Locking Down Windows 2000 Server

Question: We are running Windows 2000 server and I know it came out of the box much less secure than Windows 2003 server does. How can I lock down Windows 2000 server?

The IT Guy says:
You are correct, Windows 2000 by default is configured with many more services enabled and vulnerabilities exposed than Windows 2003 server. I highly recommend locking down your server by shutting off unneeded services and limiting user access as tightly as possible.

Certainly you can manually lock down Windows 2000 server, but Microsoft has created some free tools that make the process much easier. The IIS Lockdown Tool is a free download that will help you enable or remove unneeded Windows 2000 server features. It also integrates the free URLScan webtool, which can restrict useable URL syntax actions / acceptable URL verbs. URLScan comes with Windows 2003 server and IIS 6.0, but must be downloaded separately for IIS 5.0 or used as part of the IIS Lockdown tool.

Beware that URLScan can lock down your server too much and impair functionality, so look carefully at the list of verbs it disallows to make sure your server applications will not be negatively impacted. URLScan can prevent your server from being overwhelmed by poorly formed URLs or hacker attacks, and, as a free tool, the price can’t be beat.

Next Tip: Recommendations for Teacher Website Creation Tools