RE: Windows 2k Advanced Server Hardening

Fri, 15 Sep 2000 11:22:26 -0700 

Not very doable, since the ability to log on to the domain, as well as the
ability to connect to the server resources are the same process.

For starters though, make sure you have nothing shared, including hidden
shares. Disable any services you don't want running. Also, block any ports
not used by the login process, nor by the replication process. I don't know
them all of the top of my head, but IIRC you need TCP/UDP 137, 138 and 139
at a minimum. If it is W2K, there are some AD based ports that need to be
opened... 519, or something like that. Open additional ports as services
require.

I have to say though, I think the implementation will be more trouble than
it is worth. It might be time to reevaluate the business plan and goals. 

IOW, do so at your own risk :)

Wes Noonan, MCP+I/MCSE/MCT/CCNA/NNCSS
Senior QA Rep
(713) 918-2412
BMC Software, Inc.
[EMAIL PROTECTED]
http://www.bmc.com

 -----Original Message-----
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent:   Friday, September 15, 2000 11:52
To:     Noonan, Wesley; [EMAIL PROTECTED]
Cc:     [EMAIL PROTECTED]
Subject:        RE: Windows 2k Advanced Server Hardening

Ok,

Let's say I am deploying a PDC, and I want to allow users to log on to the 
domain, but that is about it..

/mark

At 11:44 AM 9/15/00 -0500, Noonan, Wesley wrote:
>Advanced TCP/IP properties, options tag. Start filtering ports and setup
>IPSec. Disable all unnecessary services. Depends on what you want it to do,
>to know what services to disable. The obvious one is the server service.
HTH
>
>Wes Noonan, MCP+I/MCSE/MCT/CCNA/NNCSS
>Senior QA Rep
>(713) 918-2412
>BMC Software, Inc.
>[EMAIL PROTECTED]
>http://www.bmc.com
>
>  -----Original Message-----
>From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>Sent:   Friday, September 15, 2000 11:37
>To:     [EMAIL PROTECTED]
>Cc:     [EMAIL PROTECTED]
>Subject:        Windows 2k Advanced Server Hardening
>
>How would one go about hardening a Windows 2k Advanced Server??
>
>
>Where would one start???
>
>
>/cheers
>
>/mark
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to