Buy this Book
By Stefan Norberg
First Edition
November 2000
Pages: 216
ISBN 10: 1-56592-768-0 |
ISBN 13: 9781565927681
(Average of 7 Customer Reviews)
In recent years, Windows NT and 2000 systems have emerged as viable platforms for Internet servers, but securing Windows for Internet use is a complex task. This concise guide simplifies the task by paring down installation and configuration instructions into a series of security checklists for security administration, including hardening servers for use as "bastion hosts," performing secure remote administration with OpenSSH, TCP Wrappers, VNC, and the new Windows 2000 Terminal Services.
Full Description
In recent years, Windows NT and Windows 2000 systems have emerged as viable platforms for Internet servers. More and more organizations are now entrusting the full spectrum of business activities--including e-commerce--to Windows.
Unfortunately, the typical Windows NT/2000 installation makes a Windows server an easy target for attacks, and configuring Windows for secure Internet use is a complex task. Securing Windows NT/2000 Servers for the Internet suggests a two-part strategy to accomplish the task:
Browse within this book
- "Hardening" any Windows server that could potentially be exposed to attacks from the Internet, so the exposed system (known as a "bastion host") is as secure as it can be.
- Providing extra security protection for exposed systems by installing an additional network (known as a "perimeter network") that separates the Internet from an organization's internal networks.
- Introduction--Windows NT/2000 security threats, architecture of the Windows NT/2000 operating system and typical perimeter networks.
- How to build a Windows NT bastion host.
- Configuring Windows and network services, encrypting the password database, editing the registry, setting system policy characteristics, performing TCP/IP configuration, configuring administrative tools, and setting necessary permissions.
- Differences between Windows NT and Windows 2000 security including IPSec (IP Security Protocol) configuration.
- Secure remote administration--SSH, OpenSSH, TCP Wrappers, the Virtual Network Console, and the new Windows 2000 Terminal Services.
- Windows NT/2000 backup, recovery, auditing, and monitoring--event logs, the audit policy, time synchronization with NTP (Network Time Protocol), remote logging, integrity checking, and intrusion detection.
Cover | Table of Contents | Colophon
Featured customer reviews
Securing Windows NT/2000 Servers for the Internet Review, May 02 2003
Rating:
Submitted by Joel Maupin (AZDNUG.com)
[Respond | View]
I have just finished up the migration for our external web site form NT4 to Windows 2000. And of the plethora Windows 2000 Security Books on my Shelf this is the only book I would recommend. It is the only book I found, that explains in detail the processes you go through to develop secure Internet Servers. I have read in from cover to cover at least 3 times during the migration.
Securing Windows NT/2000 Servers for the Internet Review, November 01 2001
Rating:
Submitted by Jeremy Hinton
[Respond | View]
After digging through countless books on securing and maintaining WinNT/2K servers which are nothing more than rehashes of Microsoft tech notes and other material, this book is a godsend. Most other books seem content in the assumption that the Microsoft security procedures themselves are sufficient, and working within the framework is the best solution. Norberg rather follows the age old security practices of system minimalization and "bare metal" hardenning. For anyone coming from a UNIX background and frustrated with the seeming dependence on "full systems" advocated by most Microsoft security books, this book is just what the doctor ordered. Direct, useful, and enlightening, this book more than lives up to its O'Reilly name.
Securing Windows NT/2000 Servers for the Internet Review, August 15 2001
Rating:
Submitted by Joshua Daniel Franklin
[Respond | View]
This is an excellent book for anyone running an Internet-accessible Windows server. It focuses on perimeter "bastion hosts," but most of the tips are applicable if you just have a single machine running IIS as we do. Unfortunately the only advice on IIS itself the author gives is to install the latest security patches. (Well, that's not quite true. He also advises not running it unless absolutely necessary.) I also dilike his advice on installing Cygwin dlls and binaries in the Windows SYSTEM directory--a non-standard practice which will get you flamed on the Cygwin mailing list if you have any problems. I'd recommend installing Cygwin in c:\cygwin instead. It's easier to find and what Cygwin developers expect.
Securing Windows NT/2000 Servers for the Internet Review, July 15 2001
Rating:
Submitted by Brian Sommers
[Respond | View]
This is an excellent book, not only from the perspective of NT/2000 security, but also in presenting many IT security ideas in a clear way, easy to understand but nonetheless thorough.
Securing Windows NT/2000 Servers for the Internet Review, July 13 2001
Rating:
Submitted by Emmanuel Verbeeck
[Respond | View]
An extremely informative book on this complex subject. Not just a collection of recipes like many other Win2K security books, here you understand what and why. As usual with O'Reilly : concise, precise, complete, crystal clear. Recommended.
Securing Windows NT/2000 Servers for the Internet Review, April 12 2001
Rating:
Submitted by Luke Tymowski
[Respond | View]
Securing NT is difficult. While there are a handful of books that promise to tell you everything
you need to know, they have so far been disappointing. But with the publication of Securing
Windows NT/2000 Servers by Stefan Norberg, this is no longer true. Norberg explains simply
what the issues are, how to resolve the problems, and he offers his advice, based on
experience, on how best to tackle the problem.
Chapter 1 is especially good. Norberg gives you a broad overview of the security threats you
need to guard against, what you need to build a secure site, the design and security issues
facing NT and W2K (Norberg is quite critical of the design of NT), the problems you will face
putting NT/W2K servers on the Net, and the basics of cryptography. You won't be an expert
in anything after reading this chapter, but you will have a broad understanding of the issues
involved in securing a network, which will help you understand better the later, more detailed,
chapters.
Building an NT Bastion Host is the subject of Chapter 2. A bastion host is a very secure server
that provides a service to people on the Net. After reading this chapter you'll know everything
you need to know about building an NT bastion host and most everything you need to know
about doing the same for W2K. W2K is sufficiently similar with NT that most all of the base
steps are the same; however, there are some differences in W2K, and they are discussed in
Chapter 3.
Chapter 4 walks you through building a secure remote administration service for NT using
PCAnywhere, W2K Terminal Services, and open-source tools like SSH.
Chapter 5 is a very brief one, covering backup strategies for NT and W2K from a security
perspective.
Auditing your servers, synchronising the time, remote logging and log management, integrity
checking, and intrusion detection systems are the subject of Chapter 6. While it's short, it does
give you a basic understanding of the issues, how to go about them, and where to look for more
information.
The book ends with Chapter 7, Maintaining your Perimeter Network. Building your network is
the easy part. Maintaining your network to ensure that it remains secure while you add new
services and change existing ones is more difficult.
Appendix A summarises popular ports used by NT, W2K, and various Microsoft server
products like SQL Server and Exchange. It doesn't list ones used by Lotus Domino, for
example, which seems peculiar. Domino is sufficiently popular that more than one or two NT
sysadmins need to worry about it.
Appendix B lists all security-related Knowledge Base articles for NT and W2K. At least, ones
current at the time the book was printed.
After reading the book you'll know most everything you need to know about securing your
Microsoft-based network. It's a lot of work as neither NT nor W2K are secure or nearly secure
out-of-the-box.
But this book is the best to date on the subject, and I cannot recommend it
highly enough.
Securing Windows NT/2000 Servers for the Internet Review, December 07 2000
Rating:
Submitted by Bill Squires
[Respond | View]
Well, I *tried* a pre-publication "review" of this book, based on similar documents on the author's website. But, somebody deleted it. Probably prudent, from the publisher's perspective. Now that the the University of Washington Bookstore has finally gotten me a copy....
Anyhow, this is the equivalent of Will Strunk's and Andy White's _Elements of Style_ for practical Win2K Internet Security. Buy it, read it, read it again, and pass it on.
Media reviews
"O'Reilly continues to produce excellent reference material, and this book is another example. If you are responsible for Windows NT or 2000 security, this book is a must-read."
--Mathias Thurman, Computerworld, Jan 7, 2002
"Stefan Norberg has produced in this work one of the thinner O'Reilly books, but it is no less filled with information...it has long been touted as 'impossible' to properly secure Windows NT Servers for the World Wide Web, particularly. Norberg not only does great justice to the case that it is possible, but he also lays out the roadmap for those endeavoring to do so...this book will certainly end up being a mandatory addition to any system administrator's bookshelf in the work cubicle."
--Christopher Rennie, Library & Archival Security, Vol 17, Number 1, 2001
"Very highly recommended for systems administrators and the non-specialist general users concerned with security issues, 'Securing Windows NT/2000 Servers For The Internet' covers every aspect of building Windows 2000 security systems is comprehensively presented."
--Fatbrain.com, April 2001
