Securing Windows NT/2000 Servers for the Internet [Paperback]

Stefan Norberg (Author)

Book Description

Publication Date: November 2000 | ISBN-10: 1565927680 | ISBN-13: 978-1565927681 | Edition: 1

In recent years, Windows NT and Windows 2000 systems have emerged as viable platforms for Internet servers. More and more organizations are now entrusting the full spectrum of business activities--including e-commerce--to Windows.

Unfortunately, the typical Windows NT/2000 installation makes a Windows server an easy target for attacks, and configuring Windows for secure Internet use is a complex task. Securing Windows NT/2000 Servers for the Internet suggests a two-part strategy to accomplish the task:

• "Hardening" any Windows server that could potentially be exposed to attacks from the Internet, so the exposed system (known as a "bastion host") is as secure as it can be.
• Providing extra security protection for exposed systems by installing an additional network (known as a "perimeter network") that separates the Internet from an organization's internal networks.

Securing Windows NT/2000 Servers for the Internet is a concise guide that pares down installation and configuration instructions into a series of checklists aimed at Windows administrators. Topics include:

• Introduction--Windows NT/2000 security threats, architecture of the Windows NT/2000 operating system and typical perimeter networks.
• How to build a Windows NT bastion host.
• Configuring Windows and network services, encrypting the password database, editing the registry, setting system policy characteristics, performing TCP/IP configuration, configuring administrative tools, and setting necessary permissions.
• Differences between Windows NT and Windows 2000 security including IPSec (IP Security Protocol) configuration.
• Secure remote administration--SSH, OpenSSH, TCP Wrappers, the Virtual Network Console, and the new Windows 2000 Terminal Services.
• Windows NT/2000 backup, recovery, auditing, and monitoring--event logs, the audit policy, time synchronization with NTP (Network Time Protocol), remote logging, integrity checking, and intrusion detection.

Administrators who carefully follow the detailed instructions provided in this book will dramatically increase the security of their Windows NT/2000 Internet servers.

Editorial Reviews

About the Author

Stefan Norberg is an independent network security consultant based in Stockholm, Sweden. Before becoming an independent contractor, he worked for Hewlett-Packard Consulting, where he built everything from large firewalls to highly available Unix clusters. During the last couple of years, he has spent most of his time designing and implementing Internet firewalls using building blocks like Cisco IOS, HP-UX, Linux, and Windows NT/2000. Every now and then, he enjoys teaching Windows NT/2000 classes. Stefan is an MCSE+Internet and Microsoft Certified Trainer. When he finds spare time, Stefan enjoys spending it with his wife Marianne and daughter Matilda.

Product Details

• Paperback: 216 pages
• Publisher: O'Reilly Media; 1 edition (November 2000)
• Language: English
• ISBN-10: 1565927680
• ISBN-13: 978-1565927681
• Product Dimensions: 9.2 x 7 x 0.6 inches
• Shipping Weight: 1 pounds (View shipping rates and policies)
• Average Customer Review: 4.1 out of 5 stars  See all reviews (11 customer reviews)
• Amazon Best Sellers Rank: #1,910,067 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

18 of 18 people found the following review helpful:

5.0 out of 5 stars Excellent NT/2000 Security Resource, December 14, 2000

By 

Michael C. Forrester (Lakewood, CO United States) - See all my reviews

This review is from: Securing Windows NT/2000 Servers for the Internet (Paperback)

Stefan Norberg wrote one of the first good securing NT documents that were available on the Internet. This book takes that paper to the next level. I have read and researched quite a bit on securing NT/2000 and from what I've read so far (not quite done yet), I consider this one of the best resources. The section on installing SSH on NT is extremely helpful for those who have not tackled that beast before. Norberg's original paper was considered by many (including myself) to be essential reading for anyone concerned with NT/2000 security. This book is even better and should be a part of the library of any responsible NT/2000 admin.

15 of 15 people found the following review helpful:

4.0 out of 5 stars A must for any Windows NT/2k admin wanting to stay employed, July 28, 2001

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Securing Windows NT/2000 Servers for the Internet (Paperback)

I am a senior engineer for network security operations. I read "Securing Windows NT/2000 Servers for the Internet" (SWNS) to better advise clients on secure configuration of their Windows platforms. Stefan's wonderful book is a testament to the fundamental insecurity of stock Windows platforms. Luckily, his advice transforms vulnerable systems into bastion hosts suitable for deployment on the hostile Internet.

SWNS' key insight is the need to cripple many default Windows services in the interest of security. These troublesome "features" include NetBIOS, the Workstation service, the Server service, and others. In fact, after creating a bastion host, Stefan says "there's no way of administering it remotely!" (This is the case because NT's standard remote admin tools, like Event Viewer and Server Manager, require RPC using NetBIOS.) Thankfully, Stefan provides several options for secure remote administration, like pcAnywhere, Windows 2000 Terminal Services, and open source alternatives (Secure Shell, Virtual Network Computer, etc.)

I concur with an earlier review noting the lack of attention for Microsoft's IIS web server. Hundreds of thousands of Windows machines were recently compromised by the "Code Red" worm, demonstrating two facts. First, Windows is frequently used to host web servers. Second, IIS is frequently deployed insecurely. A second edition of SWNS should add a chapter on configuring IIS. I was also unhappy with Stefan's dismissal of intrusion detection technology in chapter six. He should try the Windows port of the open source Snort IDS.

Overall, SWNS is a must-buy for Windows administrators. The book is a quick read, but it explains many aspects of the internal workings of Microsoft's premier operating systems. As the title implies securing "servers" and not just the underlying operating system, future editions should discuss proper deployment of popular applications for Windows NT/2000, like IIS and Exchange.

14 of 14 people found the following review helpful:

4.0 out of 5 stars Great server security info here for smaller environments, January 7, 2001

By 

Rob (Seattle, WA USA) - See all my reviews

This review is from: Securing Windows NT/2000 Servers for the Internet (Paperback)

I have been waiting for a book like this for quite a while. For anyone interested in securing W2k Internet servers this book has some excellent advice. The networking security tips are particularly useful and relevant. I was disappointed that there was not more IIS specific security information, given that most W2K servers on the Internet are running IIS. Also, as the author himself points out, much of the changes he is proposing to harden servers are not practical in an enterprise-sized environment. By hardening servers as he describes you loose much of the scalable administration NT and W2K where built around. I would not want to implement the majority of these changes on a production environment of more than 30 or so servers for that reason. I also would not put pcanywhere on any production server as a way to get around just having disabled the functionality of the native remote administration tools. Having said all that, buy this book if you are responsible for securing your Microsoft servers. There is enough great information here to make it well worth it.