Securing win2kPro
[Security Forum FAQ] [CA Security Forum]
[contact security FAQ admin]
I was wondering for some pointers and whatnot regarding securing my box running Win2kPro. There are alot of setteings in the Administrators systems tools that are basicly like backwards latin to me/ Was also mabey sugesting that CIA make a tut on this as it is the best windows platform out there :)
To start of: download SP3, diable all user accounts that you don't use, and de-install any IIS etc packets you installed, then install a good firewall like black Ice or so. That should allready help out a little bit. For the rest of the settings, I don't know em all, but I could post a small list of em tomorrow. ~Maj Anvar
Actually, I would not recommend SP3.
SP3 adds the ability for Microsoft to remote-patch your system et al.
Is that secure? ;)
Stick with Service Pack 2 and hotfix everything else that you can.
Microsoft will, of course, remove all the hotfixes and replace them with more service packs to try to force ya to move to SP3 and higher... the best thing you can do is really run no services (SQL, SMTP, IIS, FTP etc) and obtain a good firewall :)
The best way to become secure is for you to also think secure - dont run anything ya dont trust :)
~LtKer Asmodai
for one if u are planning ot run services like IIS or SMTP ...keep all ur permissions in check make sure that every file shared u have is properly configured and that permissions are tight :)
~Maj Emrys
You might try something like this.
http://www.labmice.net/articles/securingwin2000.htm
Not done it that way, but couldn't find the paper I used. Same principles.
Make sure you set appropriate permissions on %systemroot% and any other sensitive areas. Make sure you lock your profiles down to Owner/Creator or whatever it is to prevent snoopers getting access.
Particularly lock down write access to %systemroot%\*.scr.
the scr files are an excellent way of escalating priviledge ... ermm, not that I'd know.
~LtKer 0bfu5cati0n
CyberArmy::Forum v0.5d Generated In 4.63754 seconds |