Solved

Win2k security

Posted on 2003-11-07
20
658 Views
Last Modified: 2012-05-04
I have just installed a clean version of Win2k Pro and would be grateful if anyone could direct me to a site that summarises what changes I need to make to the system before I start surfing. I'm talking about security settings on folders etc.

Thanks
0
Comment
Question by:doohsam
  • 10
  • 3
  • 3
  • +2
20 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 9701119
Hi doohsam,
cant get more paranoid than this

National Security Agency
Security Recommendation Guides

 Windows 2000 Guides
 
http://nsa2.www.conxion.com/win2k/download.htm

Cheers!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9701132
doohsam,
For more info all you will ever need can be found here http://www.windowsecurity.com/
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 250 total points
ID: 9701143
doohsam,
How to secure Windows2000 / XP

These settings can be used with both Windows 2000 and WindowsXP to *really* secure the system and also boost up its performance. Depending upon your version and whether it is Win2k or XP, you might notice that some of the features/options arent there. Just skip and move on until you hit something that IS on YOUR Windows2k/XP. The "best" option of all is to have WindowsXP professional, since the screenshots are from WindowsXP professional
http://www.markusjansson.net/exp.html
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9701152
Hi doohsam,
Analyzing your system
The Microsoft Security Toolkit comes on a CD that you can obtain free from the Microsoft Web site. The Windows 2000 section of the toolkit includes documents containing information on the following topics:

·        Securing a new installation of Windows 2000
·        Securing an existing Windows 2000 system
·        Checklists for improved security
http://techrepublic.com.com/5100-6268-1031801.html

Cheers!
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9701501
As far as what Microsoft recommends you can make sure that all of the current service packs, patches and hot fixes have been applied to your pc by going here:

http://v4.windowsupdate.microsoft.com/en/default.asp

All of these different sites listed above give their ideas and interpretations on security but you need to start with what MS says to do with your PC first then you can apply these other possible configurations to futher lock down your pc.

Have fun
0
 

Expert Comment

by:elsamman
ID: 9701908
I can tell you that if you go overboard with security settings you can cause yourself problems due to software that it is not expecting it.  I worked at a bank where we had a 100 step setup for any server and it was a real pain.  But we had to do it because we were concerned with an internal attack on systems that did financial transactions.

Your best bet  for surfing is to get behind a firewall.   This could be a DSL/Cable router or a software based firewall.  I would suggest that if you do this you don't really need to mess with your security settings for folders etc.  

Then you really only have to worry about email.  99.99% of the time this will be an attachment that contains a virus.   I presume you are running anti-virus software or are smart enough to know which attachments are harmful.  As mentioned already always keep your SPs up-to-date as sometimes they discover a flaw in the browser where someone can execute code on your system.  Rember that if this happens all of the folder security settings in world won't help you.
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9702267
"Your best bet  for surfing is to get behind a firewall.   This could be a DSL/Cable router or a software based firewall.  I would suggest that if you do this you don't really need to mess with your security settings for folders etc."

I have a problem with this statement. Any decent security consultant is going to protect your company more so from internal attacks then external seeing as how most of a companies security problems tend to come from within. Telling someone not to apply security settings on individual computers and files because they are sitting behind a firewall is just dispensing wrong advice in my opinion. I work for a bank as well and yes there are many steps involved with securing a server and it's workstations but these procedures are here for a reason. They wouldn't be spending millions of dollars on protecting them otherwise.

There is no such thing as too much security.
0
 
LVL 1

Expert Comment

by:CyberAdy
ID: 9702607
Hi,

Install all the hot fixes by clicking start then windows update.
also download windows baseline  from the following link

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/mbsahome.asp
 
updates of msbsa can be found at
http://download.microsoft.com/download/xml/security/1.0/NT5/EN-US/mssecure.cab


this will help u in finding out about any open holes in your win2k installation.
Aprt from the above get stinger.exe from mcafee.com
0
 

Expert Comment

by:elsamman
ID: 9702850
"Telling someone not to apply security settings on individual computers and files because they are sitting behind a firewall is just dispensing wrong advice in my opinion."

You are right on this.  I just assumed that this person was operating a home machine rather than in an office environment on an intranet where internal attacks are an issue.  My point should really be taken that for home users you need to be behind a firewall and that this is much more important than relying on security settings for folders.  I still would not advise a home user to go as far as a bank in setting up security because unless you get it right you will have problems.
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9703056
Oh, my bad man. Yea, I see your point. If someone was to apply the same level of security as the bank they would be lucky if they could even use their pc, lol.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:doohsam
ID: 9706715
Thanks to everyone, not too sure who to award the points to ? You've all given great advice. Many thanks to all you stars;-)
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9706769
YOu can split the points if you dont want to award one expert all the points?

Pete
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9706774
More than one Expert helped. What do I do?  
You split the points. Scroll down to the bottom of the question and click the "split points" button at the bottom of the page. Select the radio button of the comment who you want to Accept as the answer. Only one button can be selected. Set the point value (a text box above the comment) of how much you want this person to receive of the points. Then set the point values for each of the experts comments to whom you want to allocate points and these will be considered Assisted answers in helping you resolve the issue. Double check your information and then click the Submit button at the bottom of the page. One note: the total points of the splits must equal the amount you asked the question for itself, and no person can receive fewer than 20 points.
 
http://www.experts-exchange.com/help/closing.jsp#3
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9706793
doohsam

youve awarded all the points to me, is that what you wanted? if not i can pass some points on to the other experts or a mod can reopen the question

Pete :0)
0
 

Author Comment

by:doohsam
ID: 9707788
i think the points should be split but was uncertain how, but you've told me now. Whatever is easiest to do; if you can allocate the points then go ahead, or I'm happy to do it.

Thanks
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9709608
OK doosham I have unlimited points, tell me who you want points awarding to and ill post the points for you

Pete
0
 
LVL 1

Expert Comment

by:CyberAdy
ID: 9709683
Hi,
Sorry for being greedy but i sup the solution posted by me is a valid and tested one,well .... thats it:)
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9710881
LOL OK who else before I get my chequebook out

Pete
0
 

Author Comment

by:doohsam
ID: 9720745
Pete,

just split the points between yourself and CyberAdy.

Thanks again
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9724137
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now