Windows 2000 Professional: Guard against DoS attacks
Denial of service (DoS) attacks are one of the most common methods hackers use to disable a system or, at the very least, to severely impact its performance. Computers that sit behind a firewall are generally protected from most DoS attacks, but computers connected directly to the Internet are much more susceptible to these attacks.
There are a handful of registry settings you can apply to a Windows 2000 computer in order to harden it against DoS attacks, including these:
All of these DWORD values reside in registry key:
Also, set the following registry key to a value of 1 to prevent the computer from releasing its NetBIOS name when it receives a name-release request:
Note: Editing the registry can be risky, so be sure you have a verified backup before making any changes.
Windows 2000 Server: Protect offline SAM
Every Windows 2000 computer stores local users and their passwords in a special part of the registry commonly referred to as the Security Accounts Manager (SAM). When you promote a Windows 2000 server to a domain controller, SAM is no longer used. Instead, accounts are stored in Active Directory.
Domain controllers have a special offline SAM that stores the Administrator account used in the Directory Services Restore mode. This mode is used to recover Windows 2000 domain controllers. Since this account is very powerful, you must protect it. Here are some tips for protecting this account:
If you used Server Wizard to set up your domain controller, make sure you read Microsoft Knowledge Base article Q271641. This article discusses security issues related to using the Server Wizard.