Security for Windows 2000 Server

[Guest]

Which guide should i consider to secure my windows 2000 server ?

as i found many different guides from Microsoft itself

1) Windows 2000 Security Hardening Guide
downloaded from
http://www.microsoft.com/downloads/...86-A2C8-4C8F-A9D0-A0201F639A56&DisplayLang=en

2)Securing Windows 2000 Server.pdf
downloaded from
http://www.microsoft.com/downloads/...42-E236-4D73-AEF4-7B4FDC0A25F6&displaylang=en

3) Windows 2000 Security Configuration Guide
http://download.microsoft.com/download/8/c/c/8cc94365-13d6-4975-bf69-9d4cd16a01a7/w2kccscg.pdf

I found no problem to secure my Windows XP systems, as i found only one
security guide from Microsoft
but this is not the case with 2000 server

please do help me !

Any help is greatly appreciated !

Thanks in advance !!!

Cheers,
Shekar

 

[Steve Riley [MSFT]]

The first guide is a broad baseline security guide that is appropriate for
most installations. It is the foundation for the more specific role-based
guidance that's described in the second guide. The third guide is specific
to the Windows 2000 configuration that attained Common Criteria certification.

Generally we recommend you follow the first and use the specific recommendations
from the second that are appropriate for your environment. Use the third
(rather than the others) only if you have a need to exactly duplicate CC
settings (which is generally not necessary).

Steve Riley
(e-mail address removed)

 

[Steven L Umbach]

There is a lot of overlap between all of them but I like the first two in
your list. If I had to pick one it would be Securing Windows 2000 Server. It
looks like the first half of that guide is a lot about risk management
theory and the last half is about actual recommendations. I would read
through the first part and focus on procedures in starting with chapter five
which includes most of what is covered in the Windows 2000 Security
Hardening Guide. --- Steve

 

[Guest]

Thanks for the valuable info,

Do u mean for providing security to "Member Server" I need to consider
"Hardening Guide"(W2KHG-MemberServer) and for more specific recommendations
such as File and Print Server use the "Securing Windows 2000 Server"

INF Files from Hardening Guide
W2KHG-baseline
W2KHG-MemberServer ***Used for Member Server***
W2KHG-DomainController ***used for Domain Controller***
W2KHG-StandaloneServer

INF Files from Securing Windows 2000 Server
MSS Domain
MSS Baseline ***Used for Member Server***
MSS DCBaseline Role ***used for Domain Controller***
MSS FilePrint Role
MSS Infrastructure Role
MSS IIS Role
MSS Optional File System ACLs

When both the documents provide security for Member Server, then why should
i consider
Hardening Guide

and more over

is it ok to consider only "Securing Windows 2000 Server" as it sounds complete
providing security to almost any role except stand-alone
and consider only Stand-alone role from hardening guide
NOTE: "Securing Windows 2000 Server" gives recommendations based on
fictitious organization
which he called "Contoso"

it would be great if these concerns are clarified

Thanks in advance

--Shekar

 

[Guest]

Thanks Steve !

i do think same but want to be bit confident before going for it

i dont understand y Microsoft provides different security guides

if they are for different purpose
the overlap creates problem

Cheers,
Shekar





Cheers,
Shekar

 

[Steven L Umbach]

From what I have read the guides give pretty consistent advice. The Securing
Windows 2000 Server seems to have added some additional info for using ipsec
filtering to secure the network. If you have a question on conflicting
advice be sure to post back if you want some opinions. A lot of the advice
given in the guides depends on the makeup of the network as far as downlevel
clients, etc. Anyhow it is great you are taking steps to secure the network
and I would also recommend reviewing the Antivirus in Depth Guide from
Microsoft as the other security guides do not go into much detail on malware
or firewalls. --- Steve

http://www.microsoft.com/technet/security/guidance/avdind_0.mspx ---
AntiVirus in Depth Guide.

 

[Guest]

Thanks Steve !

I did consider "Securing Windows 2000 Server"

it took lot of time to decide !!!

Thanks once again

Cheers,
Shekar

 

[Guest]

Hi Steve

As i said i m cosidering "Microsoft Solutions for Security" for securing my
Windows 2000 Server

I have a small concern about Registry permissions(Appendis B) given at page
378

The following info is given for each registry

Permissions Apply
Configure & Propagate
Configure & Replace
Do Not Replace
Inheritable/Can Propagate

I could understand all of them but except "Inheritable/Can Propagate"

I mapped "Inheritable/Can Propagate" to
Allow inheritable permissions from parent to propagate to this object checkbox

but felt its ambiguous
as this(Inheritable/Can Propagate) was selected only when "Do Not Replace"
was selected

could u please tell me know where does this(Inheritable/Can Propagate) fit
in DACL Editor

i m reposting in this thread expecting u r help

any help will be greatly appreciated

Thanks in advance !!!

Cheers,
ambharish