Book Review - Securing Windows NT/2000 Servers

Networking/Security Forums -> News // Columns // Articles

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Nov 04, 2003 1:06 am    Post subject: Book Review - Securing Windows NT/2000 Servers
    ----
Securing Windows NT/2000 Servers for the Internet

Author(s): Stefan Norberg
Publisher: O’Reilly
URL: http://www.oreilly.com/catalog/securwinserv/
Book Specifications: Soft-Cover, 199 pages
Category: Windows Security
User Level: Familiarity with Windows
Suggested Publisher Price: $29.95 USA/ $43.95 CAN/ £14.67 Net UK (inc of VAT)
ISBN: 1-56592-768-0
Amazon.co.uk: Securing Windows NT/2000 Servers
Amazon.com: Securing Windows NT/2000 Servers



Info from Back: "In recent years, Windows NT and Windows 2000 systems have emerged as viable platforms for Internet servers. More and more organisations are now entrusting the full spectrum of business activities (including e-commerce) to Windows. Unfortunately, the typical Windows NT/2000 installation makes a Windows server an easy target for attack. This book simplifies the challenging job of securing a Windows server by paring down installation and configuration instructions into a series of checklists aimed at Windows administrators.”

Introduction

I was interested in this book as securing Windows 2000 is probably one of my strongest areas and I wrote one of the first easy to use but fairly comprehensive papers on securing it HERE. Forearmed with my knowledge I was wondering if this book could teach me any new tricks or tactics that I was unaware of. As mentioned in the blurb on the back Windows has become a viable Internet facing server (with the d^Hevolution of IIS and the advent of ASP) so securing it has become paramount. MS-SQL has also become a powerful database so there are many reasons for a Windows machine to become a bastion host, for the uninitiated a bastion host is a super secure public facing machine that only runs at best 1 service, or none and simple screens connections into the interior network.

This book does cover a narrow area, but a very important area especially if you or your organisation uses IIS for a webserver or even Apache on Windows. Locking down your Win2k server tight is an important job and this book covers all the avenues.

Content

ChaptersThis is a complete chapter list (without subsections), a full Table of Contents can be found HERE and there is a nice sample chapter HERE.

The book covers a good amount of topics including some detailed stuff on remote administration such as setting up VNC over an SSH tunnel (the only secure way to do it!) and how to secure Terminal Services. It goes fairly in depth into some registry tweaks, fairly well known stuff such as SYN flooding protection and some things I haven't seen before such as how to disable IRDP and tweaking the TCP/IP retransmission variables.

Due to the base operating system not changing much most of the information in the book is still valid. There is excellent information on open source tools such as ntp (what good are your logs if the time is out?), cygwin, TCP wrappers and ssh. Some things are skimmed over a little but there are plenty of references in the book to whitepapers and web pages with more info, to get the most out of this book I'd suggest reading all of these as well.

The chapter on auditing is excellent covering remote logging and log management, integrity checking a brief section on network intrusion detection systems. Throughout the book owls are used to indicate types or general notes and peacocks to show warnings or cautions. This is a useful visual indicator of what to look out for. Contained in the Appendixes are an invaluable port list of common Windows services and a list of security related Knowledge Base articles.

Style and Detail

As with all O'Reilly books it's written in a very clear and concise style with good use of diagrams, tables and screen grabs where necessary. The writing is fairly formal and technical, which suites this book well as it's written as a kind of check list, a quick guide rather than something to digest and understand. The succinct nature of the book makes it easy to look through and extract the information you need, it would make a good reference for any time you happen to be setting up a Win2k as a bastion or any kind of server in a DMZ for example.

The diagrams are nice and clear and mostly used to show network layout and to help explain some parts in the cryptography section which covers IPSec. There are plenty of screenshots for all the functions in NT and Win2k and for the 3rd party software such as VNC and PCAnywhere. There is a good amount of detail where needed such as the explanation of which registry keys to change, command line options for ssh, packet dumps from windump and advanced IPSec options.

Conclusion

I would recommend anyone involved in setting up Windows2000 or NT in a professional environment to have a copy of this book on their shelf. It could prove to be an invaluable resource for securing your servers and also gives you a good overall view of generic information security best practices. It covers everything it needs, but perhaps could of considered some other common Windows issues such as IIS/IIS-FTP and maybe Exchange, but perhaps those are worthy of books on their own.

As far as the target audience goes it's aimed specifically at one area, the audience being any kind of system or network administrator that deals with Windows NT or 2000 servers.

I give this book a "worth a look" SFDC 7/10.



Keywords for this post: Securing Windows NT/2000 Servers for the Internet OReilly O'Reilly Win2k WinNT

This review is copyright 2003 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.


Last edited by ShaolinTiger on Sun Jan 18, 2004 9:14 pm; edited 3 times in total

Author: alt.don PostPosted: Tue Nov 04, 2003 1:54 am    Post subject:
    ----
How many registry tweaks are there in the book? As well is there a separate section devoted to these reg tweaks?

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Wed Nov 05, 2003 2:46 am    Post subject:
    ----
alt.don wrote:
How many registry tweaks are there in the book?


Quite a lot actually with a lot of detail, multiple tweak options for each Registry setting.

alt.don wrote:

As well is there a separate section devoted to these reg tweaks?


No they are distributed through-out the book in their relevant sections (NT/2000/TCP-IP etc.)



Networking/Security Forums -> News // Columns // Articles


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group