Looking for guide to securing W2K

[Brian Boyko]

Hello - I'm looking for a guide to securing Windows 2000 SP4 on an older
laptop. I like Windows XP but I'm really performance minded on hardware
that old, it's reached it's upgrade maximum, and as I'm going to be using it
as a modified HTPC, I'm wondering if I can modify it so that it's roughly as
secure as Windows XP SP2.

I've already done the basics - installed AV software and Ad-Aware, though
I've yet to find a good firewall solution other than having it connect
through a Belkin router.

Please reply to brian dot boyko at gmail dot nospam dot com and remove the
nospam.

-- Brian

 

[B. Nice]

Hello - I'm looking for a guide to securing Windows 2000 SP4 on an older
laptop.
http://www.ntsvcfg.de/ntsvcfg_eng.html

I like Windows XP but I'm really performance minded on hardware
that old, it's reached it's upgrade maximum, and as I'm going to be using it
as a modified HTPC, I'm wondering if I can modify it so that it's roughly as
secure as Windows XP SP2.

In general I don't consider a hardened and patched W2K less secure
than an XP machine. But since you are not very specific about what you
actually want to secure against it's not that easy to give good
advice.

BTW, what exactly do you mean by "modified HTPC"?

I've already done the basics - installed AV software and Ad-Aware,

I don't really consider that "the basics". You have installed some
semi-useful AV-software and some questionable anti-adware stuff. For
what reason? Are you planning to install adware? ;-)

Maybe it would be a good idea if you defined the threats you want to
guard against and then set up appropriate counter-meassures.

though I've yet to find a good firewall solution

Good software firewalls don't exist. And again - to guard against
what?

other than having it connect through a Belkin router.

Consider shutting down network services instead. The before mentioned
website has a nice script to help you.

 

[Brian Boyko]

Mainly, I'm not too worried about intrusion, but I am worried about
viruses/malware/worms.

 

[Roger Abell [MVP]]

Mainly, I'm not too worried about intrusion, but I am worried about
viruses/malware/worms.

Your best defenses against those threats are to watch closely
what you run on the machine (do you need to use it for email,
for web browsing?) and using what account (can you use a
limited rights account for what you will be doing?).

For W2k I tend toward setting up IPsec to deny all network
traffic and then carefully add on allows for what purposes
the box exists (and, with W2k this is imperfect; one needs
to pull up the KBs on the default IPsec exemptions)

Roger

 

[B. Nice]

Mainly, I'm not too worried about intrusion, but I am worried about
viruses/malware/worms.

Look at the threats one by one. How do you expect these to get in? The
answers to that should be the key to your next moves.