In recent years, Windows NT and Windows 2000 systems have emerged as viable platforms for Internet servers. More and more organizations are now entrusting the full spectrum of business activities--including e-commerce--to Windows. Unfortunately, the typical Windows NT/2000 installation makes a Windows server an easy target for attacks, and configuring Windows for secure Internet use is a complex task. Securing Windows NT/2000 Servers for the Internet suggests a two-part strategy to accomplish the task:

• "Hardening" any Windows server that could potentially be exposed to attacks from the Internet, so the exposed system (known as a "bastion host") is as secure as it can be.

• Providing extra security protection for exposed systems by installing an additional network (known as a "perimeter network") that separates the Internet from an organization's internal networks.

• Introduction--Windows NT/2000 security threats, architecture of the Windows NT/2000 operating system and typical perimeter networks.

• How to build a Windows NT bastion host.

• Configuring Windows and network services, encrypting the password database, editing the registry, setting system policy characteristics, performing TCP/IP configuration, configuring administrative tools, and setting necessary permissions.

• Differences between Windows NT and Windows 2000 security including IPSec (IP Security Protocol) configuration.

• Secure remote administration--SSH, OpenSSH, TCP Wrappers, the Virtual Network Console, and the new Windows 2000 Terminal Services.

• Windows NT/2000 backup, recovery, auditing, and monitoring--event logs, the audit policy, time synchronization with NTP (Network Time Protocol), remote logging, integrity checking, and intrusion detection.

Securing Windows NT/2000 Servers for the Internet is a concise guide that pares down installation and configuration instructions into a series of checklists aimed at Windows administrators. Topics include: Administrators who carefully follow the detailed instructions provided in this book will dramatically increase the security of their Windows NT/2000 Internet servers.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 11 Ratings

An important resource - 2002-01-24
Reviewer Rating:
As network security becomes more and more important, it's nice to see something very specific to Windows NT/2000. Yes, this is a book for specific architecture, but actually would be a very good resource if you are moving into the Windows area especially from an UNIX background. What you take away more than anything else from the book is that the only way to be really secure is to close almost everything, and that's what the author shows. Their setup is an ideal world - a server dedicated to just being secure with some services, and you are shown step by step what is good to have on and what is not.

It is important more so because it gives you a reference point to learn more and try to close holes that you can. There are often a number of services and potential entrance points that are left open by default, or may be open, but you are not using them. So close 'em! You may not be 100% secure then, but 50% secure is better than open and flapping to the digital world.

The book is the kind you skim from cover to cover, then go back and read what you want to know more about, and return to it again and again as reference. It has been invaluable to my knowledge and has given me starting off points to pursue specific areas of security. I hope the book is updated when .NET starts to really spread out. Until then, this helps point us to where we can put up more defense. Knowledge is your best tool to fight insecurity, and this is an excellent tool in your kit.

Starting from scratch? This'll work, otherwise don't bother - 2001-10-31
Reviewer Rating:
This is an OK book if you want to get a handle on how to install a secure server only. If you already have a server that is installed and configured, you won't find this book that useful. THe author, tells you all kinds of things not to do that I had already done, and going back to the beginning on all that stuff is way too much of a bother. THis is also NOT a book on how to set up a secure web server, but rather a secure domain server. Don't buy this book thinking you will secure your website as I did, because if you do you will be disappointed. I can sum this book up in one or two sentences. Turn off all your services, disconnect it from any and all cables, do not assign any administrator users, do not allow anyone to log on, oh yeah and do not turn the power on and then only then will you have a secure server. It is full of impractical suggestions such as those, what a joke.

Excellent for *nix Admins needing to secure WinNT/2000 - 2002-05-07
Reviewer Rating:
As a Solaris/Linux admin, I had no clue how to secure a windows machine. I knew to turn off services I recognized but that is about it. Since we only really use NT for the PDC, the file server, and internal groupware client- I really was not interested in pouring over documentation to secure these boxes. I have too much to do in keeping the frontline unix boxes secure.
Norberg introduces the architecture and services and othter things that I really did not know about. He then gives practical suggestions on how to lock down the server. He does state that this is a for a bastion host, so that rules out a web server anyway.
However, this book explains the services and what would need turned off, you can then modify this to your needs.
This book is a must for any Unix admin that needs to learn about WinNt and security for it. I give this book five stars for being exactly what it says it is.

Good book, hope they update it soon. - 2003-01-01
Reviewer Rating:
This book was probably just right when it was released, but it's time to update it for 2000/XP and drop NT entirely. I only looked at the 2000 stuff, since those are the kind I support, but the info was very helpful, and even though we're several service packs down the road, it's still accurate. I didn't read the NT information (though it's largely the same, since they have the same roots) for accuracy as much, but it's still worth the price for the 2000 answers.

Pretty good summation of security practices - 2003-09-23
Reviewer Rating:
The author certainly understands windows security from the administrator's point of view. He isn't going to launch into the deficiencies of Lanman in great detail, but he will tell you how to allow only NTLMv2 instead, or even better...uninstall all of the MS deadly ports altogether (what are they doing on a mail server anyway???)

To be honest I'm primarily a Unix person (FreeBSD when possible) so I feel really constricted in the windows environment and thus don't know as much as I should about securing the boxes. This book allows me to jump into the windows world (since I obviously need at least one windows box around for work) and make intelligent choices regarding configuration.

The small number of pages is actually a good thing since the author skips all of the general security tips and knowledge that you can get in 1,000 other books nowadays, getting right to the meat of it: what to click and type to secure the box. This also has the pleasant side-affect of reducing the cost from the normal range of 50-60 to around 20, which pretty much means that buying this book is a no-brainer.

In summary, a Unix geek can get away with this book since it's so direct and easy to follow. It requires some previous security knowledge but not a boatload.

Browse Similar Topics

Top Level Categories:
Internet/Online
Networking
Security

Sub-Categories:
Internet/Online > Web Server
Networking > Windows
Security > Operating Systems
Operating Systems > Windows 2000
Operating Systems > Windows NT