August 2nd, 2003, 11:37 AM
hardening win2k server on a home LAN
ok here is my dilemma, i have at home a small network with my roommates with a server running win2k server, we all have winxp pro on our PC's
we access the internet thru a dialup connection and i would like to know how to secure the server from outside attacks and breakins and such, i did previously have linux on this server but our internet started to play up so i had to resort to putting windoze back on, was not happy at all since it took me halfla year to set up linux nicely... shortly said i told the ISp where to go
i tried installing a firewall on the server but then our internet was totally cut off, BTW we have firewalls on our xp pro pc's too, so im not sure if that was causing a problem, the firewall i use is tiny personal firewall because of its simplicity and ease of use for the other people i live with
so how would i go about hardening this box security wise, but still allowing us to play some games over our network AND without having to install service packs, remember we are on 56k and cant really go downloading services packs when we want to, im just wanting to secure it from a services /firewall point ov view really just for peace of mind and some sort of security, for the firewall idea to work i'd need to disable the firewalls on the xp boxes and just have one on the server box yes?
also a small problem that i have been having with our modem, i've installed it on the admin account with the latest driver for it, but when i log in with our net usage account the modem doesnt detect even though i leave it turned on before i turn the PC on, i then have to redetect it every time i boot it, then log off admin and swap users to use the internet, bit of a painful thing, is there some way i can make windows keep the driver installed instead of letting it disappear if its not turned on before the box is or not on an admin account
ive had this exact same problem with windows xp pro with a different modem not showing up if its turned on after the PC starts, how can i correct it so i dont have to use the admin account just to connect to the net, its a big security no no i know so i want to correct it
i've googled, looked on neworder and found a small txt on doing it but it wasnt adequate, ive also googled and searched AO this and not come up with much at all, so a good tute or link would be greatly appreciated by me
August 2nd, 2003, 03:19 PM
Not sure about the modem drivers , but I have used winroute pro quite successfully for both connection sharing and firewall duties. You can download it on evaluation from thier webby upgrade is via a key entered into the evaluation software.
August 2nd, 2003, 03:37 PM
August 2nd, 2003, 04:10 PM
Are you using ics or routing and remote access. Because with rras you could use policies to lock it down. You can install Microsoft's Internet Security & Acceleration Server.
August 3rd, 2003, 11:28 AM
ok i've managed to get the firewall sorted, turns out there is an option in tiny PF to tell the program its running on the gateway, it all behaves nicely now except the damn modem still doesnt behave, its like windows looks for any devices that arent turned on at boot and removes the drivers for them, but then if i detect PnP hardware again when its booted it shows up again, it never happened with win '98 on the olds' computer, there has to be a way to disable whatever causes it right?
ive looked in help files on XP and 2k to no avail... still
Just wait till i get my slappin gloves on.....