Loading ...
Sorry, an error occurred while loading the content.

[techbooks] REVIEW: "Microsoft Windows NT 4.0 Security, Audit, and Control",

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKWNTSAC.RVW 990409 Microsoft Windows NT 4.0 Security, Audit, and Control , James G. Jumes et al, 1999, 1-57231-818-X, U$49.99/C$71.99/UK#45.99 %A James
    Message 1 of 1 , May 25 11:10 AM
    • 0 Attachment
      BKWNTSAC.RVW 990409

      "Microsoft Windows NT 4.0 Security, Audit, and Control", James G.
      Jumes et al, 1999, 1-57231-818-X, U$49.99/C$71.99/UK#45.99
      %A James G. Jumes
      %A Neil F. Cooper
      %A Paula Chamoun
      %A Todd M. Feinman
      %C 1 Microsoft Way, Redmond, WA 98052-6399
      %D 1999
      %G 1-57231-818-X
      %I Microsoft Press
      %O U$49.99/C$71.99/UK#45.99 800-6777377 fax: 206-936-7329
      %P 318 p.
      %S Technical Reference
      %T "Microsoft Windows NT 4.0 Security, Audit, and Control"

      The primary audience described in the introduction seems to be
      security professionals. However, system administrators, technology
      managers, and CIOs are mentioned as well. The attempt at breadth of
      coverage usually does not bode well in works like these.

      Chapter one discusses an information security model based upon the
      business (and other) objectives of the institution in question. While
      valid as far as it goes, and even possibly helpful when formulating
      security policy, this by no means provides a structure from which to
      view either security policy or procedures, let alone implement a
      complex set of controls. The widget company, beloved of management
      writers, is described in chapter two. For the purposes of assessing
      security in real world working environments, this particular widget
      company seems to be astoundingly simple and homogeneous.

      Chapter three starts out talking reasonably about security policy,
      starts to get flaky in risk assessment (I would definitely worry about
      a .45 chance of an earthquake), and tails off into trivia.
      Monitoring, in chapter four, looks first at system performance and
      diagnostics, and then gets into event logging without really going
      into the concepts. Many areas of physical security are left uncovered
      in chapter five. Chapter six discusses domains, trust relationships,
      and remote access permissions. Dialogue boxes for user accounts and
      groups are listed in chapter seven. There is some mention of the
      commonly "received wisdom" in regard to these topics, as there is in
      chapter eight regarding account policies, but nothing very
      significant. File system, share, and other resource control is
      covered in chapter nine. Chapter ten is a bit of a grab bag without
      much focus. The registry is reviewed in chapter eleven. Chapter
      twelve looks briefly at power supplies and backups. Although it talks
      about auditing, chapter thirteen is more of a checklist of security
      features to think about. Appendix A is a bit better in this regard:
      it lists recommended settings across a number of functions for six
      different types of systems.

      There is some discussion of options as the various functions are
      addressed, so, in a sense, this is a start towards full coverage of NT
      security. It has a long way to go, though. In addition, the
      deliberation comes at the cost of a loss of some detail in terms of
      security implementation.

      copyright Robert M. Slade, 1999 BKWNTSAC.RVW 990409

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      This is a very good sign, [that someone] is a humanist,
      a universal spirit, too interested in too many things to become
      a monomaniac. Only a monomaniac gets what we commonly refer to
      as `results'. - Albert Einstein
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade

      ------------------------------------------------------------------------

      eGroups.com home: http://www.egroups.com/group/techbooks
      http://www.egroups.com - Simplifying group communications
    Your message has been successfully submitted and would be delivered to recipients shortly.