Customer Reviews

Windows 2000 Security Handbook

5 star:		(6)
4 star:		(1)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

I am a senior engineer for network security operations. I read the Windows 2000 Security Handbook (W2KSH) to learn how to advise clients on improving the survivability of their Windows 2000 platforms. Like its predecessor, Tom Sheldon's excellent "Windows NT Security Handbook," W2KSH delivers practical content in a digestable format. I recommend Windows 2000 system administrators read and heed this book.

Good operating system security books are thorough, educational, and honest; W2KSH is all three. The authors are not mindless Microsoft prophets -- consider this sample from page 501: "It seems that Microsoft just does not get it when it comes to the need for robust auditing/logging of services... the logging configurations are totally inadequate." To deal with these and other deficiencies, W2KSH provides installation, configuration, and deployment recommendations. This advice, on topics like Active Directory, user and group management, and file systems, equips system administrators to survive hostile network environments.

As an intrusion detector, I was most happy to read how the Microsoft security model operates, and what components present the greatest vulnerabilities. I appreciated explanations of system and discretionary access control lists, and how to effectively employ them. I learned Microsoft includes Web, FTP, SMTP, and NNTP features in Internet Information Service (IIS). I also became aware of best practices for secure deployment of a Microsoft infrastructure.

W2KSH has a few problems. Like Microsoft products, its "backwards compatibility" revealed weaknesses. For example, some text was lifted directly from Shelton's earlier book, but necessary background material was omitted (see pages 86, 88-90, 148). This issue was awkward but minor. I also did not leave the book with a strong understanding of the different types of groups in Windows 2000. Such complexity is not the authors' fault. They show that the OS' dozens of options leaves plenty of room for misconfiguration, leading to compromise.

If you're familiar with general security practices, skip Part I (TCP/IP, threats, countermeasures, and policies). I recommend the authors mention these topics briefly in the introduction and move the bulk to appendices. Start with Part II, and keep your highlighter handy. W2KSH gives balanced insight into the workings of Windows 2000, and helps system administrators and security personnel better understand the opportunities and liabilities of running this operating system.

I've read many books on Windows NT and Windows 2000 security. Most did not live up to my expectations. They were difficult to read and you needed a Computer Science/Engineering degree to understand them. In my opinion, this book is THE best book on Windows 2000 Security. Mr Cox and Mr Sheldon wrote a very easy to read, easy to understand, and most importantly, an easy to follow recipe for securing your Win2K systems. This book should be in every adminstrator's library. If you don't have this book, you deserve to be hacked! I teach system security, and this book is a valuable tool and resource, not just for me, but for my students. This is money well spent!...

The "Windows 2000 Security Handbook" is an excellent book! Not only is it a good book to learn the nitty-gritty details of Win2K OS and network security, but the first section of the book is a great overview of security in general (Win2k and non-Win2K). For someone who is just getting involved with Win2K security, the book is a must. It has both a good theoretical and practical focus; not only do you get the explanations of of the various Win2K security elements, but you get a step by step guide on how to configure each one. The book is also an excellent reference for those already experienced in Win2K. Very comprehensive and well organized.

Phil Cox has written a lucid and thorough book covering virtually all aspects of Windows 2000 Security. This book presents both discussions of important security concepts as well as practical techniques and activities necessary to securing a system/network. This is an important reference that should be on every system administrator's bookshelf.

Can you imagine a book on Operating System Security actually being a good read? This one is just that!
As a SQL Database guy finishing up my MCSE 2000 with the "Win2K Security Design - 70-220" exam, I sought, and found, a resource to solidify and integrate all of the Win2K security concepts covered in earlier exams. I sought a book that was very readable, and I was willing to allow that, by itself, it need not be completely exhaustive as a MCSE exam #70-220 study guide.
Bottom Line: This book was a home run for me. My comfort level with concepts of IPSec, PKI, EFS, threat types, auditing and firewalls has risen remarkably. On the down side, the book is relatively basic and the fairly lengthy coverage of Active Directory, group policies, etc., may be overly ambitious for this book, and is probably better learned elsewhere in a dedicated AD book. In a larger sense, however, this book really delivered the goods, as specified above.

Now I need to identify another resource with which to complete my Security Design studies.
As a sidebar, I have found the first 75 pages of Coriolis' "Exam Cram: Win2K Security Design" to be so full of wordy fluff-speak as to abandon it.

Cox & Sheldon take a lot for granted - Their book is great if you're studying for the MCSE or have any kind of networking background but if you're new to group policy, domains and OUs and the like, then it's likely going to be a struggle to read. I gave the book 5 stars because eventually, through hands on, self-taught trial & error on my own system, I was able to master some of the basic security concepts. If you're a lazy n00b and you don't have any kind of initiative or a mentor, then don't waste your time or money with the book.

As a contributing reviewer of this book, I have an obvious bias. Having said that, as a frequent reviewer for many different publishers the reason I was willing to invest my time on this book is because it is extremely focused on practical insights and recommendations. As a practicioner of giving security advice to Fortune 500 companies, I think it is extremely important to encourage practical activities that help to actually foster making people's resources more secure.

This book meets all of those goals: it is practical, easy to read, easy to imitate in executing commands, and it makes my resources more secure.

For those who do reviews, you know it's NOT done for the money: it's for the love of the topic and the field that you are in.

Phil, in particular, and his co-author Tom have put together a tremendously useful book in that it covers many different important Windows 2000 areas in ways that you can appreciate and more importantly, actually know what to do!