- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Securing Windows 2000
- Abstract
- Microsoft's server products have a history of security issues. Microsoft releases Service Packs and hotfixes on a regular basis. Service Packs are compilations of patched files that have been thoroughly tested by Microsoft. Hotfixes are intermediate patches released between Service Packs and are not thoroughly tested, but fix a bug or vulnerability deemed important enough to be fixed in the interim. Since Service Pack 6a, which was released in May 1999, there have been 27 Security related Hotfixes released for NT 4.0. After Service Pack 1 was released for Windows 2000 in July 2000, there have been 29 Security related hotfixes released as of March 16, 2001. Are all of these important? How does an administrator wade through and track all of these hotfixes? This document will explain how to manage hotfixes on a Windows 2000 server running IIS 5 on the Internet. There will be five sections to this document: Importance, Assumptions, Hotfix practices, Tools, Installing Hotfixes, and Resources.