In recent years, Windows NT and Windows 2000 systems have emerged as viable platforms for Internet servers. More and more organizations are now entrusting the full spectrum of business activities--including e-commerce--to Windows.Unfortunately, the typical Windows NT/2000 installation makes a Windows server an easy target for attacks, and configuring Windows for secure Internet use is a complex task. Securing Windows NT/2000 Servers for the Internet suggests a two-part strategy to accomplish the task:
- "Hardening" any Windows server that could potentially be exposed to attacks from the Internet, so the exposed system (known as a "bastion host") is as secure as it can be.
- Providing extra security protection for exposed systems by installing an additional network (known as a "perimeter network") that separates the Internet from an organization's internal networks.
- Introduction--Windows NT/2000 security threats, architecture of the Windows NT/2000 operating system and typical perimeter networks.
- How to build a Windows NT bastion host.
- Configuring Windows and network services, encrypting the password database, editing the registry, setting system policy characteristics, performing TCP/IP configuration, configuring administrative tools, and setting necessary permissions.
- Differences between Windows NT and Windows 2000 security including IPSec (IP Security Protocol) configuration.
- Secure remote administration--SSH, OpenSSH, TCP Wrappers, the Virtual Network Console, and the new Windows 2000 Terminal Services.
- Windows NT/2000 backup, recovery, auditing, and monitoring--event logs, the audit policy, time synchronization with NTP (Network Time Protocol), remote logging, integrity checking, and intrusion detection.