People often make the mistake of relying on default installation procedures when installing Windows 2000. However, the OS is chock full of applications, protocols, and tools—many of which you will never need in a particular installation. The best thing you can do to reduce system vulnerability is adhere to a simplistic approach when installing the OS on your organization’s network. This is one area of IT administration where an ounce of prevention is worth a ton of patches.
Need an example? Your Windows 2000 Web server probably has OS-2 and POSIX support installed. Most installations can simply delete these subsystems. Does your server have a word processor, spreadsheet app, and programmers' tools such as C++ or Visual BASIC? Many servers do, but do you really want those on a Web server? You may have needed some of these to get the server up and running or to tweak it for optimum performance, but unless you use them daily, they do not belong on a Web server. Every single unused application or subsystem is another possible route crackers can take to get into your system. If you are certain they’re not needed, dump them.
I know, it is tempting to install all that "free" software that came with your new server program, trusting a well-configured firewall or other security procedures to protect the system. However, don’t make the mistake of settling for a standard, company-wide configuration. If you have quite a few servers, they may all need a different set of tools and features installed. This makes installation and maintenance harder, but it may be worth the extra work to keep all those systems secure.
Have a comment?
If you'd like to share your opinion, start a discussion below or send the editor an e-mail.