Customer Reviews

Hardening Windows Systems

5 star:		(6)
4 star:		(1)
3 star:		(0)
2 star:		(2)
1 star:		(0)

 

 

A trip to the local book store will quickly show you that there is no shortage of books on the subject of network security. In fact, Roberta Bragg, the author of Hardening Windows Systems, has written some of the other contributions to this genre as well. So, why another one?

Osborne / McGraw-Hill publishing, publishers of the Hacking Exposed series, introduced the Hardening Series of books, to add a fresh perspective and approach to network security books. Rather than simply regurgitating the same theoretical material and security best practice details, these books provide more nitty-gritty, action-oriented information.

In the first chapter, Bragg provides a list of ten things you should do immediately to secure your Windows systems. This helps get you very quickly from cracking the cover to getting actionable information you can implement now.

Working in I.T. though, I think that the last section is possibly more valuable than the information about securing the system. Getting budget approval, management support and user cooperation are all essential to securing the network and this information is invaluable.

I like the structure and approach of this book and recommend it for anyone supporting a Windows-based network.

(...)

Roberta Bragg's _Hardening Windows Systems_ (HWS) is exactly the sort of book I expected from McGraw-Hill/Osborne's new 'Hardening' series. The publisher gained fame through its assessment-oriented 'Hacking Exposed' series, and now it advocates preventing intrusions via configuration instead of assessment. (Those familiar with my Network Security Monitoring theories will remember I believe 'prevention eventually fails,' but I still recommend doing everything possible to make the intruder's task difficult!) HWS is a Windows security tour-de-force, and I intend to recommend it often.

I am blessed by not having to support Windows workstations or servers (other than my family's systems) because I run various UNIX variants at home and at work. If you're stuck defending Windows, HWS will show you how -- immediately. The book has literally one page of theory in ch 1 before advocating numerous 'do it now!' steps. This direct approach keeps the book at a manageable 500 pages or so, yet doesn't skip the details.

Furthermore, the term 'Windows' doesn't just mean Windows 2000, the current 'corporate standard' (despite Microsoft's best efforts to encourage upgrades). HWS actually spends time on servers like Windows NT 4, 2000, and 2003, and clients like NT 4, 2000, and XP. Even Windows 95 and 98 receive a few mentions. I was impressed by real advice for operating three sorts of 'domains' in ch 4 -- workgroups, NT 4 domains, or Active Directory forests. Too often Microsoft concentrates on the latest and greatest, but HWS recognizes corporate realities.

HWS includes some of the most information-packed tables I've ever seen. Table 5-3, explaining Windows services that can be disabled to improve security, is awesome. Table 9-3, recommending IE security settings, is similarly helpful. Author Bragg packs so much detail into these tables that reading them alone will help your security efforts. Screen shots are also shown to supplement the step-by-step instructions needed to configure Windows.

My only real criticism is the complete focus on Windows-bundled features. There is no mention of helpful third party applications, like OpenSSH, Cygwin, or Perl. A great older book on Windows security called _Securing Windows NT/2000 Servers for the Internet_ explained these and other options. Integration with non-Windows systems and services, like sending Windows Event Logs to syslog servers, would recognize the heterogeneous nature of modern enterprises. I would also like to see information on profiling Windows systems, displaying the ports and services expected to be active. This would help sys admins understand normal Windows behavior and possibly identify intruder activity.

I plan to add HWS to my recommended reading Listmania List, and I hope you consider this book if securing Windows systems is on your to-do list.

I was very pleased with this book. One of the problems I've had with most books on network security is that they go on and on about theory and then leave it to you to turn their high level discussion into actual practice.

That's not the case with this book, this is a book where you can literally sit down with it open, and configure a system step by step using what is provided. The author's style is very matter of fact in that there is very little of the "chatty tone" that (in my opinion) takes up so much valuable space in other books. This book is straightforward: This is the problem - This is how you fix it.

There's also a healthy dose of screen shots which never hurts.

I didn't give it 5 stars for two, fairly benign reasons. (1) It covers all versions of Windows including Windows 98, Windows NT 4, Windows 2000, Windows 2003, and Windows XP. So, any given reader is bound to find a good chunk of the book doesn't apply to them. (2) A little more of the theoretical side might have been good. It's great that this book is so task oriented but I think that someone who hadn't read other security books in the past might not grasp why the book suggests certain things.

Nonetheless, I'd recommend this book to anyone interested in Windows Security.

Roberta Bragg proves once again why she is one of the top Windows Security experts in the world. Unlike most publications that pop out whenever a product "upgrade" by the all-mighty Microsoft empire is released, this text encompasses all product flavors and other MS offerings. I do agree with a previous reviewer that it could've been made better by including 'real world' applications, delving in a bit more on heterogeneous environments where MS products may dominate the architecture, would've been extremely helpful. But, then again, the book is for hardening Windows systems, not hardening network infrastructure (you'll need Wesley Noonan's book for that - a good one as well). Overall, a great book containing tons of immediate solutions for your Microsoft systems, a definite must-buy!

This book is an excellent resource for the system administrator tasked with securing Miscrosoft Windows systems and networks. There is no room for confusion here, step by step directions tell you how to secure your systems. The first chapter, "An Immediate Call to Action" provides ten things to do immediately to begin the process of securing your Windows systems. The book is definitely designed for administrators working "in the trenches" as it is heavy on practical application and light on "theory." If you are responsible for maintaing the security of a Windows environment, this book is a "must have." I have had the book for about a week and I already have pages bookmarked and highlighted.

Does a week ever go by without a major Windows vulnerability coming to light? It is evident that, prior to Windows XP Service Pack 2, the operating system was geared to file and printer sharing, not security. Among security professionals, the common view is that the best way to secure Windows is to use a more secure operating system such as Linux.

Windows isn't going away, however, and probably millions of businesses will continue to use that platform. These systems should be hardened against attack, a task made easier by this resourceful and practical book.

Hardening Windows Systems provides users a solid guide to implementing security on various Windows operating systems, attempting to close the many holes that have plagued Windows. Chapters cover infrastructure, physical security, communications, security policies, and more.

Valuable security-setting tables and checklists are offered for a vast number of different Windows security services, settings, and parameters. These tables and checklists ensure a systematic approach to system hardening.

Some readers might be overwhelmed by the prodigious number of modifications needed to ensure that a Windows host is indeed secure. Making those modifications is a dirty job, but this book makes it a lot less messy.

I've looked into a few Hardening Windows type of books and I was not satisfied. I found Unix/Linux equivalents to be very practical and valuable, and most to the Windows books to be just general guides of common obvious solutions mentioned in core MSCE training. Where is the real tangible stuff?

Well, I am happy to say that this book sets itself apart in having very potent and practical solutions. To detail all the chapters and their qualities would make this review humungous, so I'll mention one chapter...

One chapter that I found was really profound was "Harden Windows Using PKI" in chapter 12. It introduces the idea of having an offline root-CA and a subordinate "Enterprise CA", so in case your private key gets stolen, so that you can more easily rebuild the infrastructure. This is important as an "Enterprise CA" is integrated into Active Directory, making replacing it unfathomable. The instructions for how to do this were just awesome, but I do wish there was some further explanations as to why certain steps are needed. Some group of instructions are just plopped down without any explanations as to what these set of instructions are for. Beside that bit, this chapter is inspirational, and after this, one can delve into securing mail traffic (IMAPS, POPS, S/MIME, Exchange OWA), web traffic (HTTPS), and general TCP/IP (IPSec, VPNs).

Bottom line, anyone concerned about security for Windows, cannot pass up this book.

Ok, so you want to secure your current, already (maybe poorly) implemented Windows networking environment. This may be the right book for you to get you on the path to better security. Note I did not say good security, I said better.

I bought the book Hardening Linux by James Turnbull published by APress. That book has what I wish Hardening Windows Systems would have: a comprehensive security strategy.

Instead, this book is nothing more than an overly wordy To-Do list with not a lot of information to tell you how to accomplish the To-Do list nor why you would even want to do the To-Do list to begin with (except for maybe chapter one, which was quite good, but still lacking).

If you have an existing, insecure Windows 2000/2003/XP networing environment and want to get started tightening up the ship, this book may be good to get you more secure quickly.

If you really want to lock down your existing installation, or you are starting a new Microsoft nework installation and want a comprehensive strategy for deploying a secure environment from the get-go, this book is NOT for you.

Ms. Bragg knows her stuff. This book is a nuts & bolts approach to implementing security on a variety of Windows systems. The author's "how-to" instructions start with immediate steps to close the holes in Win systems and proceeds to cover all the bases from physical security to communications to PKI, security policies and more. This book is very inclusive and covers Win systems from 95 through 2003.

The text is well laid out with plenty of screen shots, tables and explanations. The index makes this a fine reference book.
The book does not get bogged down with a lot of superficial theory and speaks right to the heart of security issues.