Hardening Microsoft Windows 2000 Professional

Short Description
No One document can provide a complete guide to securing a Windows 2000 system. Thus, the following resources are available for additional information …

Website: security.tennessee.edu | Filesize: 423kb

Content
Office of Information Technology
Faculty and Staff
Windows 2000
System Hardening Policy
June 6, 2003
Version 1.1
“Qui non est hodie cras minus aptus erit.”
“He who is not prepared today will be less so tomorrow.”
Ovid 1Introduction
System security is a cyclical process. Steps have to be taken daily to ensure the integrity of data and security of a system. The process of system hardening is not a one-time event; it is a dynamic and reiterative process. Security holes are discovered daily in operating systems and programs. A secure system today may not be secure tomorrow.
System security cannot be considered inconsequential. “Who would want to break into this system or why would they want to?” The how and where of this line of questioning can fill volumes. The “who” could be anyone whether they have legitimate access or not. The “why” is simple: free computing resources to be used by an intruder in any way they see fit. A compromised system can quickly become a liability as the compromised machine begins to affect the network or operations on other machines locally and remotely.
A system can be compromised via non-patched or insecure network applications. However, there are many more ways that a system can be compromised via a local account. Because of this fact, every aspect of the system and its maintenance must be considered when securing it. Because there…