Tip

First steps in locking down Windows Server 2003

Windows Server 2003 has hit the streets. The question I hear most often is how to lock down this new network operating system. As always, security is most effective when designed into an infrastructure from the beginning. So, before you even think about installing the software onto hardware, take the time to design your network and include security as a key element of that design.

I agree that Windows Server 2003 has the potential to be more reliable in the realm of security than its predecessor. However, its track record has not been established. Thus, I would not place mission critical functions on Windows Server 2003 for at least a few more months. At this point, I'd deploy Windows Server 2003 in a test environment. If it passed the muster of your organization's security policy, then I'd consider deploying it as a member server in your existing domain. If you are eager to upgrade fully to Windows Server 2003, then I hope you are able to avoid the pitfalls many experience with new operating systems.

The point of this tip is to direct you to a great article by Roberta Bragg hosted by the Microsoft Certified Professional Magazine Online Web site entitled

    Requires Free Membership to View

"Securing Windows 2003 the First Time". I highly recommend this article as a refresher for security professionals or as a clue-in for those new to the security arena.

Some of the excellent suggestions Roberta poses include:

  • Maintain physical security over your computer at all times, including removing unnecessary drives (such as floppy and CD-ROM).
  • Rename the system folder to something non-typical.
  • Don't attempt to download updated setup files during initial installation.
  • Select a computer name that does not imply the system's role.
  • Disable Automatic Updates on domain controllers.
  • Disable Remote Assistance and Remote Access on domain controllers and all non-remote access systems.
  • Define strong passwords for built-in accounts.

I'd like to throw in a few items that Roberta didn't include:

  • Always test updates (including service packs and hot fixes) before deploying on production systems.
  • Most of the aspects of your organization's security policy for Windows 2000 Server can be applied directly to Windows Server 2003.
  • Take the time to learn about all the new features of Windows Server 2003. The Microsoft Web site at www.microsoft.com/windows2003/ has many documents discussing the new features. Pay close attention to anything related to security and or remote or network access.
  • Security is more than just software configuration. You must also keep physical issues and user training up to snuff.
  • On a network, you will need more than just a new network operating systems to keep your environment secure. Don't overlook routers, firewalls, anti-virus, auditing tools, vulnerability scanners, network scanners/sniffers, etc.

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.


For more information on this topic, visit these resources:

This was first published in June 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.