Errata

Securing Windows NT/2000 Servers for the Internet

Errata for Securing Windows NT/2000 Servers for the Internet

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted By Date submitted Date corrected
Printed
Page x

In the second line of the last paragraph, changed "(over 700 pages)" to "(over 7,000 pages)."

 Anonymous    Apr 01, 2001
Printed
Page 16
The last sentence of the first paragraph

under the heading "The Windows NT/2000 Architectures" did read:

"I particularly recommend Inside Windows NT, Third Edition by James
D. Murray (O'Reilly & Associates, 1999)."

Now reads:

"I particularly recommend Inside Windows 2000, Third Edition, by David
A. Solomon and Mark E. Russinovich (Microsoft Press, 2000)."

 Anonymous    Apr 01, 2001
Printed
Page 50
In the table at the bottom of the page

In the table at the bottom of the page changed "REG_DWORD" to "REG_SZ".

 Anonymous    Apr 01, 2001
Printed
Page 51
last column of the table

In the last column of the table, deleted the period after "Warning".

 Anonymous    Jan 01, 2001
Printed
Page 72
In the first column of the table at the bottom of the page, changed

"EnableICMPRedirects" to "EnableICMPRedirect".

 Anonymous    Jan 01, 2001
Printed
Page 85
after the "Configuring Complex Passwords" section

The following text should be inserted after the "Configuring Complex Passwords" section:

Setting Winlogon Options

The registry path for the DontDisplayLastUserName setting has changed
in Windows 2000. I recommend changing the following registry value:

Value Name | Type | Recommended
| | Value
---------------------------------------------------------------------
HKLMSoftwareMicrosoftWindows | REG_DWORD | 1
CurrentVersionPoliciesSystem | |
DontDisplayLastUserName | |
---------------------------------------------------------------------

 Anonymous   
Printed
Page 116

The following sentence has been added at the end of the Tip
"Note that Rdpclip does not work with the new Terminal Services
Advanced Client."

 Anonymous    Apr 01, 2001
Printed
Page 117
Lines 7-8 of the third paragraph

Lines 7-8 of the third paragraph did read
"...is available from the Franken Archives FTP site (ftp://ftp.franken.
de/pub/win32/develop/gnuwin32/cygwin/porters/Vinschen_Corinna/V1.1.1/)"

Now reads:

"...is available from the Cygwin web site (http://www.cygwin.com/
openssh.html) or from the OpenSSH web site (http://www.openssh.com/
portable.html)

 Anonymous    Apr 01, 2001
Printed
Page 124
Table 4-4

In the first column of Table 4-4, changed "sh.exe" to "ssh.exe".

 Anonymous    Jan 01, 2001
Printed
Page 143
The description for /v did read

"Indicates that the backup should perform a verify operation after
the restore."

Now reads:

"Indicates that a verify operation should be performed after the
backup."

 Anonymous    Apr 01, 2001
Printed
Page 150
Figure 6-3 has been replaced with a screenshot that matches its caption

("Audit Policy settings in Windows 2000").

 Anonymous    Apr 01, 2001
Printed
Page 150-151
The first column's heading has been changed from "Type of Event" to

"Audit Setting (NT/Win2000)." The values in this column now read:

Logon and Logoff/
Audit logon events

File and Object Access/
Audit object access

Use of User Rights/
Audit privilege use

User and Group Management/
Audit account management

Security Policy Changes/
Audit policy changes

Restart, Shutdown and System/
Audit system events

Process Tracking/
Audit process tracking

 Anonymous    Apr 01, 2001
Printed
Page 151
The following entry should be added to Table 6-1

Audit Setting Success Failure Recommended Setting
--------------------------------------------------------------------------

Audit directory Active Directory Active Directory None on a bastion
service access objects with objects with host. This new
(Windows 2000 matching SACLs matching SACLs Windows 2000 audit
only) will be audited will be audited setting is applicable
on success (per- on failure (per- only to domain
mission granted). mission denied). controllers. When
enabled, it audits
authentication
requests it receives
over the network.

 Anonymous   
Printed
Page 151
Added the following entry at the end of Table 6-1

Audit Setting Success Failure Recommended Setting
--------------------------------------------------------------------------

Audit account Successful net- Failed network None on a bastion
logon events work logon logon attempts host. This new
(Windows 2000 attempts will be will be audited. Windows 2000 audit
only) audited. setting is applicable
only to domain
controllers. When
enabled, it audits
authentication
requests it receives
over the network.

 Anonymous    Apr 01, 2001
Printed
Page 157
Example 6-1: The example name should end with ntp.conf (and not

ntpd.conf).

 Anonymous   
Printed
Page 160
The web site sabernet.net does not exist anymore. The sentence

beginning with "Mr Rhoads..." Should now read: "The NTsyslog can be
downloaded from SourceForge http://ntsyslog.sourceforge.net/"

 Anonymous   
Printed
Page 161
In the 2nd entry in the 1st column in the table at the top of the page,

changed "Syslog" to "Syslog1".

 Anonymous    Jan 01, 2001
Printed
Page 182
The second sentence under TCP Wrappers did read

"However, a trusted copy is available at CERT's FTP site
(ftp://ftp.cert.org/pub/tools/tcp_wrappers/tcp_wrappers_7.6.tar.gz)."

Now reads:

"However, a trusted copy is available at the Swedish University
Computer Network FTP site (ftp://ftp.sunet.se/pub/unix/security/
tcp_wrappers_7.6.tar.gz)."

 Anonymous    Jan 01, 2001
Printed
Page 182
Changed the URL in the "OpenSSH" section to http://www.openssh.com/

portable.html. Delete the "OpenSSH and OpenSSL Cygwin patches" section.

Anonymous    Apr 01, 2001
Printed
Page 183
In the 4th line of Example C-1, changed "Cygwin" to "cygwin".

Anonymous    Jan 01, 2001
Printed
Page 183
In Example C-1, deleted the 5th line of code


$ strip *.exe *.a

Anonymous    Jan 01, 2001
Printed
Page 183
Deleted the last two sentences in the Tip ("Perl is also...").

Anonymous    Apr 01, 2001
Printed
Page 183
Example C-2 now reads

$ tar zxvf openssl-0.9.6.tar.gz

$ cd openssl-0.9.6

$ ./Configure no-threads CygWin32

$ make

$ make test #optional

 Anonymous    Apr 01, 2001
Printed
Page 184
At the end of the second code line in Example C-3, changed "0.9.5" to

"0.9.6".

 Anonymous    Apr 01, 2001