Securing Windows NT/2000 Servers for the Internet: A Checklist for System Administrators

In recent years, Windows NT and Windows 2000 systems have emerged as viable platforms for Internet servers. More and more organizations are now entrusting the full spectrum of business activities—including e-commerce—to Windows.

Unfortunately, the typical Windows NT/2000 installation makes a Windows server an easy target for attacks, and configuring Windows for secure Internet use is a complex task. Securing Windows NT/2000 Servers for the Internet suggests a two-part strategy to accomplish the task:

• "Hardening" any Windows server that could potentially be exposed to attacks from the Internet, so the exposed system (known as a "bastion host") is as secure as it can be.
• Providing extra security protection for exposed systems by installing an additional network (known as a "perimeter network") that separates the Internet from an organization's internal networks.

Securing Windows NT/2000 Servers for the Internet is a concise guide that pares down installation and configuration instructions into a series of checklists aimed at Windows administrators. Topics include:

• Introduction—Windows NT/2000 security threats, architecture of the Windows NT/2000 operating system and typical perimeter networks.
• How to build a Windows NT bastion host.
• Configuring Windows and network services, encrypting the password database, editing the registry, setting system policy characteristics, performing TCP/IP configuration, configuring administrative tools, and setting necessary permissions.
• Differences between Windows NT and Windows 2000 security including IPSec (IP Security Protocol) configuration.
• Secure remote administration—SSH, OpenSSH, TCP Wrappers, the Virtual Network Console, and the new Windows 2000 Terminal Services.
• Windows NT/2000 backup, recovery, auditing, and monitoring—event logs, the audit policy, time synchronization with NTP (Network Time Protocol), remote logging, integrity checking, and intrusion detection.

In recent years, Windows NT and 2000 systems have emerged as viable platforms for Internet servers, but securing Windows for Internet use is a complex task. This concise guide simplifies the task by paring down installation and configuration instructions into a series of security checklists for security administration, including hardening servers for use as "bastion hosts," performing secure remote administration with OpenSSH, TCP Wrappers, VNC, and the new Windows 2000 Terminal Services.

This concise guide pares down installation and configuration instructions into a series of checklists for Windows administrators. Topics include: Windows NT/2000 security threats, architecture of the Windows NT/2000 operating system and typical perimeter networks, how to build a Windows NT bastion host, and configuring Windows and network services.

Internet Book Watch

In Securing Windows NT/2000 Servers For The Internet, Stefan Norberg is designed to assist the experienced users of Windows NT/2000 to protect their computers from Internet intrusion, sabotage, information theft, and other unwanted encroachments. Very highly recommended for systems administrators and the non-specialist general users concerned with security issues, Securing Windows NT/2000 Servers For The Internet covers every aspect of building Windows 2000 security systems is comprehensively presented.

Norberg is an independent network security consultant based in Stockholm, Sweden. Before becoming an independent contractor, he worked for Hewlett-Packard Consulting, where he built everything from large firewalls to highly available Unix clusters.