Results 1 to 3 of 3

Thread: Windows Server 2003 Security Guide

  1. #1
    Senior Member
    Join Date
    Jun 2002
    Posts
    405

    Windows Server 2003 Security Guide

    Microsoft offers Windows security guide

    Microsoft released on Friday a tutorial and templates to help system administrators lock down the security of computers running the company's newest operating system, Windows Server 2003.

    The tutorial consists of portable document files (PDFs) detailing the reasoning behind configuring the server software for various applications, from a Web server connected to the Internet to a domain controller on a company's internal network. Also included are examples of Microsoft-recommended configurations for specific applications.

    "There are a lot of different settings that a customer can set on something like a Web server," said Michael Stephenson, lead program manager for Windows Server 2003. "What the guide does is explain to customers why they would want a setting a certain way."

    The publication of the security how-to guide came a day after the launch of the next generation of Microsoft's server OS. Among other things, the guide contains explanations, checklists, sample configurations and scripts for setting up eight different classes of servers using Windows Server 2003.

    Along with the Windows Server 2003 guide, the software giant released another set of documents, called "Threats and Countermeasures," which describes the various security options that can be set in Windows 2003 and XP.
    Windows Server 2003 Security Guide

    I know it's Microsoft, but could be useful for those with the task of setting one of these up. If anyone out there has had to set up a Win2k3 Server box, what did you make of this guide?

  2. #2
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    To be honest.... We have a Windows 2003 box in our lab and have found it to be unsurprisingly (*sigh*) open and careless by default. I will grab the guide you pointed out and give it a crack on Monday, it sounds like there is a good chance these systems can be secured enough to be placed in service as a bastion host, just not in their default configuration. My biggest concern to date are relatively simple directory traversal attacks, and some very permissive settings that have trouble written all over them.

    Thanks for posting this link, I had overlooked it even though I am looking for an 'armoring 2003' type of doc.
    Get OpenSolaris http://www.opensolaris.org/

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    there where two other guides relesaed friday.
    all three are posted here
    http://www.antionline.com/showthread...hreadid=243010

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •