Windows 2000: still planning to use it?

Hello
I am in this situation:

I have still ready to use 5 "old" servers:

Dell PE2550:
2xP3 1000 and 1266
4gb ram
integrated Perc 3Di Raid Controller with 128mb cache and battery
2x18,2Gb (for the OS)
2x36Gb (for the data)
RAID 1 configuration

Dell PE6450
4x P3 Xeon 700
8gb Ram
Integrated Raid controller with 128mb cache (no battery)
2x18,2Gb (for the OS)
2x36Gb (for the data)
RAID 1 configuration

-----------------------
All of these server has the Windows 2000 server and Win 2000 Adv Server
(PE6450) OEM on them.

I know that Windows 2000 server is an old OS, but still supported (SP4+
SRP1v2).

I plan to install on these boxes some Mail Servers, using hmailserver, and
as database engine, maybe Ms Sql 2005 Express or standar edition (wich works
on Windows 2000).

If I have in front of them one hardware firewall (cisco) that I configure,
and I will permit just port 25/80 - webmail/110/443 webmail ssl) and 3389
tcp (only from my ip) , do you think that I could stay secure?

Windows update enabled with auto update, I can lockdown the machine
(disabling netbios, port 445, etc), I could also enable the TCP/IP filtering
feature on the server to protect it more.


I don't have now budget to buy new licenses for Windows 2003 / 2008 (wich
goes on these machines) and I have the server fully licensed with Windows
2000 server/adv server.

Since the server are actually full-expanded (maximum ram, etc) do you think
I could use them with windows 2000 and sleep withouth nightmares?

thank to you all.

Mr. Spadoni from Italy

 

Hello Elia,

Extended Support for windows 2000 end's 13.7.2010.

Windows 200 is still a good running product so you can use it as long as
you like. But keep in mind that also new applications are not longer designed
for 2000.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello
> I am in this situation:
> I have still ready to use 5 "old" servers:
>
> Dell PE2550:
> 2xP3 1000 and 1266
> 4gb ram
> integrated Perc 3Di Raid Controller with 128mb cache and battery
> 2x18,2Gb (for the OS)
> 2x36Gb (for the data)
> RAID 1 configuration
> Dell PE6450
> 4x P3 Xeon 700
> 8gb Ram
> Integrated Raid controller with 128mb cache (no battery)
> 2x18,2Gb (for the OS)
> 2x36Gb (for the data)
> RAID 1 configuration
> -----------------------
> All of these server has the Windows 2000 server and Win 2000 Adv
> Server
> (PE6450) OEM on them.
> I know that Windows 2000 server is an old OS, but still supported
> (SP4+ SRP1v2).
>
> I plan to install on these boxes some Mail Servers, using hmailserver,
> and as database engine, maybe Ms Sql 2005 Express or standar edition
> (wich works on Windows 2000).
>
> If I have in front of them one hardware firewall (cisco) that I
> configure, and I will permit just port 25/80 - webmail/110/443 webmail
> ssl) and 3389 tcp (only from my ip) , do you think that I could stay
> secure?
>
> Windows update enabled with auto update, I can lockdown the machine
> (disabling netbios, port 445, etc), I could also enable the TCP/IP
> filtering feature on the server to protect it more.
>
> I don't have now budget to buy new licenses for Windows 2003 / 2008
> (wich goes on these machines) and I have the server fully licensed
> with Windows 2000 server/adv server.
>
> Since the server are actually full-expanded (maximum ram, etc) do you
> think I could use them with windows 2000 and sleep withouth
> nightmares?
>
> thank to you all.
>
> Mr. Spadoni from Italy
>

 

Hello Meinolf, thank you for your rapid answer.

Since my apps needs (currently, and I don't plan great changes in the near
future) .NET framework 2.0; PERL language and PHP, I think that that could
continue to run there on IIS.

What about securing Windows 2000?

 

Well.. I talked about securing from the network perspective.
I have installed the SP4, the SRPv2 and all the latest updates via windows
update.

Disabled some unneeded services, disabled Port 445 via the WWDC.exe app

I enabled then the tcp/ip filtering, but I have some troubles with the tcp
ip established packets.. I need to implement one IPSEC filter to better
secure the machine.

Do I need something more?

 

Hello Elia,

Don't know what WWDC.exe is but securing your network is not done with just
closing one port. You should run a hardware firewall like CISCO PIX/ASA or
at least MS ISA server to protect your network to the outside.

Also see here about ipsec:
http://support.microsoft.com/kb/252735

http://articles.techrepublic.com.com/5100-10878_11-1048051.html

http://www.chicagotech.net/ipsec.htm

http://www.securityfocus.com/infocus/1519

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Well.. I talked about securing from the network perspective.
> I have installed the SP4, the SRPv2 and all the latest updates via
> windows
> update.
> Disabled some unneeded services, disabled Port 445 via the WWDC.exe
> app
>
> I enabled then the tcp/ip filtering, but I have some troubles with the
> tcp ip established packets.. I need to implement one IPSEC filter to
> better secure the machine.
>
> Do I need something more?
>

 

Hello

WDDC.exe is an app created to disable the unsecure services for the public
accessible network.

I plan to put an hardware cisco firewall in front of it, but I would like to
secure more the machine with an IPSEC filter on it (no more tcp ip filtering
since I have troubles with TCP established traffic).

So:

server secured with a firewall in front of it
ipsec filter ON IT to permit just the doors required.

ok now?


"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel messaggio
news:ff16fb6621c448cb9938c7fddf31@msnews.microsoft.com...
> Hello Elia,
>
> Don't know what WWDC.exe is but securing your network is not done with
> just closing one port. You should run a hardware firewall like CISCO
> PIX/ASA or at least MS ISA server to protect your network to the outside.
>
> Also see here about ipsec:
> http://support.microsoft.com/kb/252735
>
> http://articles.techrepublic.com.com/5100-10878_11-1048051.html
>
> http://www.chicagotech.net/ipsec.htm
>
> http://www.securityfocus.com/infocus/1519
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Well.. I talked about securing from the network perspective.
>> I have installed the SP4, the SRPv2 and all the latest updates via
>> windows
>> update.
>> Disabled some unneeded services, disabled Port 445 via the WWDC.exe
>> app
>>
>> I enabled then the tcp/ip filtering, but I have some troubles with the
>> tcp ip established packets.. I need to implement one IPSEC filter to
>> better secure the machine.
>>
>> Do I need something more?
>>
>
>