|
|
| Home | Active Directory | Admin Tools | Security | Resources |
Securing Windows NT or Windows 2000/2003 requires a thorough knowledge of the operating system. Learn how to install NT or 2000/2003 correctly and how to shut off the services that you don't need. At some point, I hope to provide some good documentation on how to lock down your boxes on campus. Until then, you will be well servered to read as much as you can and test everything before you deploy it. Also learn the details of permissions or ACL's (access control lists) in order to secure your NT boxes. I can can recommend some good reading which will serve as an entry into the world of security.
A good insight into security along with specific how to's can be had by reading:
Windows 2000 Security Handbook by Philip Cox and Tom Shledon (ISBN# 0-07-212433-4)
Hacking Exposed, Windows 2000 by Joel Scambray and Stuart McClure (ISBN# 0-072-19262-3)
Windows NT Security Guide by Stephen A. Sutton and Trusted Systems Services, Inc. ISBN# 0-201-41969-6
Securing Windows NT/2000 Servers for the Internet by Stephan Norberg (O'Reilly) ISBN# 1-56592-768-0
TSS/NSA Windows NT Security Guidlines - You can download the unclassified document that Trusted Systems Services, Inc. prepared for the NSA and have offered free of charge on their web site.
Microsoft's Security Advisory Center - Visit this site regulary for a variety of security related services.
Subscribe to Microsoft's Security Bulletins (e:mail listserv) - they will inform you of the latest and greatest security issues with all of the Microsoft products so you can close the holes before the hackers have time to use the exploits. The hackers all subscribe to this list too.
Web server security - If you are running IIS or any web server for that matter, you are extremely vulnerable to a variety of hacks. Learn the web software and make sure you know how to secure it! I can't tell you how many IIS servers I have come across with FTP services running wide open because they install IIS with all the defaults and don't take the time to learn how to secure it. If you don't need a service to function, turn it off.
View online seminars on IIS security (and everything else) - Microsoft has lots of good seminars (on many different subjects) that you can view over the web and has a rating system so that you can choose the appropriate level of difficulty.
Microsoft's Securring IIS 5.0 checklist - Use this document to help you lock down your IIS 5.0 boxes. If you are still using IIS 4.0, you should look at migrating as soon as possible. IIS 5.0 is immeasurably more secure.
It is the responsibility of the administrator to keep the network environment in his/her charge secure. That may mean that you need to request the appropriate resources in terms of staff, training, and training materials for your department. It is a good idea to *document* your requests for these resources. Subscribe to the ITSECURITY (mail to listserv@listserv.uga.edu with the subject subscribe and ITSECURITY in the body of the mail to join) mail list to stay up to date with what UGA, EITS, and the various departments are doing about security. This list is reserved for full time faculty/staff only.