Chapter 3. Building a Windows 2000 Bastion Host

This chapter describes the differences between Windows NT and Windows 2000 that you need to be aware of when you build your Windows 2000 bastion host. The chapter isn’t a self-contained description of building a bastion host. I assume here that you’ve read Chapter 2, and I focus only on the differences between the two systems, particularly the new network features in Windows 2000.

This chapter also contains an introduction to the IPSec implementation in Windows 2000. IPSec can be used to build virtual private networks (VPNs) for remote access to company internal information. It can also be used to establish secure extranets with business partners over the Internet. The IPSec gateway will then be a part of your perimeter network and should be configured as a bastion host.

IPSec can also be used to control access to your Windows 2000 systems in a more sophisticated manner than the TCP/IP IP Security feature covered in Chapter 2.

Differences Between the Systems

Even though Windows 2000 is a major rewrite of the NT 4.0 code base, very little of the rewritten code actually affects our work on the bastion host. The hardening process is performed in almost exactly the same way on the two systems. Once you master the NT 4.0 process, you should be able to build a Windows 2000 bastion host too.

The following sections describe the few differences you need to know about.

Installing Windows 2000

The installation process on Windows 2000 is started ...

Get Securing Windows NT/2000 Servers for the Internet now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.