Windows 2000 server in Security

Windows 2000 server in Security http://www.dslreports.com/forum/r11826475 en Sat, 28 Nov 2009 23:36:22 EDT Sat, 28 Nov 2009 23:36:22 EDT Re: Windows 2000 server http://www.dslreports.com/forum/remark,11834076 karan79 : Thnx for the info guys...you have been most helpful!!]]> http://www.dslreports.com/forum/remark,11834076 Thu, 11 Nov 2004 11:59:05 EDT Re: Windows 2000 server http://www.dslreports.com/forum/remark,11827100 Daniel :

said by karan79

:

Whats the best way to secure a windows 2000 server. Its acting as a web server.

Make your first stop the NSA Guidelines. There is some good information in those resources.
--
cat knowledge | grep understanding]]> http://www.dslreports.com/forum/remark,11827100 Wed, 10 Nov 2004 16:31:27 EDT Re: Windows 2000 server http://www.dslreports.com/forum/remark,11827013 Marilla : In my opinion, you need an external firewall for -any- web server. I feel that host-based firewalls (a sort of one of which is built in to Windows 2000, actually) are good, and all that.. but that a dedicated firewall appliance/server is a must for every single gateway to the Internet.

That said, Windows 2000 has built in two methods to permit only certain IPs to access a web site.

First, the built-in IPSec filtering can be used to prevent communications to certain ports/IPs on the server from certain IPs/networks, or allow ONLY from certain IPs/Networks (once you get a default block policy in)

Second, any web server software itself can be configured to permit connections only from certain networks/IPs, as well (including IIS and Apache, one of which you almost certainly will be using, I'm guessing).

However, on a side-note, I will re-iterate the importance of having a separate firewall protecting this system, as well. That could be an additional software-based one (though consumer-level products don't often easily work with server-level operating systems - purposefully), or a separate hardware firewall. The problem is, even if you protect your one site how you want, you still have lots of other things exposed on that server which need to be protected by a firewall. The built-in IPSec functionality can be used to help, but there are known ways around that.
--
Windows, Mac, Linux, BSD - just use the right tool for the right job... end the OS Politics!

Real politics is much more interesting! www.georgewbush.com]]> http://www.dslreports.com/forum/remark,11827013 Wed, 10 Nov 2004 16:23:05 EDT Re: Windows 2000 server http://www.dslreports.com/forum/remark,11826728 sivran : Without knowing what web server software you're using...

This could be done with Kerio 2.1.5 (see Kerio-Tiny forum or my sig for link) using the Custom Address Group. Make a rule to allow access to local port 80 from the addresses listed in the Custom group, then make a second rule to deny access to local port 80 from anywhere. This second rule should be placed after the first rule, obviously.

If you wanted to do this extenerally you would need something much more flexible than a cheap Linky. ;)

Either way will work, though. There are advantages and disadvantages to each approach.
--
TCPA - Treacherous Computing
Kerio 2.1.5 - Best damn firewall
Licenses should be per user, Ditch Norton! Get F-Prot!]]> http://www.dslreports.com/forum/remark,11826728 Wed, 10 Nov 2004 15:54:00 EDT Windows 2000 server http://www.dslreports.com/forum/remark,11826475 karan79 : Whats the best way to secure a windows 2000 server. Its acting as a web server. I want to set it up in a way that only certain IP addresses can log into it i.e. the page that comes up when type »windows_server_ip/xyz.html is only allowed to be viewed if you belong to the specified IPs.

Do i need an external firewall? If so any suggestions.

thnx]]> http://www.dslreports.com/forum/remark,11826475 Wed, 10 Nov 2004 15:27:53 EDT