIS Lockdown Wizard in an Exchange 2000 Environment
309675: IIS Lockdown Tool Affects SharePoint Portal Server
The previous three articles can be accessed through the Microsoft Knowledge Base. Go to http://support.microsoft.com and enter the article number in the Search The Knowledge Base text box.