Microsoft Windows 2000 Security Handbook [Paperback]

Jeff Schmidt (Author), Alexander Kachur (Author), Dave Bixler (Author), Travis Davis (Author), Theresa Hadden (Author)

Book Description

Publication Date: August 7, 2000

Windows 2000 Security Handbook covers NTFS fault tolerance, Kerberos authentication, Windows 2000 intruder detection and writing secure applications for Windows 2000.

Editorial Reviews

From the Back Cover

Windows 2000 Security Handbook covers NTFS fault tolerance, Kerberos authentication, Windows 2000 intruder detection and writing secure applications for Windows 2000.

About the Author

Jeff Schmidt has a long history in the network trenches and a worldwide reputation as a Windows 2000 security expert. As a security administrator on a college campus, Schmidt must deal with talented students' attempts to hack the system. He brings this expertise to Microsoft as a consultant to Windows 2000's development. In this role, Jeff is among the consultants for the Windows 2000 system's security code and possesses expertise on the system that other authors can only obtain after release of the betas and final version of 2000.

Product Details

• Paperback: 1000 pages
• Publisher: Que; 1st edition (August 7, 2000)
• Language: English
• ISBN-10: 0789719991
• ISBN-13: 978-0789719997
• Product Dimensions: 9.1 x 7.4 x 1.7 inches
• Shipping Weight: 2.7 pounds
• Average Customer Review: 5.0 out of 5 stars  See all reviews (5 customer reviews)
• Amazon Best Sellers Rank: #4,477,631 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

61 of 63 people found the following review helpful:

5.0 out of 5 stars I'm the technical editor for this book..., August 22, 2000

By 

Eric Fitzgerald (Redmond, WA USA) - See all my reviews

This review is from: Microsoft Windows 2000 Security Handbook (Paperback)

It's always hard to select a book online- sometimes the description of the book does not really tell you what you want to know. So I'll take this space to tell you a little about the book.

What It Is:
If you're interested in a book that is part technical reference, part programmer's guide, and all Windows 2000, then this book is for you. It goes deep enough into each topic to give you a thorough understanding of the feature or concept being described, but does not bog down and put you to sleep like a technical reference. It is not just "fluff" material, however- the material is what I would generally describe as 300 level in terms of technical depth.

What It's Not:
If you're looking for a step-by-step guide to hardening a Windows 2000 machine, then you should look elsewhere. This is not a rehash of information you'll find on the Microsoft security site. It is also not just a programmer's guide. There are entire books dedicated just to security programming on Windows NT. However, if you're already familiar with NT security programming, and just want an quick orientation to using the new features of Windows 2000, then this book may be for you.

This book discusses Windows 2000 security from an architectural standpoint, then discusses how to write code to use some of the new features such as CAPI 2.0, and closes with discussions of intrusion detection, penetration testing and security best practices.

I personally found the chapter "Writing Secure Code" to be particularly interesting. As a demonstration of insecure coding practices, it actually walks you through constructing a buffer overflow attack against a vulnerable Windows application that you also write.

Here's the table of contents:

I. Windows 2000 System Basics
1. Windows 2000 Architecture
2. Processes and Threads
3. Security Model
4. NTFS 5.0
5. Services
6. Drivers

II. Computer Network Security Foundations
7. Windows Networking Protocols
8. Cryptography
9. IPSec
10. PKI
11. Kerberos
12. X.500 and LDAP

III. Network Security in Windows 2000
13. Networking Model
14. Active Directory
15. Authentication
16. SSPI
17. CryptoAPI
18. Certificate Services
19. COM, DCOM, and RPC
20. VPNs
21. EFS
22. DNS, DDNS, & WINS

IV. Protecting Youself and Your Network Services
23. Secure Computing Practices
24. Building and Administering a Secure Server
25. Security with High-Speed Full-Time Connections
26. Detecting and Reacting to Intrusions
27. Recent Issues Explored
28. Penetration Testing
29. Writing Secure Code

8 of 8 people found the following review helpful:

5.0 out of 5 stars Excellent, in-depth discussion, August 28, 2000

By 

Joe Michael (Florida) - See all my reviews

This review is from: Microsoft Windows 2000 Security Handbook (Paperback)

While most security books are simple walk-through guides, Mr. Schmidt's text contains all of the details that the others leave out. While parts were well over my head, I appreciated the focus on technical completeness and understanding of security concepts. This book was an excellent addition to my bookshelf and I highly recommend it.

5.0 out of 5 stars I met Jeff Schmidt, May 17, 2002

By A Customer

This review is from: Microsoft Windows 2000 Security Handbook (Paperback)

I met the writer for a job interview, he is a great guy... but who cares? this is a boook review right? I work for a computer emergency response team and we use this book as a "security crash course" and as a hard reference. If you want to know about windows 2000 security this is seriously the book to have. It is very technical and not for script kiddies. If you are just looking for something to use as a basic refresher then skip this, get a microsoft book or something tame. This is grassroots hardcore good.