Any questions and/or comments can be directed to myself:

Jay Fougere
NetworkNewz Editor

I was going to write a simple article about the basics of securing a (freshly installed) web server using Windows 2000 Server as the operating system. Soon it occurred to me that there is more here than can be kept simple, yet in depth enough to be useful. It was then that I decided to "start at the beginning and continue through to the end". Welcome to security basics.

The first thing that I see as a problem usually does not involve expert cracking. Freely available on the internet are many programs that focus on specific vulnerabilities in a particular operating system, protocol or other feature of your network. Most "cracks" involve something as simple as a Trojan horse, which will leave a backdoor account open to the cracker. Young teenagers have been known to utilize such tools effectively against some corporate giants. It is because of these types of attacks that users (even if it is your family hooked up to a small LAN on a cable modem) need to be educated about some basics that will stop most typical hackers.

First of all, lets talk about passwords. Many of these tools that I have mentioned will expose "null" passwords. This means that if you do not enter a password when you log in as "root" or "administrator" these scanners will show that to the potential offender, and then the hacker has control of your system. There are many schools of thought on how complex a password should be. We won't go there. It depends entirely on your data and how secure you want your system to be. Generally speaking, eight characters in length with a mix of upper and lower case letters, numbers, and symbols such as "_" or "-" will bring most brute force cracking engines to their knees, or at least keep them busy for an awful long time.