IT Management Daily
Storage Daily
Security Daily

follow us on Twitter

Be a Commerce Partner

Internet News
Small Business
Personal Technology

Search internet.com
Corporate Info
Tech Jobs
E-mail Offers

Security Products
 Bulletproof Public PC (Pc-Safety)
 Outlook Duplicates Remover (Outlook Duplicates Remover)
 Power Registry Suit (GETVideoSoft)
 Secure Email (Secure Email)
 Password Genie (SecurityCoverage, Inc.)
 PC Cop (Maximum Software)
» Enterprise IT Planet » Security » Security Features

AntiOnline Spotlight: Windows 2003 SP1 Overview and Security Configuration

By Enterprise IT Planet Staff
April 22, 2005

Email Print Digg This Add to del.icio.us
With every service pack release from Microsoft, worried looks adorn the faces of administrators far and wide. But with a few pointers, they can embark on a stress-free upgrade.

Expect an angry phone call or two if your unpatched Windows 2003 server starts acting up.
There are many reasons why Windows servers go unpatched, besides testing. There's the fear of throwing a wrench into a setup that's currently working well and tuned to perfection. Sometimes more pressing matters cause an upgrade to get pushed to the back burner. Too many times, however, it just gets lost in the shuffle.

Of course, when the next major worm infestation cripples networks and armies of spambots flood the Internet with unwanted email, everyone is quick to blame those "irresponsible" administrators that left their machines at the mercy of attackers and virus coders. Being no stranger to discussion boards and techblogs, you've undoubtedly encountered stronger language to describe those admins.

Face it; patching is a fact of life. And as much fun as it seems to take Microsoft to task for the quality of their products, it's not a situation exclusive to Redmond's resident Goliath. Take the case of a recent Cisco IOS update, for instance.

But hard feelings and endless debate do not change the fact that at the end of the day, a patched system stands a better chance of protecting your data than one left to its own devices. Of course, you will always hear about a handful of situations where a patch seems to compound a problem, but that just goes to show how tricky it is to navigate an endlessly divergent ecosystem of hardware and software. By and large, patches generally do more good than harm.

With that in mind, we bring your attention to AntiOnline member SDK's illustrated tutorial called "Windows 2003 SP1 Overview and Security Configuration". As the title suggests, it provides a step-by-step guide to configuring your own secure server configuration.

Think of it, when next major security incident flares up, you can secretly take pleasure in pointing out to those irresponsible admins the error of their ways.

Note: Any opinions expressed below are solely those of the individual posters on the AntiOnline forums.

This Week's Spotlight Forum:
Windows 2003 SP1 Overview and Security Configuration

What compelled SDK to create this tutorial?

A few days ago, I was at the Technet Winter Tour in Montreal and I had a very good presentation about Windows 2003 Service Pack 1, especially about the Security Configuration Wizard. I found that very interesting so I decided to share it with the communities.
To start, here are some of the features SP1 has in store.
Windows XP SP2 firewall is installed but doesn't run by default. You have to enable it yourself unless you install a slipstream version of Windows 2003 with SP1. This is done so your server is up and running right after the installation without blocking all of your users access to the server. You probably ask yourself how to configure the Windows 2003 firewall with all those services that can run on a server like Active Directory, Exchange, DNS, etc, well, this is where the Security Configuration Wizard kicks in! THE reason to install Service Pack 1!

DCOM and RCP anonymous requests don't work anymore. For any admin, that part is really good unless you have custom applications that use them, but to my knowledge those kind of programs are somewhat of rare. It's just a matter of testing here.

...There is also an update to the TCP/IP protocol in Winsock self-healing, a new Winsock netsh comments, the SYN attack protection is enabled by default, a new SYN attack notification IP helper, APIs and Smart TCP port allocation.

After that, we get into the meat of the Security Configuration Wizard Tutorial. But first, here's what to expect.
The goal of the Security Configuration Wizard is to configure the Windows Firewall correctly, shutdown unused services, configure registry settings and configure your audit policy on your Windows 2003 Server....
There's no turning back now, visit the thread, grab the PDF and learn how to lock down that Windows 2003 server.

Email Print Digg This Add to del.icio.us

Security Features Archives