Securing Windows NT/2000 Servers for the Internet

Unfortunately, the typical Windows NT/2000 installation makes a Windows server an easy target for attacks, and configuring Windows for secure Internet use is a complex task. Securing Windows NT/2000 Servers for the Internet suggests a two-part strategy to accomplish the task:

• "Hardening" any Windows server that could potentially be exposed to attacks from the Internet, so the exposed system (known as a "bastion host") is as secure as it can be.
• Providing extra security protection for exposed systems by installing an additional network (known as a "perimeter network") that separates the Internet from an organization's internal networks.

Securing Windows NT/2000 Servers for the Internet is a concise guide that pares down installation and configuration instructions into a series of checklists aimed at Windows administrators. Topics include:

• Introduction--Windows NT/2000 security threats, architecture of the Windows NT/2000 operating system and typical perimeter networks.
• How to build a Windows NT bastion host.
• Configuring Windows and network services, encrypting the password database, editing the registry, setting system policy characteristics, performing TCP/IP configuration, configuring administrative tools, and setting necessary permissions.
• Differences between Windows NT and Windows 2000 security including IPSec (IP Security Protocol) configuration.
• Secure remote administration--SSH, OpenSSH, TCP Wrappers, the Virtual Network Console, and the new Windows 2000 Terminal Services.
• Windows NT/2000 backup, recovery, auditing, and monitoring--event logs, the audit policy, time synchronization with NTP (Network Time Protocol), remote logging, integrity checking, and intrusion detection.

Administrators who carefully follow the detailed instructions provided in this book will dramatically increase the security of their Windows NT/2000 Internet servers.

Contents

Preface

1. Windows NT/2000 Security
     Internet Threats
     Building a Secure Site on the Internet
     The Windows NT/2000 Architectures
     Windows NT/2000 in the Perimeter Network
     Cryptography Basics

2. Building a Windows NT Bastion Host
     Installation
     Using the Security Configuration Editor
     Basic Configuration
     Advanced Configuration
     Setting System Policies
     TCP/IP Configuration
     Configuring Administrative Tools and Utilities
     Setting Permissions

3. Building a Windows 2000 Bastion Host
     Differences Between the Systems
     IPSec in Windows 2000

4. Setting Up Secure Remote Administration
     Symantec pcAnywhere
     Windows 2000 Terminal Services
     Open Source (SSH, Cygwin, TCP Wrappers, and VNC)

5. Backing Up and Restoring Your Bastion Host
     Defining Your Backup Policy
     Backup Methods
     Types of Backups
     Backup Software

6. Auditing and Monitoring Your Perimeter Network
     System Auditing in Windows
     Time Synchronization Using NTP
     Remote Logging and Log Management
     Integrity Checking
     Network-Based Intrusion Detection Systems

7. Maintaining Your Perimeter Network
     Setting Up Policies and Procedures
     Performing Third-Party Audits
     Staying Informed

A. Well-Known Ports Used by Windows NT/2000

B. Security-Related Knowledge Base Articles

C. Build Instructions for OpenSSH on Cygwin

Index