REVIEW: "NT 4 Network Security", Matthew Strebe/Charles Perkins/
- BKNT4NSC.RVW 20000609
"NT 4 Network Security", Matthew Strebe/Charles Perkins/Michael G.
Moncur, 1999, 0-7821-2425-9, U$49.99
%A Matthew Strebe ntsecurity@...
%A Charles Perkins ntsecurity@...
%A Michael G. Moncur mgm@...
%C 1151 Marina Village Parkway, Alameda, CA 94501
%I Sybex Computer Books
%O U$49.99 800-227-2346 Fax: 510-523-2373 info@...
%P 940 p. + CD-ROM
%T "NT 4 Network Security, Second Edition"
While dauntingly thick, this is a generally readable, and fairly
comprehensive, introduction to security in general, and particularly
to Windows NT in a networked environment. On the other hand, it
sometimes has less material than you would expect.
Chapter one presents a general overview of security, touching lightly
on a range of topics and indicating areas the book is going to cover.
It is interesting to note that one subject seems to be left out: data
and business recovery is only mentioned tangentially. For example,
the NTFS disk format is noted to fully support security, but the
possible problems in recovering when the disk goes bad are not
mentioned. Human security, in chapter two, covers a wide range of
social factors, including an extensive discussion of password choice,
and the importance of treating your employees fairly and well. The
explanation of encryption, in chapter three, deals with a number of
important aspects, but is poorly structured. It also brings in a
number of unrealistic factors, such as the use of quantum computers,
and neglects some fairly important current developments. A general
plan for administering security is proposed in chapter four.
Chapter five presents the Windows NT security model, and, while it
does a better job than many other such works, it does not really
provide a clear working picture. User account functions, with another
look at passwords, is reviewed in chapter six. System policy is
introduced in chapter seven, but the overall operation and effect is
not explained well, and the material almost immediately degenerates
into a terse listing of policy options. Although chapter eight
purports to examine file systems, most of it deals with setting
security permissions with NTFS.
Chapter nine starts to look at networking issues with workgroups and
shares. Unfortunately, while the mechanics of sharing operations are
clear enough, the concepts are not. Domains and trust relationships
are introduced, but not very functionally, in chapter ten.
Fault tolerance, in chapter eleven, gives some basic information on
various types of disk redundance, and a few tips on backup.
Chapter twelve talks about virus protection. I am used to security
texts that have numerous mistakes in this area, but I was astonished
to see, at the beginning of this section, mention of a "CMOS virus"
(no such thing) that infects the CMOS BIOS code. A computer's "CMOS"
is the term used to refer to the small chip containing battery
supported memory, holding a small table of information. This
information is used by the BIOS programming, which programming is
generally stored in read-only memory. (The next page actually
mentions this.) CMOS memory is generally too small to hold any
effective virus. In addition, it is only called as data, and no
program that you did manage to store in the CMOS area would ever run.
In any case, the text goes on to say that these viruses can obtain
complete control over a computer, and cannot be removed by most
antiviral software. (I suppose the statement about removal is true
enough: since they don't exist, who would bother to write removal
programs?) There is also an erroneous account of the Brain virus, a
two page exegesis on Java that finally admits Java can't be used to
create viral applets, a statement that NT is "immune" to file viruses
(it's not), a list of antiviral types that only mentions different
types of scanners (never mentioning activity monitors or change
detection software), and a section on trojan software.
Remote access actually starts with a brief mention, at the end of
chapter twelve, of the dangers of pcAnywhere. (Both here and in the
following, there are stories of scanning local networks from home ISP
service. The authors do not mention that this operation is restricted
to those with cable modems.) Chapter thirteen starts off with some
opining on phone phreaking, but then does move on to some reasonable
information on securing dial-in situations. The material on multi-
vendor networks, in chapter fourteen, does little more than assert
that other operating systems have security holes, too, you know!
Chapter fifteen is an introduction to the Internet, but, because of a
rather loose structure, does not present security concepts in a
coherent manner. Similarly, the overview of TCP/IP, in chapter
sixteen, lists a number of potential problems with the protocols but
not much instruction on what to do about them.
Chapter seventeen describes a rather random bag of advice on security
aspects on client (non-server, or, in other words, user) machines.
Then we move back into network territory with a blend of firewall and
virtual private network (VPN) technology in chapter eighteen. Chapter
nineteen tells us about VPNs, with a few mentions of firewalls.
Microsoft BackOffice is reviewed in chapter twenty, but without much
specific information about security.
Chapter twenty one lists a variety of user (application) level
security loopholes. A number of attacks available at the network
level are listed in chapter twenty two. "The Secure Server," in
chapter twenty three, looks primarily at physical security and
concerns (and finally admits that NTFS can be bypassed after all).
Chapter twenty four looks at physical matters again, mostly in the
TEMPEST realm (and with a little misinformation about fibre optics and
The authors have tried to lighten up a rather heavy topic by including
humour in the text. While the remarks don't really get in the way of
the content, they don't really support it, either. There is also an
attempt to keep readers from getting lost in the jargon by providing
"terminology" boxes throughout the book. This is helpful, but is not
used as consistently as it could be. Acronyms, in particular,
frequently start to appear in the text without ever having been
This work has better conceptual coverage than "Microsoft Windows NT
4.0 Security, Audit, and Control" by James G. Jumes et al, (cf.
BKWNTSAC.RVW), and is about equal to "Windows NT Server 4 Security
Handbook" by Hadfield, Hatter, and Bixler (cf. BKNT4SHB.RVW). There
is better structure and more willingness to discuss flaws than is
apparent in the "Windows NT Security Guide" by Stephen A. Sutton (cf.
BKWNTSCG.RVW). It has perhaps the same level of quality, and is
certainly larger than "Windows NT Security" by Charles B. Rutstein
(cf. BKWNTSEC.RVW), but there is not as much depth in places. "PCWeek
Microsoft Windows NT Security," by Lambert and Patel (cf.
BKPWNTSG.RVW), has better material in significantly less space. In
terms of Internet material, it is about the same as "Internet Security
with Windows NT," by Mark Joseph Edwards (cf. BKINSCNT.RVW), although
it could hardly be worse. In general it is a good, useful guide, but
there are still a number of holes to patch.
copyright Robert M. Slade, 2000 BKNT4NSC.RVW 20000609
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
All you need in this life is ignorance and confidence, and then
success is sure. - Mark Twain
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade