SANS InfoSec Reading Room - Windows 2000 Issues

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

symantec

Featuring 45 papers as of May 22, 2013
PDF Limiting Concurrent Logins in Windows NT/2000
By: Gene Burton (posted on October 31, 2003)
This document intends to research, evaluate and recommend solutions for overcoming the inability of Windows NT/2000 Server environments to limit concurrent user logins.
PDF Using and Evaluating Windows Software Update Service
By: John Ives (posted on October 31, 2003)
This paper describes the installation and use of Microsoft's Software Update Service (SUS) for the deployment of Operating System patches.
PDF Using Security Templates and Group Policy to Secure Windows Servers
By: Chet Duncan (posted on October 31, 2003)
This document describes how you can secure a Windows 2000 server using group policies.
PDF Secure Remote Server Administration of the Windows Server Family Using Windows Terminal Services
By: Bill Evrigenis (posted on October 31, 2003)
In this paper, I propose a method for installing and configuring Windows Terminal Services in a secure environment, methods for developing an analyst's work environment, and an essential set of tools.
PDF Management of Security Updates in the Windows 2000 Environment
By: Jim Cebula (posted on October 31, 2003)
This paper addresses: mitigating some risks by initially deploying a secure base configuration; newly discovered vulnerabilities; getting security updates; testing security updates in a non-production environment; scanning production systems for patch installation status; deploying security updates and management policy.
PDF Using Terminal Services to Remotely Administer Windows2000 Servers Securely
By: David Myhre (posted on October 31, 2003)
This paper will focus primarily on the security issues of using Terminal Services to remotely administer Windows 2000 Servers.
PDF Implementing Password Controls and Account Policies Using Windows 2000 Group Policy
By: Carlo Scannella (posted on October 31, 2003)
This paper will provide the reader with a high-level understanding of Group Policy, discuss some issues to consider when implementing Group Policy, and describe how strong password controls and secure account policies, as documented in the SANS Windows NT Security Step by Step, can be implemented in Windows 2000.
PDF Securing IIS on Windows 2000
By: Carl Denowh (posted on October 31, 2003)
This paper describes the methods used to secure Internet Information Server (IIS) on systems running Windows 2000.
PDF Securing Windows 2000
By: Scott Hoppe (posted on October 31, 2003)
This document will explain how to manage hotfixes on a Windows 2000 server running IIS 5 on the Internet. There will be five sections to this document: Importance, Assumptions, Hotfix practices, Tools, Installing Hotfixes, and Resources.
PDF Case Study:Use Caution When Deploying Microsoft's Software Update
By: James McVicar (posted on October 31, 2003)
The purpose of this case study is to document the process used to evaluate the security risks associated with SUS before implementing it on a real world network.
PDF Basic Steps to Hardening a Standalone Windows 2000 Installation
By: Todd Anderson (posted on October 31, 2003)
An overview of the tools and steps helpful in securing computers under Windows 2000.
PDF A Step-by-Step Guide to Securing Windows 2000 for Use as an Internet Server
By: David S. Courington (posted on October 31, 2003)
This paper will describe how to configure and implement Windows 2000 Server and IIS 5.0 with a reasonable amount of security.
PDF Overview of the Windows 2000 Security Tools
By: Jeff Christman (posted on October 31, 2003)
This paper will describe the location and use of the tools that are built into Windows 2000 operating system. With these tools, the administrators have a greater degree of control and can provide a secure internet- aware enterprise without purchasing third party tools.
PDF PKI: Protection of Stand Alone Certificates
By: William S. Pachucki (posted on October 31, 2003)
An overview of the Windows 2000 Stand-alone Offline Root Certificate Authority Protection Guide
PDF Auditing the Windows 2000 Authentication Process
By: Julio Silveira (posted on October 31, 2003)
This paper will describe the Windows 2000 authentication process, and how to collect and use the security events created in the authentication process in order to audit your system.
PDF Windows 2000 Known Vulnerabilities and Their Fixes
By: Tay Hock Lai (posted on October 31, 2003)
This paper provides the latest update (as of March 2000) on the vulnerabilities associated with Windows 2000 and the solutions available
PDF Planning a Secure Migration Project: Best Practices for Migrating from Windows NT to Windows 2000
By: Ben Eason (posted on October 31, 2003)
This paper discusses the steps involved in migrating from Windows NT to Windows 2000.
PDF Windows 2000 Security Standards
By: Hilel January (posted on October 31, 2003)
This document attempts to touch on a few of standards that can assist in ensuring that Availability, Integrity, Access control, Confidentiality, and Compliance (Auditability) objectives are met when using a Windows 2000 operating system.
PDF Securing Windows 2000 Server
By: Cory Bys (posted on October 31, 2003)
This document intends to outline the steps required to harden a default Windows 2000 Server installation.
PDF Secure Windows Initiative Trial by Fire: IIS 5.0 Printer ISAPI Buffer Overflow
By: Corey Pincock (posted on October 31, 2003)
This paper discusses how Microsoft's Secure Windows Initiative protects a Windows 2000 server.
PDF Basic Security Issues of Active Directory
By: Johnny L. Waddell (posted on October 31, 2003)
This paper examines Active Directory, a flexible and scalable management platform for distributive network resources and applications.
PDF Windows 2000 and Network Security
By: Travis Abrams (posted on October 31, 2003)
This paper will focus on basic network security procedures and the new features of Windows 2000.
PDF Encrypting File System Primer: Basics and Best Practices
By: Kayron C. Valentine (posted on October 31, 2003)
This paper takes a look at EFS, what it is, how it works, and more importantly, what you need to know to make it work effectively for you.
PDF Role-Based Administration for Windows 2000
By: Jane E. Murley (posted on October 31, 2003)
This paper looks at simplifying the management of security for Windows 2000 by discussing role-based administration in Windows 2000 and a product that provides role-based administration capabilities for Windows 2000.
PDF Kerberos Authentication in Windows 2000
By: Vishwas Gadgil (posted on October 31, 2003)
This paper attempts to explain the Kerberos based authentication in Windows 2000 and also tries to explain the new and sometimes confusing terminology in a layman's words.
PDF A Discussion of Best Practices for Microsoft's Encrypted File System
By: Chuck "Spence" Fasching (posted on October 31, 2003)
This paper discusses using Microsoft's Encrypted File System to mitigate the risk associated with mobile and network computing. Specifically, it addresses file system security in relation to encryption and EFS and discusses many of the best practices, as recommended by Microsoft and other sources
PDF Windows 2000 Kerberos Interoperability
By: Christopher Nebergall (posted on October 31, 2003)
While other papers discuss Kerberos in general or the Windows 2000 implementation, this work explores compatibility issues between traditional Unix implementations and Microsoft's implementation.
PDF Kerberos: Secure Authentication
By: Jose L. Marquez (posted on October 31, 2003)
This paper examines the processes, functions, and interoperability issues of Kerberos secure authentication.
PDF A Breakdown of the Top Five Windows 2000 IIS Threats in 2001
By: Simon P. Plant (posted on October 31, 2003)
The author presents a detailed examination of the top five Windows IIS threats (2001): Remote Command Execution Via Internet Printing Service, Microsoft IIS CGI Filename Decode Error Vulnerability, Remote command execution via Buffer Overflow in Indexing Service, Unauthorised SMTP relaying, Buffer Overflow in FrontPage server extension.
PDF Security Considerations for Dynamic DNS Implementation in a Windows2000 Environment
By: Deborah Wade (posted on October 31, 2003)
This paper describes how, when DNS is fully integrated into Active Directory, you can then utilize three important security benefits in a Windows2000 network: Secure dynamic updates, Secure zone transfers, and Access Control Lists for zones and resource records.
PDF Security Holes in ISAPI Extensions
By: Chew HwaiGeeng (posted on October 31, 2003)
In this paper the author will mainly discuss the ISAPI extensions and the security holes that are associated with them.
PDF Installing Microsoft's Internet Security and Acceleration Server (ISAS): Getting Started and
By: Jack Green (posted on October 31, 2003)
This paper presented a procedure for establishing a test environment in which to prove ISA firewall rules. For a minimal investment, a student/professional can develop policies in vitro before deploying to the production environment. The sample rules are not presented as exhaustive.
PDF The Encrypting File System: How Secure is It?
By: Howard Wright (posted on October 31, 2003)
This paper examines Microsoft's Encrypting File System (EFS) which does provide an additional layer of security, and discusses just how difficult it is to attack.
PDF Hisecweb.inf - An Analysis
By: Colleen L' Abbe (posted on October 31, 2003)
This paper examines the hisecweb.inf security policy as part of the overall security hardening of Windows 2000 and IIS 5.0.
PDF How To Defend Against L0phtcrack v3 With Windows 2000 Group Policy Objects
By: Stephen Pullum (posted on October 31, 2003)
This paper is a how-to guide for defending against a exploit and vulnerability based on an environment in which a Windows 2000 domain running in native mode. The vulnerability is weak passwords and its exploiter is none other than L0phtcrack v3 by @Stake.
PDF Enforcing the "Least Privilege" Principle through Active Directory, OUs, GPOs, and Group Policy Filtering
By: Ricardo Rodriguez (posted on October 31, 2003)
This document presents an approach to further enforce the "Least Privilege" principle by combining Active Directory, GPOs, and Group Policy filtering techniques
PDF PWL Files: The Achilles' Heel of Windows 9X Client Networks
By: Scott Winters (posted on October 31, 2003)
This paper discusses a major security concern on Windows 9X stations: the PWL file.
PDF Implementing a Windows 2000 Host Based Intrusion Detection System
By: Richard Springs (posted on October 31, 2003)
This practical is a "how to" document that provides a brief overview of Intrusion Detection Systems (IDS), explains design considerations, and describes installation steps for the Windows 2000 Host Based Intrusion Detection System.
PDF Addressing Network Security through Windows 2000 Active Directory: Designing a Single Domain Structure
By: Les McCarter (posted on October 31, 2003)
This paper provides security design considerations for locating users, computers and groups in the Windows 2000 network environment.
PDF What Does It Take to Harden an IIS Web Server?
By: Boris Napernikov (posted on October 31, 2003)
The purpose of this document is to shed some light on how to make it harder for an intruder to compromise the system. We'll be going through securing a Windows 2000 server running IIS 5.0 and some of the tools that we can use to scan system(s) before putting it into production.
PDF Building a Secure Windows 2000 Professional Network Installation
By: Bruce Fyfe (posted on October 31, 2003)
This paper puts forth a best practices approach to securing a Windows(R) 2000 networked workstation.
PDF Too Many Operating Systems, Not Enough Laptops
By: Martin A. Reymer (posted on October 31, 2003)
This paper will provide an administrative person with the steps and wherewithal to survey their resources, research processes and procedures mainly from the Internet, and acquire the necessary hardware and software to fully configure a dual-boot laptop for use with the Windows 2000 and the Linux operating systems.
PDF Remote Scanning Utilities for Microsoft Hot Fixes and Service Packs
By: Larry Nicholl (posted on October 31, 2003)
The purpose of this paper is to show how security administration can benefit by the use of six utilities for remote scanning for Microsoft hot fixes and service packs on multiple Windows systems (NT, 2000, XP, IIS 4 and 5, SQL Server 7.0 and 2000, Exchange 5.5 and 2000, Windows Terminal Server, and Windows XP Home Edition).
PDF Securing an IIS 5.0 Web Server on Windows 2000 using Security Tools and Templates
By: Graeme McLintock (posted on October 31, 2003)
This paper attempts to give an overview of the security guides, tools and templates available from Microsoft, and to describe the basic steps involved in applying the tools and templates. The commonalities and differences between the security templates available are highlighted, and how several of these tools and templates can be used together to benefit from the settings made by each one is described.
PDF Security Measures for Windows 2000 Terminal Server in an Unrestricted
By: Douglas McCrea (posted on October 31, 2003)
This case study demonstrates the security practices and procedures followed as well as resources used to install Windows 2000 Terminal Server (Application Mode) and corresponding thin clients in a mostly unrestricted university environment.
SANS Reading Room

This course will provide a wealth of information to advance my career in the IT field.
-Doreen Lawrence, Los Alamos National Lab

CyberTalent Assessments

Latest Whitepapers

Event Monitoring and Incident Response
By Ryan Boyle

Dead Linux Machines Do Tell Tales
By James Fung

Setting Up a Database Security Logging and Monitoring Program
By Jim Horwath

Latest Tweets

DFIR Webcast starts in 75 minutes - 50 Shades of Hidden - Di [...]
May 17, 2013 - 3:46 PM

New blog post by @yorikv on pen test tips for file analysis. [...]
May 16, 2013 - 5:07 PM

New Blog Post: SANS EU #DFIR Summit in Prague - Call for Spe [...]
May 16, 2013 - 12:33 AM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage