Security Scan for Win 2003 Server

Science & Technology Information Technology, Gaming, Machines, Gadgets
1

Are there any tools available, or functionalities built within the operating system itself. Apart from firewall, latest service packs and port closures, what are some of the other necessary steps to consider? Najim, please give some insight..

2

Re: Security Scan for Win 2003 Server

You might have tried these already, but i will list them anyway

  1. Microsoft Security basline Analyzer (free from M$)
  2. GFI Scanner(free for limited time)

Guide for win2003 security by M$

3

Re: Security Scan for Win 2003 Server

Abdullah,

I guess Tofibaba can give u better info, but according to my experience there is nothing in the system itself to scan or test the security of the server but to check event log or manual check the settings.

The links provided above may be of any help.

Cadet!!!!
4

Re: Security Scan for Win 2003 Server

Windows Server 2003 comes pretty tight out of the box. Most of the items are locked down and you have to selectively activate them as opposed to previous server OS's where you had to go and close everything down. As for scanning Mr. Genius gave the basic scanner options out there.

For further/extensive scanning try one of those live linux distros out there (BackTrack, Whoppix etc) and thoroghly scan the server. But mostly you should be ok with basic installs and all the service packs done and generally scanning it with MSBA.

5

Re: Security Scan for Win 2003 Server

Check this out
I found this in my hardening OS folder… hopefully, it’ll be of some use to you.
I highly recommend checking this out if you are trying to lock down server2003

Newbies just get ignored by many ....
6

Re: Security Scan for Win 2003 Server

Mr. Genius,
Can you please tell us what it is? i don't like downloading stuff that i don't need to.

7

Re: Security Scan for Win 2003 Server

Thank you guys. I am super paranoid as last year one of our Linux server got hacked and used for malicious attackes against other companies. Although, the server was running without any firewall and with numerous security deficiencies.

I did run the Windows Baseline scan, and tightened up the security with Apache. Does anyone know how to run Apache within a "jail" on a windows machine. Much appreciated.

8

Re: Security Scan for Win 2003 Server

If u run any server without a firewall u're just calling for crackers for happy hour. Just put port protection and let them run. All else is cool.