How to Harden Public MS 2K3 DNS?

G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.windowsnt.domain,microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

We are looking at replacing our UNIX Public DNS servers with Microsoft W2K3
DNS servers. these servers will not be doing anything but Static DNS for
our external name space. Does anyone know of an article or paper that talks
about hardening or bastionizing a Windows 2K3 DNS server for public
exposure?


Thanks,
Fred
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.windowsnt.domain,microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

Microsoft® Windows® Security Resource Kit
http://www.microsoft.com/mspress/books/6418.asp

Windows Server 2003 Security Guide
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx

Service Management Functions
http://www.microsoft.com/technet/itsolutions/cits/mo/smf/mofsmsmf.mspx

How Microsoft Does IT
http://www.microsoft.com/technet/itsolutions/msit/default.mspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

-------------------------------------------------------------------------------------------

"Fred Yarbrough" wrote:

| We are looking at replacing our UNIX Public DNS servers with Microsoft W2K3
| DNS servers. these servers will not be doing anything but Static DNS for
| our external name space. Does anyone know of an article or paper that talks
| about hardening or bastionizing a Windows 2K3 DNS server for public
| exposure?
|
|
| Thanks,
| Fred
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.windowsnt.domain,microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

Thanks for the reply Carey. I have read most of these documents and was
hoping to find something more detailed. I will probably start with the
Bastion Host Security Template and then tweak it. The NSA has pretty good
documents for DNS hardening but it is for W2K and not for W2K3.



Thanks,
Fred



"Carey Frisch [MVP]" <cnfrisch@nospamgmail.com> wrote in message
news:eGJEcjMrFHA.2592@TK2MSFTNGP09.phx.gbl...
> Microsoft® Windows® Security Resource Kit
> http://www.microsoft.com/mspress/books/6418.asp
>
> Windows Server 2003 Security Guide
>
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx
>
> Service Management Functions
> http://www.microsoft.com/technet/itsolutions/cits/mo/smf/mofsmsmf.mspx
>
> How Microsoft Does IT
> http://www.microsoft.com/technet/itsolutions/msit/default.mspx
>
> --
> Carey Frisch
> Microsoft MVP
> Windows XP - Shell/User
> Microsoft Newsgroups
>
> --------------------------------------------------------------------------
-----------------
>
> "Fred Yarbrough" wrote:
>
> | We are looking at replacing our UNIX Public DNS servers with Microsoft
W2K3
> | DNS servers. these servers will not be doing anything but Static DNS
for
> | our external name space. Does anyone know of an article or paper that
talks
> | about hardening or bastionizing a Windows 2K3 DNS server for public
> | exposure?
> |
> |
> | Thanks,
> | Fred
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.general (More info?)

You could ask this in a 2003 Server group. It has nothing to do with
XP, after all.

On Mon, 29 Aug 2005 15:39:04 -0500, "Fred Yarbrough"
<fcyarbrough@yahoo.com> wrote:

>Thanks for the reply Carey. I have read most of these documents and was
>hoping to find something more detailed. I will probably start with the
>Bastion Host Security Template and then tweak it. The NSA has pretty good
>documents for DNS hardening but it is for W2K and not for W2K3.
>
>
>
>Thanks,
>Fred
>
>
>
>"Carey Frisch [MVP]" <cnfrisch@nospamgmail.com> wrote in message
>news:eGJEcjMrFHA.2592@TK2MSFTNGP09.phx.gbl...
>> Microsoft® Windows® Security Resource Kit
>> http://www.microsoft.com/mspress/books/6418.asp
>>
>> Windows Server 2003 Security Guide
>>
>http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx
>>
>> Service Management Functions
>> http://www.microsoft.com/technet/itsolutions/cits/mo/smf/mofsmsmf.mspx
>>
>> How Microsoft Does IT
>> http://www.microsoft.com/technet/itsolutions/msit/default.mspx
>>
>> --
>> Carey Frisch
>> Microsoft MVP
>> Windows XP - Shell/User
>> Microsoft Newsgroups
>>
>> --------------------------------------------------------------------------
>-----------------
>>
>> "Fred Yarbrough" wrote:
>>
>> | We are looking at replacing our UNIX Public DNS servers with Microsoft
>W2K3
>> | DNS servers. these servers will not be doing anything but Static DNS
>for
>> | our external name space. Does anyone know of an article or paper that
>talks
>> | about hardening or bastionizing a Windows 2K3 DNS server for public
>> | exposure?
>> |
>> |
>> | Thanks,
>> | Fred
>>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.windowsnt.domain,microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

Something like this:
http://www.akomolafe.com/Portals/1/Docs/guide_to_securing_microsoft_windows_2000_dns.pdf
?

--

Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
"Fred Yarbrough" <fcyarbrough@yahoo.com> wrote in message
news:eCClzmNrFHA.716@TK2MSFTNGP10.phx.gbl...
> Thanks for the reply Carey. I have read most of these documents and was
> hoping to find something more detailed. I will probably start with the
> Bastion Host Security Template and then tweak it. The NSA has pretty good
> documents for DNS hardening but it is for W2K and not for W2K3.
>
>
>
> Thanks,
> Fred
>
>
>
> "Carey Frisch [MVP]" <cnfrisch@nospamgmail.com> wrote in message
> news:eGJEcjMrFHA.2592@TK2MSFTNGP09.phx.gbl...
>> Microsoft® Windows® Security Resource Kit
>> http://www.microsoft.com/mspress/books/6418.asp
>>
>> Windows Server 2003 Security Guide
>>
> http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx
>>
>> Service Management Functions
>> http://www.microsoft.com/technet/itsolutions/cits/mo/smf/mofsmsmf.mspx
>>
>> How Microsoft Does IT
>> http://www.microsoft.com/technet/itsolutions/msit/default.mspx
>>
>> --
>> Carey Frisch
>> Microsoft MVP
>> Windows XP - Shell/User
>> Microsoft Newsgroups
>>
>> --------------------------------------------------------------------------
> -----------------
>>
>> "Fred Yarbrough" wrote:
>>
>> | We are looking at replacing our UNIX Public DNS servers with Microsoft
> W2K3
>> | DNS servers. these servers will not be doing anything but Static DNS
> for
>> | our external name space. Does anyone know of an article or paper that
> talks
>> | about hardening or bastionizing a Windows 2K3 DNS server for public
>> | exposure?
>> |
>> |
>> | Thanks,
>> | Fred
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.windowsnt.domain,microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

In news:OmsaqOgrFHA.3264@TK2MSFTNGP12.phx.gbl,
Deji Akomolafe <noemail@akomolafe.dotcom> made this post, which I then
commented about below:
> Something like this:
> http://www.akomolafe.com/Portals/1/Docs/guide_to_securing_microsoft_windows_2000_dns.pdf

Deji,

Nice article. Assuming 2000 and 2003 are similar, if not the same, is there
a new one out for Win2003?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.windowsnt.domain,microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

Sorry, Ace - been away from keyboard ;)

No, I don't have a 2K3 version yet. I am not aware of the existence of one.
But the fundamental premises will be the same anyway, so one should be able
to port the knowledge from this version over to a 2K3 DNS.

--

Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:OyGqORnrFHA.3440@TK2MSFTNGP10.phx.gbl...
> In news:OmsaqOgrFHA.3264@TK2MSFTNGP12.phx.gbl,
> Deji Akomolafe <noemail@akomolafe.dotcom> made this post, which I then
> commented about below:
>> Something like this:
>> http://www.akomolafe.com/Portals/1/Docs/guide_to_securing_microsoft_windows_2000_dns.pdf
>
> Deji,
>
> Nice article. Assuming 2000 and 2003 are similar, if not the same, is
> there
> a new one out for Win2003?
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
> Infinite Diversities in Infinite Combinations.
> =================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns,microsoft.public.windowsnt.domain,microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

In news:uoKIcUwrFHA.3884@TK2MSFTNGP11.phx.gbl,
Deji Akomolafe <noemail@akomolafe.dotcom> made this post, which I then
commented about below:
> Sorry, Ace - been away from keyboard ;)
>
> No, I don't have a 2K3 version yet. I am not aware of the existence
> of one. But the fundamental premises will be the same anyway, so one
> should be able to port the knowledge from this version over to a 2K3
> DNS.

Cool. Since they are very similar, we can use this as a guide, and apply
security common sense for any of the new features that 2003 has over 2000.

I know, someone will probably ask what is 'security common sense' and how do
we apply common sense security concerns to any of the new features, some may
ask? I guess it comes down to security or experience level and understanding
Windows.

Ace