Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Securing Windows NT/2000 Servers for the Internet", Ste

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKSWN2SI.RVW 20010320 Securing Windows NT/2000 Servers for the Internet , Stefan Norberg, 2001, 1-56592-768-0, U$29.95/C$43.95 %A Stefan Norberg
    Message 1 of 1 , Apr 16, 2001
    • 0 Attachment
      BKSWN2SI.RVW 20010320

      "Securing Windows NT/2000 Servers for the Internet", Stefan Norberg,
      2001, 1-56592-768-0, U$29.95/C$43.95
      %A Stefan Norberg stefan@... http://people.hp.se/stnor
      %C 103 Morris Street, Suite A, Sebastopol, CA 95472
      %D 2001
      %G 1-56592-768-0
      %I O'Reilly & Associates, Inc.
      %O U$29.95/C$43.95 800-998-9938 fax: 707-829-0104 nuts@...
      %P 199 p.
      %T "Securing Windows NT/2000 Servers for the Internet"

      This book is based on the paper "Building a Windows NT bastion host in
      practice," which is available on the author's Web site. The title of
      the essay is much more accurate than the title of the text. The work
      is concerned strictly with bastion hosts, and does not address, in
      more than a nominal way, considerations of applications that are
      necessarily part of any Internet server.

      Chapter one takes a brief, scattered, and not very clear look at a
      number of issues related to Windows and/or security. This disregard
      for background information extends into chapter two. Having presented
      an extensive list of services to turn off, Norberg tells us that "[you
      now] understand the purpose of all active software components on the
      host." The irony of this bald assertion stems from the fact that
      there has been little discussion of why these services are to be
      turned off, and what you lose along the way. (Further, for those new
      to Windows NT or 2000, there is no indication of how to accomplish the
      task of reduction.) Once we get into more advanced tuning there is
      slightly more information, but not much. The material on the
      differences in Win2K, contained in chapter three, does present a bit
      more detail on how to accomplish the restrictions.

      Chapter four describes a number of software tools that will encrypt
      sessions to be used for remote administration, but does not deal with
      system management itself. The standard advice you always read about
      backups ("make one") is repeated in chapter five. Chapter six reviews
      auditing and logging, with, for some unknown reason, four times as
      much space devoted to network time synchronization as to intrusion
      detection. "Maintaining Your Perimeter Network" is the title of
      chapter seven, but it seems to be a return to the same kind of
      catchall discussion that started the book.

      In the Preface, Norberg does state that the book is not intended as a
      primer for security, or even for Windows security. The text is
      written as a kind of a checklist for those thoroughly familiar with NT
      or 2K. There is, of course, nothing wrong with such an approach, and
      those in the target audience will appreciate the brevity of this
      concise guide. The approach does, however, severely limit the utility
      of the work. Chapter two (and three, if you are using Win2K) is the
      heart of the book, and the rest seems to be an attempt to expand the
      text to more than pamphlet length.

      copyright Robert M. Slade, 2001 BKSWN2SI.RVW 20010320

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Program testing can be used to show the presence of bugs, but
      never to show their absence. - Edsger W. Dijkstra
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.