Customer Reviews

Protect Your Windows Network: From Perimeter to Data

5 star:		(16)
4 star:		(1)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

I received a copy of Protect Your Windows Network (PYWN) almost one year ago, and I immediately put it aside. I figured it was another "security configuration guide," with lots of descriptions of settings and other tweaks that makes for boring reading. Recently I decided to give PYWN another look, and I am exceedingly glad I did. PYWN is one of the best security books I have ever read, and that includes nearly 200 titles over the last six years. Incredibly, even non-Windows users will find plenty of sound advice for their enterprise. Although the book is highly opinionated (and at times perhaps not on my side of the issues) I strongly recommend reading PYWN.

When I read and review books, I underline sections of interest and take notes in the margins and on separate sheets of paper. I dried out a pen underlining text and took three pages of notes while reading PYWN. The amount of good advice in the book is staggering. PYWN is incredibly engaging and clear. It is superbly organized, taking a layered approach to enterprise security. The book's strength derives from the authors' consulting experience, and they deliver many stories based on their interactions with customers.

PYWN is not a Microsoft marketing person's dream, either. In many places the book is very frank. For example, p 19 says IPsec in Windows "is the poster child for user unfriendliness." The authors correctly recognize the goal of a "protected" network by explicitly telling customers "no, your network is not secure" (p 15). They are critical of "Return on Security Investment": "following the [security] policy does not increase revenue, it does not increase productivity" (p 116).

This book is definitely not afraid to offend the reader. I do not mean the use of foul language; rather, the book takes very strong stances on certain subjects. Some of these directly contradict guidance given by others. Ch 12 even features 10 Security Myths. In many cases, I believe the authors take the right position, and they adequately defend their assertions. In other cases, I must disagree. The authors are not fans of detecting intrusions, and their monitoring advice in Ch 4 is particularly shaky. They also tend to use an example of compromising a host-based IDS deployment as an excuse to attack all detection mechanisms.

The authors are sticklers for accurate language, which I believe is required in our field. They are keen to point out that "IPSec tunnels" don't exist per se; there is, however "IPSec transport mode" or "IPsec tunnel mode." They repeatedly state that L2TP+IPsec is the only "IETF-approved" remote access solution. This stems from their requirement that such a solution authenticate the user and give his/her machine an IP address. Obviously IPSec alone doesn't fulfill those requirements, hence their promotion of an alternative.

In some cases this desire to use the right word doesn't work so well. I disagree with some of the terms used in the threat modeling discussion in Ch 9. I wonder why the authors (and other Microsofties) call this "threat modeling," instead of using Bruce Schneier's older term -- "attack trees." Sometimes the authors confuse threats with vulnerabilities. For example, p 237 says "Although a threat to an application many times can be eliminated with a patch..." That should read "Although a vulnerability in an application many times can be eliminated with a patch..." Threats can only be eliminated by incarceration; vulnerabilities are flaws which can be patched. On p 254 we read "the config.sys file poses no threat." That's right, but it's not what the authors meant. They should have said "the config.sys file poses no vulnerability," or perhaps "exposure." Finally, p 236 says "you use the model to communicate the current structure of the network and the threats created because of it." That is wrong; building a network doesn't create threats -- it creates vulnerabilities and exposures. Threats are independent of the network.

Similarly, the STRIDE model on pp 242-3 is mostly about attacks, not threats. Read any government report about threats to learn about organized crime, foreign intel services, script kiddies, corporate spies, and so on -- those are real threats. "Denial of service" is an attack; "information disclosure" is a security incident, or a consequence of an attack.

I should note that sometimes the Windows focus of the book blinds the authors to other, better security approaches -- some of which Microsoft is adopting. For example, Ch 14 recommends users "uninstall unnecessary components." This is obviously true, but it's a limitation of Windows. It's much better to start with a bare system and "add necessary components." On p 422 the authors say the Windows Backup Operators group are unsafe for backup. If that is the case, why do they exist, at least as currently configured? The advice in Ch 14 also results in an "unsupported configuration" for SQL server. The authors admit this is for "high security" needs, but this indicates a problem with Microsoft's approach. PYWN pulls no punches in some places regarding Windows, but in others it holds back.

PYWN is definitely not a security configuration guide, of which the authors are highly critical. In some places they do list ways to accomplish certain goals, but most everywhere else they refer readers to previously published books or documents on the Web. Bravo. The book contains numerous footnotes which I appreciated.

I found only a few errors in the text. On p 38, the text implies the three way handshake starts with SYN, ACK instead of SYN, SYN-ACK. On p 84; ISO is not "International Standards Organization." On p 121, the text implies SOX doesn't apply to all publicly traded companies. Since I read every word very closely, I am really impressed by PYWN.

This review is long enough. Let me conclude by saying you will absolutely not waste your time reading this book. It took me a week to finish it because I tried to make the best use of the authors' recommendations and insights. Keep my earlier comments in mind, then enjoy PYWN. I hope the authors produce a sequel or at least a second edition. They are exceptional writers, and this book could easily be called "Protect Your Computing Enterprise." Windows is an example implementation, not necessarily the core focus of the book.

Let me cut to the chase: if you're a Windows admin and you are at all worried about security, get this book. Now.

Okay, having said that, let me tell you about the book. I've been doing a lot of professional security work over the years, much of it with Windows. I tend to treat new security books with a big grain of salt, because there are a lot of well-meaning people out there giving advice ranging from mildly wrong to actively harmful. Now that I've written a book of my own, I have a fair idea of what is involved and how easy it is to slip technical howlers past hard-working editors (who aren't usually experts in the topic). Just because something is written down in a book doesn't mean I automatically trust it; unfortunately, too many people do place their faith in the Holy Grail of the printed word. On the other hand, I've not only seen Jesper and Steve speak before, I've had the opportunity to work with them on past projects, so I have a reasonable amount of faith that they actually know what they're talking about. (If you haven't had the pleasure of hearing them speak, go find the events they're at and sign up. Trust me.) As a result, I was pretty sure this book was going to rock on toast and give me a few good hard nuggets to think about.

It didn't.


This book completely threw many of my security assumptions out the window. More than once, I was reading the book shaking my head, saying "No, no, that's not right!" as the authors made hamburgers out of yet another security sacred cow. After giving myself time to think about it from a real-world point of view, though, I almost always came away agreeing with them. At other times, I'd be pumping my fist in the air, ecstatic that somebody else Got It and was able to put it as eloquently as I'd just read. I don't normally read technical books cover to cover; not only did I read this one straight through, I went back for a second pass with a bunch of sticky flags. My copy now looks like it was in a Twister factory explosion. The book also comes with a CD; it's not got a lot on it, but the scripts that are there are very useful indeed. There's also an accompanying website, http://www.protectyourwindowsnetwork.com/, which contains errata and downloadable copies of the scripts and files on the CD.

Some of the best content of the book isn't contained in the book -- it's on the website in the Listening Room. Here, you can find recorded versions of talks by Jesper and Steve. You'll find their talks cover a lot of the same ground the book does, but they are both dynamic speakers and hearing the material reinforces what you're reading.

So, is this book for you? Let me answer that with another question: Are you tired of being a prisoner to security bulletins, patches, conflicting (and confusing) security guidance, and vendor claims?

If you want to learn how to actually analyze your systems and network, asses the threats you face, and do more than follow step-by-step "hardening guides" that inevitably break the CEO's favorite applications, then you need to get this book. It won't give you false warm fuzzies; it won't hold your hand and do your thinking for you, because the reality of security is that everybody's system is different. You can't produce cookie-cutter protection for a moving target; there is no substitute for digging in and learning the techniques Jesper and Steve show you here. If you put the work in, though, I can promise you will have a much better understanding of what it takes to keep your systems and network secure, and how to adapt as the threat landscape changes.

If you want to keep plodidng on, performing security by rote, following checklists, then don't read this book. It will make you question your assumptions and might even lead to thinking. And the bad guys in your network don't want that.

To see a slightly more detailed verson of this review (with hyperlinks), head to my blog (e)Mail Insecurity at:
http://blogs.3sharp.com/Blog/deving/articles/1030.aspx

The authors here have done an excellent job discussion not only effective security techniques, but also the reasoning behind them. Most of the security in the book is at the user layer. How you can set up your system, and the network around you to secure your systems. I particularly appreciated the information on SQL Server, which is all too often not covered in security books.

There are some downsides, the book is fairly text intensive (which is something I don't usually cite). There could have illustrations to make the points more clearly. But the images that are there are effective and used well.

It looks like this book will further an alarming ƒº trend by being yet another great security book, written by Microsoft people. ¡§Protect Your Windows Network from Perimeter to Data¡¨ dives into an esoteric world of Windows security in an unusual and novel way. It is clear that this book belongs in 2005 due to its focus on things beyond Windows hardening tips and obscure registry tweaks for security. For example, I found a nice coverage of Windows emerging DRM (called RMS) as well as amazingly in-depth coverage of using ACLs for granular file security (it might sound simple, but its really not).

I will not go through the table of contents since you can look it up. Briefly, I most enjoyed chapter 2 with a hacking case study, chapter 3 on patches (I really did!), chapter 10 on rogue insiders, chapter 12 on hardening which contained some uncommon wisdom, and later chapters on application and data security.

I liked many things about this book! Right away, the authors establish that while fighting ¡§stock¡¨ worms and viruses, there are skilled attackers out there and simply ¡§keeping up to date with patches¡¨ will not save you. I also liked a harmonious mix of technical (lower level) and business (higher level) issues related to security.

In addition, I liked the style and authors¡¦ humor a lot! The book is very easy and even fun to read and is peppered with humorous stories from their experience. The book is full of amusing and educational gems, such as a triangle of ¡¥cheap-usable-secure - pick any two¡¨, and vendors and customers role is changing the above tradeoff.

The book is focused mostly on the defense side and display obvious and acknowledged bias towards protecting Windows servers, just like the name of the book indicates. The book contains a minor amount of Unix-bashing, which is more funny than malignant though.

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior¡¨ and a contributor to ¡§Know Your Enemy II¡¨. In his spare time, he maintains his security portal info-secure.org

This book addresses network security through layers. Chapter 1 presents the book's basic argument: that the goal is not to make your network secure, but to make it "secure enough" for your environment. Chapter 2 provides the obligatory description of how a network can be compromised that you would expect in a book on security, but emphasizes the operational issues/mistakes that facilitated the attack with explicit mention of which subsequent chapters will provide guidance on how to best mitigate those flaws. The remaining 15 chapters describe how to make your network more secure. Topics include patch management, the need to set policies and educate users, perimeter access controls, restricting access to network resources, protecting hosts and applications, and protecting the data (information) itself. Each chapter concludes with a short list of suggested action steps ("What You Should Do Today").

The book is well-written and easy to read. Although the book is Windows-centric, most of the material applies to any system. The authors do a good job of explaining and illustrating concepts such as SQL injection and SMB reflection attacks to make them easy to understand for readers with limited technical background. Overall, the book will probably be of most value to individuals with limited experience in managing security of Windows networks. However, even experienced security professionals can benefit from the discussions of how to avoid security dependencies and how to do network threat modeling. All readers will also benefit by thinking about whether they agree or disagree with the authors' challenges to several widely-accepted security prescriptions and their opinions concerning best practices (for example, why turning off SSID broadcasting is not a good idea and why the best place to locate your VPN server is alongside your firewall).

The book also includes a CD with several utilities: a Hosts file for blackholing spy-ware sites, a password generator (passgen), an SQL script to revoke permissions from the public login, and a slipstreaming tool that is written in VBScript. One potential limitation is that because much of the detailed advice is directed to features specific to Windows Server 2003 and Windows XP it may become out-dated. Nevertheless, it is likely to be a useful reference source for the near-term future for anyone interested in or responsible for security in a Windows network.

...Or anyone who wants to harden and secure their windows network

This is a well written and thought out book that contains many tips and techniques not found anywhere else. It covers security from PCs to hardening servers, password vulnerabilities, how to create better password security, IP tables and their complexity, firewalls, perimeter security and why if you have no physical security then all other security is irrelevant. Despite its overall length and number of pages this book flows well and keeps the reader informed and entertained without being to witty or dry. I found it easy to read in just a few hours during a couple of evenings.

The author starts out with the basics of attacks and leads the reader thru different stages of security from social engineering thru hardware and software vulnerabilities. It shows how hacking takes place; the procedures, practices and techniques hackers use to attack a network and how an attacker takes control of a network. The author then guides the reader thru the process of keeping the attacker off the network and how to "hide" your system as well as processes from the attacker. He also shows the reader why outside attacks are becoming less relevant and how inside attacks are becoming more frequent.

The author provides practical, common sense solutions in an easy to understand forms that are useful to any reader. Included are many great up to date examples designed to help IT personnel understand, design, and manage their own unique security needs and vulnerabilities. Also included are numerous quality links and Urls that would take anyone extensive time and effort to piece together on their own.

Also covered are why written policies and procedures are important and the fact that you actually have no security with out written guidelines. The author then helps direct you in ways that will allow you to assess your companies' goals and apply practical security policies to your own specific situation. He also points out why mapping your network is important and how to assess your vulnerabilities based on you network topologies.

The concepts of the confidentiality, integrity and availability model as it applies to day-to-day security policies, procedures and practices are covered in a very comprehensive and easy to understand details. Anyone considering taking the CISSP certification or looking for CPEs will find this book helpful in understanding the concepts necessary to pass their exam or continue their professional education and will find it well worth his or her time.

One of the best features in this book is the CD and appendices, which are loaded with scripts and tools to help automate and simplify the very complex and sometimes tedious job of security administration.

Overall, you cannot find a better book on windows security than this; it is more than well worth the price many times over.

I love books like this, which take a different approach to teaching. They begin not by going through, chapter-by-chapter, each individual building block of a network, but by showing you just how horribly wrong you may have been in your thinking all along. Then, they basically say, "Do we have your attention now? Good. Now we'll show you how to mitigate these risks." In my opinion, that's the ONLY way to teach a computer geek, since many are quite set in their ways.

In my opinion, this is THE best book I have ever read (and I have read a few) on security in a Windows network. It is very well written; unlike a standard security book that simply has configuration guides and checklists. These guys are not only security gurus, they are very good authors who know how to write. They not only offer explanations on various security best practices, but they also dispel many myths about Windows security "recommendations" by so-called experts. The book has a definite Microsoft bias (as it's title would suggest), but I found very little that I would disagree with. As a long time Windows Administrator (MCP NT4, MCSA 2000/2003 and CompTIA Security+ certified) and also being a security minded individual (though not a security specialist)I highly recommend this book.

The simple truth is that if you're directly responsible for the health of a Windows network, you need to read this book. It contains a wide enough breadth to be applicable to all Windows administrators running a variety OS and application levels, while still managing the depth required to be truly informative and serve as a good everyday reference. It provides an incredible amount of detailed theory and hands-on practical advice that will give you the background information, tools and motivation to improve your defenses and keep hackers away from your data.

Those directly responsible for securing the network should read this book through and then read it again, perhaps discussing it with a peer. There's a lot of information to unpack, so a critical study of how to contextualize the recommendations to your environment would benefit from a team of individuals dedicated to understanding and carrying-out the guidelines that are given. In contrast, high-level managers and decision makers who have a more hands-off role would be well served by taking a half an hour to read the first two chapters, giving them a sobering first-hand account of the ease with which a knowledgeable attacker can subvert an entire domain. It will be 30 minutes well spent! A final group, the technically-savvy supervisors who don't actually implement (but monitor those who do), should quickly read the entire volume and hold their employees accountable for upholding at least the principles, if not the specific practices, mentioned throughout. All three groups should read it with the goal of acquiring a security mindset, filtering all their projects and goals through the "lens" created as a result of the truths learned from this pair of gurus. It is the unique combination of sufficient depth with comprehensive breadth that gives this book the edge over most recent Windows security titles from other authors. If you have to pick just one printed manual to take with you into battle, this should be your weapon of choice. I heartily recommend it as a great read for now, and as an investment for your go-to shelf later on.

Jesper and Steve begin the journey with the same eye-opening SQL injection attack you may have seen in one of the talks they present around the globe in their roles as security experts for Microsoft (Jesper has since changed employers). They exploit a poorly-written web application by feeding SQL code directly through the web form, eventually compromising the entire network, even though it's fully-patched and even somewhat hardened. They describe the intricacies of the attack from beginning to end, laying the groundwork for the defense techniques described in the remaining chapters. After taking over their victim network, they round out the section on fundamentals with a chapter on patch management. This was the low point of the book and, in my opinion, it glosses over the realities of just how time-consuming and complex change management and regression testing can be in a heterogeneous environment. Don't get discouraged by this chapter; slog through it and enjoy the informative--yet surprisingly fun--chapters that follow.

Having established the basics, more groundwork is laid with above average, but not spectacular, sections on administrative policies and physical security. These are the most "CISSP-ish" pages of the whole book and should look very familiar to members of the (ISC)^2. While the advice in these early chapters will stand the test of time, there's not much in here that won't already be a part of your daily arsenal. If you haven't figured out such basics as having a written security policy and that users will always choose convenience over security, then study this section hard. For the rest of us, you will find yourself saying "Amen" a lot as you review these four well-written and comprehensive middle chapters. The real epiphany comes at the end of Chapter 7 when they declare that the days of having a notion of a "perimeter" are over. If you haven't realized by now how incredibly porous your network is, this book should help bring you back to reality.

With the first half of the book used as an appetizer, the authors start serving the main course of practical, detailed advice about how to protect every aspect of your clients, servers and network infrastructure. Their incredible insight into password theory and how exactly a real password attack would work is so refreshing--these guys are experts, and it's demonstrated most profoundly in their chapter-long advice on the subject. Here and throughout the book they constantly bring you back to reality by refuting myths common in "security theater" and give you the best advice, with enough background to understand why it works. One particularly sobering moment was the sweeping dismissal of biometric authentication because of the myriad (often foolishly simple) flaws that can defeat even über-expensive fingerprint readers, retina scanners, etc. In the next two hundred or so pages the give you just enough instruction about IPSec, 802.1X, two-factor authentication and server/client hardening to help you understand the critical pieces of theory and find the detailed implementation instructions for yourself. You'll feel like you finally know the reasons to do all these things instead of just getting a litany of the individual steps to implement a particular setting or policy. Microsoft has published a lot of dry technical guides on every registry setting and tweak imaginable; these guys tell you the background information of why any of this stuff matters and they do it in a winsome, often satirical way that makes you want to keep reading.

The key concepts I took from reading this book were: a healthy skepticism about merely doing tweaks or checklists that have an air of sophistication but don't actually improve security; a sense of empowerment about how to untangle my network from a web of dependencies caused by shared service accounts (they even provide a handy utility to make their advice doable); and renewed sense of encouragement that least-privilege is actually obtainable. They end each chapter with an immediate call-to-action that addresses the most important steps you can take to do the most good quickly. If you can force yourself to do these challenging tasks for every area they address, you'll be well on the road to a more secure installation.

I rarely ever pick up a book that I find absolutely amazing but recently I purchased this book and I think it is quite possibly the best book out there on security for Windows-based networks. I cannot strongly enough encourage everyone to pick up a copy of this book.

I picked up this book because I noticed it was authored by Steve Riley. If you've ever done anything with IPSec on Windows you've probably run across articles by Steve Riley on Microsoft's site. While both the authors are Microsoft employee's, this book, as you will note, is not a Microsoft Press book and I assume the authors did this so they could speak more freely about security and not be obligated to follow standard MS security rhetoric.

A few things make this book an absolute standout amongst other security books. First, the tone of the book is very casual. The book is written primarily as a discussion between you and the authors. Typically, security material is very dry to say the least. I found their writing style so easy to handle that I read this book for 4 hours the first time I picked it up.

The subtitle of this book is "From Perimeter to Data". It totally lives up to that description. The book addresses security at every level including wired and wireless network security, VPN security, server security, desktop security, and application security. They also talk extensively about identifying attacks and methodology used to perform attacks against these different levels.

One of the most wonderful things about this book is that the authors dispel many of the commonly assumed idea's about what is good security. They go over specific security settings in Windows and tell you what's good and bad about them. They actively write about many commonly cited security principles and provide good strong arguments for why they are useless. As examples, they make a strong argument against using account lock-out. They ridicule disabling SSID's in wireless environments. They also point out the faults of using such common settings as "clearing the page file on shutdown" and "crash on audit failure" features.

Another invaluable topic they discuss is what specific security settings can break. They go through most Windows security settings and tell you exactly what you can expect to break if you turn them on or off. If you need to ever justify why your network design calls for a particular security setting then this book would provide all the ammunition (with technical explanations) for why you would or would not use a particular security setting.

They provide a lot of IPSec guidance in this book as well. If you've ever done IPSec then you probably understand that it's a feature that can be fairly complex to implement. They don't teach you IPSec but they have many examples of how to configure IPSec rules. They're examples are all complete and spell out exactly what they will do. Notably, they have a well detailed rule set for using IPSec in a domain environment. They also talk about some of the pitfalls and limitation of IPSec such as problems joining computers to domains in environments that use IPSec and also why you cannot use IPSec for most functions on domain controllers.

A lot of time is spent on discussing password policy. They rip apart commonly used password policy schemes and spell out models for password policies that are both functional and easy to manage. They back up their argument with mathematical models to explain why common password policies are more of a problem then a solution.

There are many other wonderful things I could say about this book but I'm sure if you've read this far then your probably bored of me by now so I'll end here with another strong endorsement "BUY THIS BOOK IF YOU WANT A SECURE WINDOWS NETWORK!!!"