This chapter describes the differences between Windows NT and Windows 2000 that you need to be aware of when you build your Windows 2000 bastion host. The chapter isn’t a self-contained description of building a bastion host. I assume here that you’ve read Chapter 2, and I focus only on the differences between the two systems, particularly the new network features in Windows 2000.
This chapter also contains an introduction to the IPSec implementation in Windows 2000. IPSec can be used to build virtual private networks (VPNs) for remote access to company internal information. It can also be used to establish secure extranets with business partners over the Internet. The IPSec gateway will then be a part of your perimeter network and should be configured as a bastion host.
IPSec can also be used to control access to your Windows 2000 systems in a more sophisticated manner than the TCP/IP IP Security feature covered in Chapter 2.
Even though Windows 2000 is a major rewrite of the NT 4.0 code base, very little of the rewritten code actually affects our work on the bastion host. The hardening process is performed in almost exactly the same way on the two systems. Once you master the NT 4.0 process, you should be able to build a Windows 2000 bastion host too.
The following sections describe the few differences you need to know about.
The installation process on Windows 2000 is started ...