Windows 2000 Security
I was asked as of late to go to a vehicle sales center and do a security examination on their Windows Server 2000 machine.
This is how I suggest treating any Windows 2000 machine where material.
Ensure that the visitor account is crippled. It comes crippled of course.
An issue I notice dispense is the point at which I go to organizations, heaps of records are as yet dynamic for representatives who never again work there. They ought to be taken out when the worker is ended or leaves voluntarily. Displeased representatives have been known to wreck ruin.
Bunch strategies can and Windows BitLocker Encryption to be executed in a Windows 2000 climate and evaluated to ensure there are no additional records or records with frail passwords.
Secret phrase security is likewise significant; on the off chance that your secret word is powerless it will be broken. I have been in organizations where your secret word is your initials. That is to straightforward. Carry out secret key strategies and record lockouts after various fizzled login endeavors. Cautioning this can make a refusal of administration assault. Make various administrator records and give them various freedoms. A solid secret key strategy for managerial errands.
Run Net Share from the order line to see open offers on your organization and shut those down except if required.
Go into the BIOS and set a client secret phrase and impair the capacity to boot from a floppy, USB, or CD. Individuals can without much of a stretch get the SAM record which is a secret key hash put away on your framework from a Linux boot CD or different instruments. Then endeavor to break the hash.
Change the chairman record to an alternate name. That is typically a saltines first endeavor. Rename it to some different option from root too.
Use NTFS on all segments this gives you more control and security than utilizing the FAT document framework.
Ensure that the “Everybody” authorization isn’t permitted on your assets, indexes, and so forth.
Triumph ultimately the keep going client signed on switched off. This makes it simpler for an assailant to figure passwords. There currently most of the way there the have the username.
Apply fitting access control records.
Remember about individuals around you and either lock your workstation when you leave or have a screensaver empowered with serious areas of strength for a. Insider dangers are a reality.
You can empower EFS encryption document framework; you can scramble entire catalogs also. I recommend if your truly distrustful or savvy to investigate a utility that permits you to pick different encryption calculations. I could do without encryption guidelines that are shut. Meaning we cannot see the source code. I favor open source its simpler to search for openings and assaults.
Make reinforcements of all your significant documents. This is the main thing I learned in System Administration. Reinforcement, Backup, Backup to something that can’t be overwritten like a CD-R.
To design Security Policies utilize the Security Configuration Toolset you can cause your responsibility to distribute more straightforward by utilizing snap-ins.
I visited Microsoft’s site to see all that they had, I need to say there is a lot of data.
Close down benefits that are not required. The more ports that are open and the more applications running the more roads of assault.
Confine admittance to Local Security Authority just to administrator.
Change sign in advance notice to something like. Approved Personnel as it were, “movements of every kind are logged and checked. Violators will be indicted to the furthest reaches of the law.”
Close down individual ports, that are not utilized.
I for one like smartcards for two structure verification. I suggest RSA secure ID for machines that need greater security.
Empower evaluating to follow what clients and potential gatecrashers are doing on your framework.
Everything from login endeavors to access of articles can be examined in Windows 2000.
Safeguard the library from unknown access.
Ensure the review logs are secured so they can’t be deleted, or messed with. Just the administrator ought to have privileges to these records.
Introduce administration packs.
Ensure that your antivirus is in the know regarding the most recent marks.
Run a Spy-Ware utility.
You can likewise run an internet based weakness checker, for example, Shields Up by Gibson Research.
Get computerized fix programming.
Recollect that security isn’t something that can be done. Stay up with the latest.