MORE INFORMATION
To maintain a secure network of any kind always demands
diligence on the part of the system administrators that operate it. Because SBS
is a comprehensive suite, administrators of SBS installations need to be aware
of the security of each suite component. All patches and security bulletins
will first appear on the following Microsoft Security Web site:
All SBS administrators are urged to subscribe to the Microsoft
Security Notification service:
For a comprehensive list of all of the security patches that are
available, use the following Microsoft Security Bulletin Search Web site:
Administrators are encouraged to use the Security Bulletin Search
in conjunction with subscribing to the Security Notification Service to
maintain their servers in the most secure state possible.
Hotfixes
are patches that are released between service packs and that are designed to
address one or more specific issues. After you apply a hotfix, you are normally
required to restart your computer. If you do not restart your computer after
you install a hotfix, the hotfix may not be installed properly. Note that you
can use the QChain.exe tool to install multiple hotfixes in the same session,
with only a single reboot.
For additional information about the
QChain.exe tool, click the article number below to view the article in the
Microsoft Knowledge Base:
296861 Use QChain.exe to Install Multiple Hotfixes with Only One Reboot
Service packs are larger, much more inclusive
packages that are designed to address a wide range of issues, including
security. Users that are running the latest service pack of a product are
normally protected from most vulnerabilities that have been identified up to
the date of the Service Pack release. To obtain a list of the latest service
packs that are available for each SBS suite component, please see the following
Microsoft TechNet Service Packs Web page:
Small Business Server 2000 Service Pack 1 (SP1) includes updates
for the operating system, server applications, and security features that have
been released since the general product availability date in April 2001. For
more information, see the following Microsoft SBS Web page:
IMPORTANT: Unless a security bulletin specifically warns against
installation on SBS, any security bulletin that is released for any of the
suite components can be safely applied to SBS. As always, carefully read the
release notes for any hotfix or service pack before you apply it to production
computers.
You can use the following actions as part of your overall
security strategy when you deploy SBS 2000 installations:
- Subscribe to the following Microsoft Security Notification
Service:
- Become familiar with the tools and concepts on the
following Microsoft TechNet Security Web site:
- Install and configure the server as outlined in the latest
SBS Release Notes that are available at the following SBS Web site:
- Apply the latest service packs for each suite component.
The list of service packs can be found at the TechNet Service Packs Web page:
- Use the following Security Bulletin Search Web page to make
sure any post service pack updates are applied:
- Continue to monitor the Security Notification Service for
any new updates that may be released. As new updates are released, tools (such
as Terminal Services, QChain, VBScript, and so on) can be used to remotely
apply the patches to your client's sites.
General Microsoft Security Information
Microsoft Security home page
Security Bulletin Search
Secure Internet Information Services 5 Checklist
Windows 2000 Internet Server Security Tool
Windows Domain Controller Checklist
National Security Agency: Windows 2000 Security Recommendation Guides
Microsoft
provides third-party contact information to help you find technical support.
This contact information may change without notice. Microsoft does not
guarantee the accuracy of this third-party contact
information.
CERT Coordination Center: Steps for Recovering from a UNIX or NT System Compromise
Microsoft
provides third-party contact information to help you find technical support.
This contact information may change without notice. Microsoft does not
guarantee the accuracy of this third-party contact
information.
URLScan Security Tool
URLScan is designed to make an IIS installation secure by
default. This means that upon installation of the tool, IIS will not accept a
variety of HTTP requests. Therefore, some SBS applications, like Outlook Web
Access, may not function properly until the URLScan.ini file is edited to allow
that functionality. Full details, including sample configurations, for editing
URLScan can be found in the "urlscan.txt" file included with the download.