Security Considerations for Migrating from NT to Win2K, Part 5

In "Security Considerations for Migrating from NT to Win2K, Part 4," August 2001, I covered IP Security (IPSec), its implementation within Windows 2000, and how it can help improve the security of connections on your network. In Part 5, I look briefly at the new Win2K Service Pack 2 (SP2) and its major security fixes and describe a few simple steps for securing Microsoft Internet Information Services (IIS) 5.0, the IIS version included with Win2K.

You might be wondering what an article about Win2K SP2 and IIS 5.0 is doing in a series about migration from Windows NT 4.0 to Win2K. Many people have been waiting to upgrade to Win2K until it had been knocked around a bit and Microsoft had patched it up. With SP2, Win2K has arrived at that point. SP2 fixes enough problems—including some glaring IIS 5.0 problems—that you can now safely start your migration from NT 4.0.

A Pretty Good Fix
Win2K SP1 included a variety of fixes, patches, and security-vulnerability fixes. Win2K SP2 contains SP1's fixes plus a long list of security-vulnerability fixes that Microsoft has released since SP1. Microsoft released some patches and vulnerability fixes too late to include them in SP2. In addition, many Microsoft Internet Explorer (IE) 5.5 patches and security fixes are included in the IE service pack and not in SP2. Despite these omissions, SP2 fixes many security vulnerabilities. For a fairly comprehensive list of the security vulnerabilities that SP2 fixes (not including the ones SP1 fixes), go to http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/security/news/w2ksp2.asp. For a list of SP1's security fixes (which SP2 includes), go to http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/security/news/w2ksp1.asp. . . .