Re: Security on 2003 Server Enterprise Edt.



Look into the guidance from MS on security W2k3/XP and consider
using the SCW (Security Configuration Wizard) to get a decent starting
point on your server's lockdown. There is very much that depends on
the usage of the server, so neither are the docs brief, the SCW totally
simple, nor any answer you could get here accurate to your case.
http://www.microsoft.com/technet/security/guidance/default.mspx
http://www.microsoft.com/technet/security/prodtech/WindowsServer2003.mspx

That said, yes there is a firewall in W2k3. AFAIK there are still some
issues with it if you have multi-nics and/or multi-ips on a nic.
IPsec can give you a very effectively cloaked machine (as it can for W2k,
XP,
etc) if the roles / use-cases of the machine are well-defined.
SCW will give you a great start on minimizing the risks/exposures of W2k3

--
Roger Abell
Microsoft MVP (Windows: Security)

"KB" <KB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F9AFF59D-4332-40F9-A8AA-4E10A4A85A41@xxxxxxxxxxxxxxxx
Within the next 2 weeks, i'll be installing a Enterprise 2003 server at
home,
and i'm thinking about the security aspects of it!! I'll be behind a
Belkin
Router, but i've read somewhere that Windows Firewall comes on 2003
servers.......

Is this true or can someone help me with a cheaper alternative to an ISA
server, since i'm not the wealthiest man in the world!!!

Thnx


.



Relevant Pages

  • RE: Binding Windows Services to Specific Addresses Only
    ... Hence " SCW is an excellent starting point for default services" in my ... Any time that you put security measures in place, you need to plan in time ... Wayne S. Anderson ... Binding Windows Services to Specific Addresses Only ...
    (Focus-Microsoft)
  • Re: W2000 security
    ... time-wasting background processes and that reduces the attach surface. ... but the reality was that all the hype about the SCW turned out to be nonsense. ... BUT they forgot the WHOLE of their o/s was badly designed and the WHOLE of IE is badly designed in the context of security, and having this mish-mash of a browser that hooks directly into the o/s and a "Windows Media Player" that can't be uninstalled on a PRODUCTION SERVER MACHINE and is flawed from day one, and guess what?? ... I could design a better security model in my lunch hour. ...
    (microsoft.public.security)
  • Re: W2000 security
    ... claimed SCW did not deliver but then made reference to IE, ... BUT they forgot the WHOLE of their o/s was badly designed and the WHOLE of ... IE is badly designed in the context of security, ... "Windows Media Player" that can't be uninstalled on a PRODUCTION SERVER ...
    (microsoft.public.security)
  • RE: Binding Windows Services to Specific Addresses Only
    ... handed off data to a console app which then had to make the communication. ... SCW is an excellent tool in the toolbox, make sure when you are implementing ... for debug with SCW or any other security implementation, ... Binding Windows Services to Specific Addresses Only ...
    (Focus-Microsoft)
  • Re: SCW with Terminal Services Custom Port
    ... SCW - Security Configuration Wizard, ... > Microsoft MVP - Terminal Server ... >> I take it from your post that it is not possible to keep the port change ...
    (microsoft.public.windows.terminal_services)