A Step-by-Step Guide to Securing Windows 2000 for Use as an Internet Server

The following document will describe how to configure and implement Windows 2000 Server and IIS 5.0 with a reasonable amount of security. As we all know security is a never-ending task. As soon as one vulnerability is fixed, another is discovered. Also, making a system completely secure from attack while it exists on a public infrastructure is impossible. The best you can hope to do with security is to harden the system to the point that the attacker will look for an easier target. This document assumes that the reader has a basic working knowledge of Windows 2000, IIS 5.0, and general network security practices. This document is not designed to be a 'catch all' for establishing a secure IIS 5.0 Server for all applications. However it does attempt to provide a good basis for establishing an acceptable level of security when preparing a Windows 2000 Server and IIS 5.0 as a web server to be deployed on the Internet. This document is structured as a 'Step-By-Step' guide. However as stated above it is assumed that the reader has a basic working knowledge of Windows 2000 and general security concepts. With this assumption made this document uses some terminology and references that require this knowledge.