Windows 2000 Issues
Featuring 46 Papers as of June 18, 2014
Option 1 - Design a Secure Windows 2000 Infrastructure
by Keith Okamoto - April 8, 2004
Founded in September 1997, GIACE is a vendor of embedded single-board computer (SBC) appliances.
Using Security Templates and Group Policy to Secure Windows Servers
by Chet Duncan - August 22, 2003
This document describes how you can secure a Windows 2000 server using group policies.
Limiting Concurrent Logins in Windows NT/2000
by Gene Burton - June 27, 2003
This document intends to research, evaluate and recommend solutions for overcoming the inability of Windows NT/2000 Server environments to limit concurrent user logins.
Using and Evaluating Windows Software Update Service
by John Ives - June 27, 2003
This paper describes the installation and use of Microsoft's Software Update Service (SUS) for the deployment of Operating System patches.
Security Measures for Windows 2000 Terminal Server in an Unrestricted
by Douglas McCrea - May 8, 2003
This case study demonstrates the security practices and procedures followed as well as resources used to install Windows 2000 Terminal Server (Application Mode) and corresponding thin clients in a mostly unrestricted university environment.
Management of Security Updates in the Windows 2000 Environment
by Jim Cebula - April 1, 2003
This paper addresses: mitigating some risks by initially deploying a secure base configuration; newly discovered vulnerabilities; getting security updates; testing security updates in a non-production environment; scanning production systems for patch installation status; deploying security updates and management policy.
Windows 2000 Kerberos Interoperability
by Christopher Nebergall - January 3, 2003
While other papers discuss Kerberos in general or the Windows 2000 implementation, this work explores compatibility issues between traditional Unix implementations and Microsoft's implementation.
Secure Remote Server Administration of the Windows Server Family Using Windows Terminal Services
by Bill Evrigenis - December 16, 2002
In this paper, I propose a method for installing and configuring Windows Terminal Services in a secure environment, methods for developing an analyst's work environment, and an essential set of tools.
Using Terminal Services to Remotely Administer Windows2000 Servers Securely
by David Myhre - December 12, 2002
This paper will focus primarily on the security issues of using Terminal Services to remotely administer Windows 2000 Servers.
Case Study:Use Caution When Deploying Microsoft's Software Update
by James McVicar - December 12, 2002
The purpose of this case study is to document the process used to evaluate the security risks associated with SUS before implementing it on a real world network.
Securing an IIS 5.0 Web Server on Windows 2000 using Security Tools and Templates
by Graeme McLintock - October 7, 2002
This paper attempts to give an overview of the security guides, tools and templates available from Microsoft, and to describe the basic steps involved in applying the tools and templates. The commonalities and differences between the security templates available are highlighted, and how several of these tools and templates can be used together to benefit from the settings made by each one is described.
Remote Scanning Utilities for Microsoft Hot Fixes and Service Packs
by Larry Nicholl - September 25, 2002
The purpose of this paper is to show how security administration can benefit by the use of six utilities for remote scanning for Microsoft hot fixes and service packs on multiple Windows systems (NT, 2000, XP, IIS 4 and 5, SQL Server 7.0 and 2000, Exchange 5.5 and 2000, Windows Terminal Server, and Windows XP Home Edition).
Too Many Operating Systems, Not Enough Laptops
by Martin Reymer - August 27, 2002
This paper will provide an administrative person with the steps and wherewithal to survey their resources, research processes and procedures mainly from the Internet, and acquire the necessary hardware and software to fully configure a dual-boot laptop for use with the Windows 2000 and the Linux operating systems.
Building a Secure Windows 2000 Professional Network Installation
by Bruce Fyfe - April 24, 2002
This paper puts forth a best practices approach to securing a Windows(R) 2000 networked workstation.
What Does It Take to Harden an IIS Web Server?
by Boris Napernikov - February 19, 2002
The purpose of this document is to shed some light on how to make it harder for an intruder to compromise the system. We'll be going through securing a Windows 2000 server running IIS 5.0 and some of the tools that we can use to scan system(s) before putting it into production.
Addressing Network Security through Windows 2000 Active Directory: Designing a Single Domain Structure
by Les McCarter - February 11, 2002
This paper provides security design considerations for locating users, computers and groups in the Windows 2000 network environment.
Enforcing the "Least Privilege" Principle through Active Directory, OUs, GPOs, and Group Policy Filtering
by Ricardo Rodriguez - January 7, 2002
This document presents an approach to further enforce the "Least Privilege" principle by combining Active Directory, GPOs, and Group Policy filtering techniques
How To Defend Against L0phtcrack v3 With Windows 2000 Group Policy Objects
by Stephen Pullum - November 29, 2001
This paper is a how-to guide for defending against a exploit and vulnerability based on an environment in which a Windows 2000 domain running in native mode. The vulnerability is weak passwords and its exploiter is none other than L0phtcrack v3 by @Stake.
Hisecweb.inf - An Analysis
by Colleen Abbe - November 23, 2001
This paper examines the hisecweb.inf security policy as part of the overall security hardening of Windows 2000 and IIS 5.0.
The Encrypting File System: How Secure is It?
by Howard Wright - November 2, 2001
This paper examines Microsoft's Encrypting File System (EFS) which does provide an additional layer of security, and discusses just how difficult it is to attack.
Installing Microsoft's Internet Security and Acceleration Server (ISAS): Getting Started and
by Jack Green - November 1, 2001
This paper presented a procedure for establishing a test environment in which to prove ISA firewall rules. For a minimal investment, a student/professional can develop policies in vitro before deploying to the production environment. The sample rules are not presented as exhaustive.
Security Holes in ISAPI Extensions
by Chew HwaiGeeng - September 19, 2001
In this paper the author will mainly discuss the ISAPI extensions and the security holes that are associated with them.
Security Considerations for Dynamic DNS Implementation in a Windows2000 Environment
by Deborah Wade - September 9, 2001
This paper describes how, when DNS is fully integrated into Active Directory, you can then utilize three important security benefits in a Windows2000 network: Secure dynamic updates, Secure zone transfers, and Access Control Lists for zones and resource records.
A Breakdown of the Top Five Windows 2000 IIS Threats in 2001
by Simon Plant - August 18, 2001
The author presents a detailed examination of the top five Windows IIS threats (2001): Remote Command Execution Via Internet Printing Service, Microsoft IIS CGI Filename Decode Error Vulnerability, Remote command execution via Buffer Overflow in Indexing Service, Unauthorised SMTP relaying, Buffer Overflow in FrontPage server extension.
Kerberos: Secure Authentication
by Jose Marquez - August 13, 2001
This paper examines the processes, functions, and interoperability issues of Kerberos secure authentication.
A Discussion of Best Practices for Microsoft's Encrypted File System
by Chuck Fasching - July 28, 2001
This paper discusses using Microsoft's Encrypted File System to mitigate the risk associated with mobile and network computing. Specifically, it addresses file system security in relation to encryption and EFS and discusses many of the best practices, as recommended by Microsoft and other sources
Kerberos Authentication in Windows 2000
by Vishwas Gadgil - July 27, 2001
This paper attempts to explain the Kerberos based authentication in Windows 2000 and also tries to explain the new and sometimes confusing terminology in a layman's words.
Encrypting File System Primer: Basics and Best Practices
by Kayron Valentine - July 6, 2001
This paper takes a look at EFS, what it is, how it works, and more importantly, what you need to know to make it work effectively for you.
Windows 2000 and Network Security
by Travis Abrams - June 26, 2001
This paper will focus on basic network security procedures and the new features of Windows 2000.
Basic Security Issues of Active Directory
by Johnny Waddell - June 11, 2001
This paper examines Active Directory, a flexible and scalable management platform for distributive network resources and applications.
Secure Windows Initiative Trial by Fire: IIS 5.0 Printer ISAPI Buffer Overflow
by Corey Pincock - June 7, 2001
This paper discusses how Microsoft's Secure Windows Initiative protects a Windows 2000 server.
Securing Windows 2000 Server
by Cory Bys - May 20, 2001
This document intends to outline the steps required to harden a default Windows 2000 Server installation.
Windows 2000 Security Standards
by Hilel January - April 5, 2001
This document attempts to touch on a few of standards that can assist in ensuring that Availability, Integrity, Access control, Confidentiality, and Compliance (Auditability) objectives are met when using a Windows 2000 operating system.
Windows 2000 Known Vulnerabilities and Their Fixes
by Tay Lai - April 4, 2001
This paper provides the latest update (as of March 2000) on the vulnerabilities associated with Windows 2000 and the solutions available
Planning a Secure Migration Project: Best Practices for Migrating from Windows NT to Windows 2000
by Ben Eason - April 4, 2001
This paper discusses the steps involved in migrating from Windows NT to Windows 2000.
Auditing the Windows 2000 Authentication Process
by Julio Silveira - April 1, 2001
This paper will describe the Windows 2000 authentication process, and how to collect and use the security events created in the authentication process in order to audit your system.
PKI: Protection of Stand Alone Certificates
by William Pachucki - March 31, 2001
An overview of the Windows 2000 Stand-alone Offline Root Certificate Authority Protection Guide
Overview of the Windows 2000 Security Tools
by Jeff Christman - March 30, 2001
This paper will describe the location and use of the tools that are built into Windows 2000 operating system. With these tools, the administrators have a greater degree of control and can provide a secure internet- aware enterprise without purchasing third party tools.
A Step-by-Step Guide to Securing Windows 2000 for Use as an Internet Server
by David Courington - March 29, 2001
This paper will describe how to configure and implement Windows 2000 Server and IIS 5.0 with a reasonable amount of security.
Securing Windows 2000
by Scott Hoppe - March 19, 2001
This document will explain how to manage hotfixes on a Windows 2000 server running IIS 5 on the Internet. There will be five sections to this document: Importance, Assumptions, Hotfix practices, Tools, Installing Hotfixes, and Resources.
Securing IIS on Windows 2000
by Carl Denowh - March 6, 2001
This paper describes the methods used to secure Internet Information Server (IIS) on systems running Windows 2000.
Implementing Password Controls and Account Policies Using Windows 2000 Group Policy
by Carlo Scannella - February 15, 2001
This paper will provide the reader with a high-level understanding of Group Policy, discuss some issues to consider when implementing Group Policy, and describe how strong password controls and secure account policies, as documented in the SANS Windows NT Security Step by Step, can be implemented in Windows 2000.
Implementing a Windows 2000 Host Based Intrusion Detection System
by Richard Springs - January 28, 2001
This practical is a "how to" document that provides a brief overview of Intrusion Detection Systems (IDS), explains design considerations, and describes installation steps for the Windows 2000 Host Based Intrusion Detection System.
PWL Files: The Achilles' Heel of Windows 9X Client Networks
by Scott Winters - September 14, 2000
This paper discusses a major security concern on Windows 9X stations: the PWL file.
Basic Steps to Hardening a Standalone Windows 2000 Installation
by Todd Anderson -
An overview of the tools and steps helpful in securing computers under Windows 2000.
Role-Based Administration for Windows 2000
by Jane Murley -
This paper looks at simplifying the management of security for Windows 2000 by discussing role-based administration in Windows 2000 and a product that provides role-based administration capabilities for Windows 2000.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.