Additional Information

Additional Information

• Security Operations Guide for Windows 2000 Server, Chapter 4, Securing Servers Based on Role (http://www.microsoft.com/technet/security/prodtech/windows/windows2000/staysecure/secops04.asp)

• MCSE Training Kit: Designing Microsoft Windows 2000 Network Security, Chapter 14, Securing an Extranet (Microsoft Press, 2001)

• IIS Security Planning tool (http://www.microsoft.com/downloads/release.asp?ReleaseID=24973)

• IIS Lockdown tool (http://www.microsoft.com/technet/security/tools/tools/locktool.asp)

• URLScan security tool (http://www.microsoft.com/technet/security/tools/tools/URLScan.asp)

• Secure Internet Information Services 5 Checklist (http://www.microsoft.com/technet/security/tools/chklist/iis5chk.asp)

• IIS 5.0 Baseline Security Checklist (http://www.microsoft.com/technet/security/tools/chklist/iis5cl.asp)

• Microsoft Windows 2000 Advanced Documentation: Mapping Certificates to User Accounts (http://www.microsoft.com/windows2000/en/advanced/help/sag_CS_CertMapAccounts.htm)

• U.S. National Security Agency s Guide to the Secure Configuration and Administration of Microsoft Internet Information Services 5.0 (http://www.nsa.gov/snac/win2k/guides/w2k-14.pdf)

• 315669: How to Harden the TCP/IP Stack Against Denial of Service Attacks in Windows 2000

• 309677: Known Issues and Fine Tuning When You Use the IIS Lockdown Wizard in an Exchange 2000 Environment

• 309675: IIS Lockdown Tool Affects SharePoint Portal Server

  The previous three articles can be accessed through the Microsoft Knowledge Base. Go to http://support.microsoft.com and enter the article number in the Search The Knowledge Base text box.