Windows 2000 Server Security Configuration Ultimate Guide

Windows 2000 ServerThe operation is simple and easy to manage. However, Microsoft is also facing criticism and complaints about the security of its products. Is the security of Windows 2000 Server so poor? No! In the end, the key to security lies in human factors. If properly configured, Windows 2000 Server is quite secure.

The security configuration for Windows 2000 Server is as follows:

The first thing to note is that there is no absolute security in the world, and our goal is to achieve the following security levels: apart from those strong and skilled hackers, it can prevent the vast majority of hackers from accessing the system.

The previous 4-point statement was officially launched:

1. The security configuration of Windows 2000 Server is a big topic. Due to my own level and experience, there may be many errors. I hope you will give me some advice and discuss it together; if you are willing to communicate with me, you can go to ITSwww.itaq.org to discuss it, or go to my homepage to stay at www.SecurityArt.net.

2. If this article can help you a little, it will be my great honor and the best praise and encouragement for me.

3. During the writing process of this article, I have referenced a large amount of relevant materials. I would like to express my sincere thanks to the author!

4. I would like to send this article to my girlfriend "Pearl pig" and thank her for her trust, support and help in my most difficult times. I wish her a happy day abroad)

Because the article is long, it is necessary for me to introduce the structure of this article at the beginning.

· Version Selection

· Installation, and nine issues that should be paid attention to during the process

· Simple basic configuration

· Install some components such as IIS and make further configuration

· Further configuration of 18 important points of attention)

· Physical security considerations

I. Version selection problems:

Selecting an appropriate version is the first step to install and configure Windows 2000.

Most users in China choose to install Windows 2000 Server Chinese edition because they are not used to English interface operations. But we do not know, from this first step, we have already buried security risks. Why? As we all know, Microsoft has always been known for bugs and patches. In a few days, a new vulnerability will be launched, and Microsoft will release the corresponding patches. Of course, the patches in English versions are released first, while patches in other languages are usually delayed for a period of time. During this period, our machines are naked for attackers, attackers can exploit this vulnerability.

Therefore, I strongly recommend that you install the English version whenever possible.

Also, do not install any Beta version regardless of the language version, because most Beta versions of the operating system contain serious security defects.

Ii. Installation

1. System Requirements

First, let's take a look at the system requirements of Windows 2000 Server:

CPU compatible with 133MHz or higher Pentium;

At least 128 mb ram also supports MB; at most 4 gb ram is supported );

2 GB hard disk, at least GB free space. If you install it over the network, additional hard disk space will be required );

Windows 2000 Server supports up to four CPUs on one machine;

VGA resolution or higher-level monitor;

CD-ROM drive, recommended 12 speed or faster;

If the computer does not support starting the installation program from the CD, a high-density 3.5-inch floppy disk is required;

One or more NICs and related cables compatible with Windows 2000 server are required for installation from the network.

Note that before installation, it is best to check whether your hardware is within the range of Windows 2000 Server's hardware compatibility list HCL. This is because, microsoft only provides tested drivers for devices listed in Windows 2000 HCL. If you use a hardware that is not listed in HCL, some problems may occur during or after the installation.

2. Implementation path

There are two ways to implement Windows2000 Server. One is a completely new installation, and the other is an upgrade from another version of Windows (Windows NT Server3.51 or Windows NT Server4.0 ).

However, we recommend that you perform a new installation to avoid problems after the upgrade.

3. Partition issues

Some people are lazy when installing the system. They only make one partition and directly install the system. This will bring a lot of risks. For example, if there is only one partition, the IIS Buffer overflow will directly threaten the system security.

We recommend that you have at least three partitions, preferably four. Such as C, D, E, F

C-disk mounting system, 2 GB space or more, IIS on disk D, FTP on disk E, and important data on disk F.

4. File Format Problems

Windows 2000 Server supports both the FAT format and the NTFS format. But we recommend using the NTFS format. Why? Because the NTFS format has more security control functions than the FAT format, you can set different access permissions for different files and folders, and enable EFSEncrypt File System) to encrypt files, in this way, only authorized users can access the service to improve security. In addition, it is best to format the partition into NTFS according to the system prompts during the installation process, instead of installing it into the FAT format and then converting it into the NTFS format, because in some cases, the conversion may fail, data loss and even system crash.

One coin has two side. NTFS also has a negligible aspect --- <1> currently, most anti-virus software does not provide detection and removal of the NTFS partition virus after a floppy disk is started, in this way, once a virus is detected in the system and the system cannot be started normally, the consequences will be severe. Therefore, we usually do a good job of anti-virus. <2> ADSsNTFS exchange data streams) is a feature of NTFS, designed to be compatible with HFS. however, it is difficult to find out, so it is a dangerous situation for administrators. Bennie and Ratter of 29A have published a kind of data called W2K. stream virus, which uses ADSs. for more information about NTFS exchange data streams, see: http://go.6to23.com/securityart/ta/ntfs.htm

5. multi-system problems

We strongly recommend that you install only one operating system on the server. Because installing two or more operating systems will create more opportunities for hackers. An attacker may use DDOS attacks or other means to successfully restart your system and enter another system with poor or unconfigured security configurations to defeat your system.

6. network connection problems during installation

Win2000 has such a problem during installation. After we enter the Administrator password, the system creates an ADMIN $ share, but the password you just entered does not take effect ", this situation continues until the system starts again. That is to say, during the process before the restart, anyone can access the machine through ADMIN $.

Therefore, do not connect to the network before completing basic security configurations. At this time, it can be said that it was "artificial knife, I am Fish ".

7. Modify the default path

We all know that the default path for Windows 2000 is C: \ Winnt. We can change it to C: \ win03478, and other irregular names. In this way, the protection of the system is also enhanced to a certain extent.

8. component selection issues during installation

<1> in Windows 2000 server, IIS is installed by default. in Windows Server 2003, IIS is not installed by default.