Security is a paramount concern for businesses as they extend information systems to create a competitive advantage. And as businesses increase their reliance on Windows NT and Windows 2000 networks, an increasing need exists for a concise, well written, and informative text that treats Windows security. One such attempt is the book Windows NT/2000 Network Security, by E. Eugene Schultz and published by Macmillan Technical Publishing.
Windows NT/2000 Network Security was written with system and network administrators in mind. The book's primary goal is to walk administrators through proper installation and configuration of NT and Win2K systems. In other words, this is not a book that focuses on security practices or design principles. Rather, readers are expected to roll up their sleeves and get a little dirty as they wade through the various configuration options and file tweaking necessary to secure Windows systems.
The book is, on the whole, informative and easy to read. Schultz speaks directly to the reader rather than in third person, and does a good job of inviting the reader to sit back and analyze his own situation and how the principles discussed apply to him. The topics discussed are numerous, and the book contains many examples, screenshots, and real-world discussions.
Unfortunately, the book also contains an incredible number of typographical, spelling, and grammatical errors. While it's understandable for technical books to contain some errors--after all, they are usually written, edited, and released within six months to a year--this particular text is riddled with them. So much so that the errors detract from the overall readability of the book and, at times, may cause confusion for some readers.
Another issue is the lack of detail concerning Win2K. While the title contains a none-to-obvious hint at inclusion of Win2K-related material, the actual coverage is more often than not side notes and asides regarding how to apply an NT-specific discussion to Win2K systems. Schultz ends the book with a chapter specific to Win2K, which helps to tie up loose ends regarding Win2K-specific topics, but this book is certainly geared to NT rather than Win2K networks.
The book is organized into large chapters, each covering a specific component or issue of Windows security. In total, the book contains 411 pages of true content, including several appendices containing additional information that isn't appropriate in any particular chapter.
Chapter 1, "Introduction and Overview," is the prerequisite introductory chapter found in most, if not all, technical books. This chapter includes information about the general organization of NT, comments about its prevalence in today's networks, and about various potential modes of attack against the operating system. Most readers will be able to skim or even skip this chapter, because no groundbreaking commentary is to be had. However, the chapter does an adequate job of setting the foundation for the remainder of the book.
In the second chapter, "The Structure of Windows NT Security," Schultz delves into the details of the design and implementation of NT. Topics include architectural information such as user and kernel mode operations, the NT security model, and security features such as authentication, access control, and privilege structure. The chapter also strays a bit into topics such as a review of security policies that belong in the first chapter.
Chapter 3, "The Windows NT Network Environment," begins with an overview of some rather basic information regarding network components and infrastructure. With the exception of material concerning protocol analyzers, sniffers, and firewalls, the first half of this chapter is really out of place in a book of this nature. Fortunately, the latter half of the chapter contains good coverage of NetBIOS and SMB vulnerabilities and methods used to reduce those vulnerabilities.
In Chapter 4, "Basic Windows NT Security Exposures," the book begins to offer substantive information for administrators. Schultz begins with an overview of different forms of attacks, and then proceeds to address each of the modes of attack in more detail. This chapter primarily offers readers an overview of the vulnerability landscape. That is, general ways in which an attacker might try to penetrate or otherwise compromise a machine or service.
Chapters 5 and 6, "Configuring Windows NT Server for Security" and "Maintaining Windows NT Security," respectively, work in tandem to walk readers through the general steps required to secure an NT machine. Topics include file permissions in system directories, administrative accounts, registry permissions, share permissions, and integrity checking. These two chapters provide a solid overview of good security practice when installing and running NT.
Schultz then changes focus from host to network security. In Chapters 7 and 8, "Basic Network Security Measures" and "Securing Network Services and Protocols," Schultz emphasizes securing network access to the server and services. In chapter 7, Schultz addresses common security themes such as FTP and Web servers, as well as remote shell services such as SSH and Telnet. Chapter 8 provides more detail on specific services such as IIS, SNMP, DNS, and RAS.
Chapter 9, "Virtual Private Networks," is a short chapter that addresses Microsoft's PPTP VPN solution. The chapter contains a lot of information about PPTP configuration and use, with information regarding actual vulnerabilities treated more as a side issue.
Chapters 10 and 11, "Workstation Security" and "Security Considerations for Windows 2000," wrap up a few loose ends. In chapter 10, Schultz primarily focuses on virus and Web-based threats. In "Security Considerations for Windows 2000," he discusses Win2K-specific topics such as Active Directory and Kerberos. Unfortunately, chapter 11 leaves me with the impression that Schultz was doing his best to include enough information about Win2K to justify the title of the book rather than to provide a thorough treatment of vulnerabilities and solutions. However, the chapter does provide a good general overview and that may be enough for readers willing to dig a little deeper on their own.
The book closes with several appendices, including an excellent script to automate general system hardening. In addition, Appendix F provides a step-by-step guide for additional actions to be performed after the hardening script executes.
For those willing to get under the hood of their systems this is a good book. The book provides a well-rounded review of NT security considerations, and can easily be used to create an installation and maintenance policy to ensure all administrators are properly securing their systems within an organization.
Unfortunately, this book does contain some problems. The most glaring problem is the bad editing that I mentioned earlier. In addition, the material contains a few holes. For example, in this day and age more coverage should have been given to using and securing NT within a heterogeneous network environment. Rarely will you find NT-only networks in medium to large networks, and this should be taken into consideration when developing and applying a security policy.
Despite the problems I believe this book offers value to readers, and that it is definitely a good primer for administrators new to securing NT.
Windows NT/2000 Network Security
Author: E. Eugene Schultz
Publisher: Macmillan Technical Publishing
Published: August 2000
ISBN: 1578702534
Hardcover, 437 pages
$45.00