Securing Windows NT/2000 Servers for the Internet

Errata for Securing Windows NT/2000 Servers for the Internet

Submit your own errata for this product.


The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question Note Update



Version Location Description Submitted By Date Submitted Date Corrected
Printed
Page x

In the second line of the last paragraph, changed "(over 700 pages)" to "(over 7,000 pages)."

Anonymous    Apr 01, 2001
Printed
Page 16
The last sentence of the first paragraph

under the heading "The Windows NT/2000 Architectures" did read: "I particularly recommend Inside Windows NT, Third Edition by James D. Murray (O'Reilly & Associates, 1999)." Now reads: "I particularly recommend Inside Windows 2000, Third Edition, by David A. Solomon and Mark E. Russinovich (Microsoft Press, 2000)."

Anonymous    Apr 01, 2001
Printed
Page 50
In the table at the bottom of the page

In the table at the bottom of the page changed "REG_DWORD" to "REG_SZ".

Anonymous    Apr 01, 2001
Printed
Page 51
last column of the table

In the last column of the table, deleted the period after "Warning".

Anonymous    Jan 01, 2001
Printed
Page 72
In the first column of the table at the bottom of the page, changed

"EnableICMPRedirects" to "EnableICMPRedirect".

Anonymous    Jan 01, 2001
Printed
Page 85
after the "Configuring Complex Passwords" section

The following text should be inserted after the "Configuring Complex Passwords" section: Setting Winlogon Options The registry path for the DontDisplayLastUserName setting has changed in Windows 2000. I recommend changing the following registry value: Value Name | Type | Recommended | | Value --------------------------------------------------------------------- HKLMSoftwareMicrosoftWindows | REG_DWORD | 1 CurrentVersionPoliciesSystem | | DontDisplayLastUserName | | ---------------------------------------------------------------------

Anonymous   
Printed
Page 116

The following sentence has been added at the end of the Tip "Note that Rdpclip does not work with the new Terminal Services Advanced Client."

Anonymous    Apr 01, 2001
Printed
Page 117
Lines 7-8 of the third paragraph

Lines 7-8 of the third paragraph did read "...is available from the Franken Archives FTP site (ftp://ftp.franken. de/pub/win32/develop/gnuwin32/cygwin/porters/Vinschen_Corinna/V1.1.1/)" Now reads: "...is available from the Cygwin web site (http://www.cygwin.com/ openssh.html) or from the OpenSSH web site (http://www.openssh.com/ portable.html)

Anonymous    Apr 01, 2001
Printed
Page 124
Table 4-4

In the first column of Table 4-4, changed "sh.exe" to "ssh.exe".

Anonymous    Jan 01, 2001
Printed
Page 143
The description for /v did read

"Indicates that the backup should perform a verify operation after the restore." Now reads: "Indicates that a verify operation should be performed after the backup."

Anonymous    Apr 01, 2001
Printed
Page 150
Figure 6-3 has been replaced with a screenshot that matches its caption

("Audit Policy settings in Windows 2000").

Anonymous    Apr 01, 2001
Printed
Page 150-151
The first column's heading has been changed from "Type of Event" to

"Audit Setting (NT/Win2000)." The values in this column now read: Logon and Logoff/ Audit logon events File and Object Access/ Audit object access Use of User Rights/ Audit privilege use User and Group Management/ Audit account management Security Policy Changes/ Audit policy changes Restart, Shutdown and System/ Audit system events Process Tracking/ Audit process tracking

Anonymous    Apr 01, 2001
Printed
Page 151
The following entry should be added to Table 6-1

Audit Setting Success Failure Recommended Setting -------------------------------------------------------------------------- Audit directory Active Directory Active Directory None on a bastion service access objects with objects with host. This new (Windows 2000 matching SACLs matching SACLs Windows 2000 audit only) will be audited will be audited setting is applicable on success (per- on failure (per- only to domain mission granted). mission denied). controllers. When enabled, it audits authentication requests it receives over the network.

Anonymous   
Printed
Page 151
Added the following entry at the end of Table 6-1

Audit Setting Success Failure Recommended Setting -------------------------------------------------------------------------- Audit account Successful net- Failed network None on a bastion logon events work logon logon attempts host. This new (Windows 2000 attempts will be will be audited. Windows 2000 audit only) audited. setting is applicable only to domain controllers. When enabled, it audits authentication requests it receives over the network.

Anonymous    Apr 01, 2001
Printed
Page 157
Example 6-1: The example name should end with ntp.conf (and not

ntpd.conf).

Anonymous   
Printed
Page 160
The web site sabernet.net does not exist anymore. The sentence

beginning with "Mr Rhoads..." Should now read: "The NTsyslog can be downloaded from SourceForge http://ntsyslog.sourceforge.net/"

Anonymous   
Printed
Page 161
In the 2nd entry in the 1st column in the table at the top of the page,

changed "Syslog" to "Syslog1".

Anonymous    Jan 01, 2001
Printed
Page 182
The second sentence under TCP Wrappers did read

"However, a trusted copy is available at CERT's FTP site (ftp://ftp.cert.org/pub/tools/tcp_wrappers/tcp_wrappers_7.6.tar.gz)." Now reads: "However, a trusted copy is available at the Swedish University Computer Network FTP site (ftp://ftp.sunet.se/pub/unix/security/ tcp_wrappers_7.6.tar.gz)."

Anonymous    Jan 01, 2001
Printed
Page 182
Changed the URL in the "OpenSSH" section to http://www.openssh.com/

portable.html. Delete the "OpenSSH and OpenSSL Cygwin patches" section.

Anonymous    Apr 01, 2001
Printed
Page 183
In the 4th line of Example C-1, changed "Cygwin" to "cygwin".

Anonymous    Jan 01, 2001
Printed
Page 183
In Example C-1, deleted the 5th line of code

$ strip *.exe *.a

Anonymous    Jan 01, 2001
Printed
Page 183
Deleted the last two sentences in the Tip ("Perl is also...").

Anonymous    Apr 01, 2001
Printed
Page 183
Example C-2 now reads

$ tar zxvf openssl-0.9.6.tar.gz $ cd openssl-0.9.6 $ ./Configure no-threads CygWin32 $ make $ make test #optional

Anonymous    Apr 01, 2001
Printed
Page 184
At the end of the second code line in Example C-3, changed "0.9.5" to

"0.9.6".

Anonymous    Apr 01, 2001