Windows Security
  Home arrow Windows Security arrow Page 2 - Windows 2000 Security
ASP Free Forums 
.NET  
ASP  
ASP Code  
ASP.NET  
ASP.NET Code  
BrainDump  
C#  
Code Examples  
Database  
Database Code  
IIS  
Microsoft Access  
MS SQL Server  
Visual Basic.NET  
Windows Scripting  
Windows Security  
XML  
ASP Web Hosting  
ASP.NET Web Hosting 
Dedicated Servers 
Moblin 
JMSL Numerical Library 
Windows Web Hosting
 
IBM® developerWorks 
Sun Developer Network 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WINDOWS SECURITY

Windows 2000 Security
By: Apress Publishing
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 4 stars4 stars4 stars4 stars4 stars / 8
    2004-12-01

    Table of Contents:
  • Windows 2000 Security
  • Critical Updates and Security Hotfixes
  • Security Templates
  • Recommended Security Policy Settings
  • Shut Down Without Logon
  • Other Security Considerations
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Windows 2000 Security - Critical Updates and Security Hotfixes
    (Page 2 of 6 )

    Of course, it takes time to create service packs and test them for wide distribution. And it seems new bugs and security vulnerabilities are discovered on a daily basis, if not more often. To address these problems, Microsoft releases “hotfixes,” which patch specific problems. Normally, these aren’t as widely tested as service packs, which have formal technical beta programs with thousands of testers with various systems and implementations, and they sometimes can cause instability. However, a cogent risk versus reward analysis would generally lead a prudent administrator to believe that applying hotfixes is a good protective measure.

    There are a couple of different ways to get your systems updated with the latest hotfix files. As described earlier in this chapter, you can visit Windows Update (http://www.windowsupdate.com) and dynamically receive any updates that Microsoft deems important. Also, with Windows 2000 Service Pack 3 and all versions of Windows XP Home and Professional, the Critical Update Notification (CUN) service is available. This tool periodically checks the Windows Update catalog for new updates and alerts you to their presence. Upon installation of either the service pack or Windows XP itself, you should be prompted to configure this service.

    Managing Critical Updates Across Multiple Computers

    While the CUN tool and Windows Update are nice for individual users and small organizations, there is a more appropriate tool for network administrators. Microsoft has licensed a utility from Shavlik Technologies called HFNetChk. HFNetChk is a command-line tool that scans client computers for installed updates and patches. The comparison is based on an XML file of all available updates and the criteria for those updates, and Microsoft constantly updates the list.

    The first time you run the tool, the tool will download the signed XML file, verify its authenticity, and decompress the file. HFNetChk then scans the selected computers to figure out the level of the operating system, service packs, and programs installed on the systems. HFNetChk looks at three aspects of your system to determine if a patch is installed: the Registry key that’s installed by the patch, the file version, and the checksum for each file that’s installed by the patch. By default, HFNetChk compares the files and Registry details on the computer that’s being scanned to the XML file it downloads. If any of the three criteria discussed previously aren’t satisfied, the tool considers the associated patch to be absent, and the results are displayed on the console. In the default configuration, HFNetChk output displays only those patches that are necessary to bring your computer up to date.

    To use the tool, enter and run hfnetchk from the command line. Table 3-1 lists some command-line switches and their use.

    SWITCHFUNCTION

    -h

    		Specifies the NetBIOS computer name to scan. Separate multiple host names with a comma. Example: hfnetchk -h computer1, computer2, server1, server2
    -fhSpecifies the name of a file that contains NetBIOS computer names to scan, with one computer name on every line and up to 256 listings in the file. Example: hfnetchk -fh computers_to_scan.txt
    -iSpecifies the Internet Protocol (IP) address of the computer to scan. Separate multiple IP addresses with a comma. Example: hfnetchk -i 172.16.1.10, 172.16.1.50, 192.168.1.10

    -fip

    		Specifies the name of a file that contains addresses to scan, with one IP address for every line and up to 256 listings in a file. Example: hfnetchk -fip IP_addresses_to_scan.txt
    -rSpecifies the IP address range to be scanned, starting with ipaddress1 and ending with ipaddress2 inclusive. Example: hfnetchk -r 172.16.1.1-172.16.1.35
    -dSpecifies that all computers in the NetBIOS domain name should be scanned. Example: hfnetchk -d

    -n

    		Scans all computers available on the network.
    -b>Scans only for those hotfixes marked as baseline critical by Microsoft. This switch requires the latest service pack to be installed.
    -oSpecifies the desired output format. “tab” outputs in tab-delimited format, which is useful for importing results into spreadsheets or databases. “wrap” outputs in a word-wrapped format. Example: hfnetchk -o tab

    -x

    		Specifies the XML data source that contains the hotfix information. The location may be an XML file name, compressed XML .cab file, or a Uniform Resource Locator (URL). Example: hfnetchk -x mssecure.xml

    This chapter is from Hardening Windows, by Jonathan Hassell (Apress, 2004, ISBN: 1-59059-266-2). Check it out at your favorite bookstore today.

    Buy this book now.

    Next: Security Templates >>
     

    More Windows Security Articles
    More By Apress Publishing


     
    >>> Be the FIRST to comment on this article!

    WINDOWS SECURITY ARTICLES

    - Advanced Data Protection in Windows
    - Basic Data Protection in Windows
    - Windows XP Security
    - Lucky You, Microsoft has Sent You an Email! ...
    - Implementing a PKI, Part III: Managing Micro...
    - Windows 2000 Security
    - A Security Roadmap
    - Implementing a Public Key Infrastructure (PK...
    - Hardening Communications
    - Windows Host Security: Network Security Hacks
    - Hardening Wireless LAN Connections, Part 2
    - Hardening Wireless LAN Connections Part 1
    - Windows Reverse Engineering
    - Microsoft's Latest Security Updates -- The G...
    - Cross Site Scripting (XSS): An Overview
    Find More Windows Security Articles




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway