Windows(R) XP Professional Security [Paperback]

Chris Weber (Author), Gary Bahadur (Author)

Book Description

ISBN-10: 0072226021 | ISBN-13: 978-0072226027 | Publication Date: October 23, 2002

"Windows XP Professional Security" provides IT professionals with comprehensive security coverage of Microsoft's popular new operating system, Windows XP Professional.

Editorial Reviews

From the Back Cover

"This book is the operator's manual for Windows XP security--don't boot up without it." --Joel Scambray, Senior Director of Security, Microsoft MSN, and best-selling author of Hacking Exposed, Hacking Exposed Windows 2000, and Hacking Exposed Web Applications

"The authors clearly demonstrate a master's understanding of the Windows operating system that is certain to make this a 'must-have' book." --Stephen Northcutt, SANS Institute

Get comprehensive security coverage of Windows XP Professional--the most security-focused Microsoft OS yet--from this definitive resource. Learn how default security has been strengthened and how familiar security features from Windows 2000 have been completely reworked, including options to restrict anonymous access, redefine the "Everyone" group, force Guest network logons, utilize blank password restrictions, and much more. Also, the new and enhanced security features of Windows XP, including Software Restriction Policies, Internet Connection Firewall, Group Policy, and wireless networking are covered in detail. This comprehensive reference will be invaluable in your daily work with Microsoft's newest security technologies. Don't miss this chance to fully understand Windows XP security in a Windows 2000 or Windows .NET domain.

• Configure security policies effectively
• Manage GPOs in mixed Windows XP and Windows 2000 environments
• Uncover the registry inside and out with need-to-know security lockdowns and hacks
• Utilize new EFS features with learned best security practices
• Overcome wireless threats using IPSec and 801.1x practical solutions
• Understand how the .NET Framework implements policies across managed code
• Work with Active Directory, Group Policies, and IPSec using the new features available in Windows XP and Windows .NET
• Reveal powerful new Software Restriction Policies in action using practical examples
• Prevent DoS attacks through firewall best practices and the new ICF and ICS
• Get problem-solving techniques and methodologies for penetration testing and incident response

About the Author

Gary Bahadur co-founder and Chief Information Officer of Foundstone Inc (http://www.foundstone.com), has been providing security consulting and training services to Foundstone's clients for the past two years and implements the technical infrastructure necessary provide services to Foundstone's clients. Prior to starting Foundstone with his partners, Mr. Bahadur performed security consulting and training services for Fortune 500 companies for Price Waterhouse and Ernst & Young. Mr. Bahadur has been involved with numerous ethical hacking tests and network reviews covering various firewalls, UNIX, Windows NT, Novell networks, Web servers, Internet connectivity and SAP security during the past 7 years. Mr. Bahadur has helped develop the methodologies for network security reviews and security classes. He is a frequent speaker at security conferences and writes for a number of security related publications including Information Security Magazine and SysAdmin Magazine. Mr. Bahadur holds a Bachelor of Science degree in Information Systems / Finance from New York University and is a Certified Information Systems Security Professional (CISSP). Chris Weber is a Security Consultant at Foundstone, Mr. Weber is adept in many facets of Information Technology and secure network computing. He has performed numerous ethical hacking tests, security architecture reviews, and secure application analyses. Prior to Foundstone, Mr. Weber worked for VisionAir, performing enterprise network assessments and mission critical system implementations for some of the largest Police and Sheriff departments in the USA. Mr. Weber's public work includes course development and advisory board membership at the SANS Institute. He has also been a security tutorial honoraria speaker at the USENIX 10th Annual Security Symposium in 2001, and a co-instructor at Computer Security Institute's 2001 Network Security conference in New Orleans.

Product Details

• Paperback: 416 pages
• Publisher: McGraw-Hill/OsborneMedia (October 23, 2002)
• Language: English
• ISBN-10: 0072226021
• ISBN-13: 978-0072226027
• Product Dimensions: 9.3 x 7.4 x 1 inches
• Shipping Weight: 1.9 pounds (View shipping rates and policies)
• Average Customer Review: 5.0 out of 5 stars  See all reviews (4 customer reviews)
• Amazon Best Sellers Rank: #731,338 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

8 of 8 people found the following review helpful:

5.0 out of 5 stars Hardly a wasted word in this comprehensive guide to XP, January 22, 2003

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Windows(R) XP Professional Security (Paperback)

"Windows XP Professional Security" (WXPPS) is a great way to learn about the newest technologies produced by the software engineers in Redmond. Although the "Windows XP" title suggests a focus on desktops, WXPPS is about enterprise strategies. It's surprising so much useful information can be packed into 400 pages.

Good administration-oriented security books teach more than proper system configuration. They illuminate the inner workings of the operating system and explain why certain strategies work best. WXPPS doesn't just list OS settings; it explains what they mean and how they have consequences. No detail is too small, such as explanations of the various registry "Run" keys in ch 3 or the changes to "RestrictAnonymous" in ch 6.

Those who consider Windows XP to be a cosmetic upgrade to Windows 2000 will be surprised by what WXPPS offers. The book explains several administrative and security enhancements, like Software Restriction Policies (SAFER) in ch 2 or IIS 5.1 in XP and 6.0 in Windows Server 2003 (formerly .NET Server). Active Directory is more closely tied to security than ever before, and WXPPS explains how Windows XP Group Policy Objects can be managed within a Windows 2000 domain. The Active Directory "crash course" in ch 11 does a good job bringing the reader up to speed on this crucial Windows component.

I have few criticisms for this book. A walk-through for configuring IPSec would have been helpful, since the Windows implementation of IPSec tunnels via "wizards" seems clunky. Otherwise, I was happy with WXPPS' ability to introduce administrative or technical material as background, then proceed to explain security implications. The wireless section (ch 9) was particularly strong in this respect.

I've added this book to my "Digital Security System Administration" Listmania list, and recommend those interested read a copy. Like Joel Scambray says about WXPPS -- "Don't boot up without it!" I look forward to the Windows 2003 Server edition, should one be published.

5 of 5 people found the following review helpful:

5.0 out of 5 stars a must-have security reference for Windows 2000/XP/.NET, November 15, 2002

By A Customer

This review is from: Windows(R) XP Professional Security (Paperback)

This book covers security for most of Windows 2000/XP/ and .NET. There are many topics inside including internal registry security, wireless security practices, the new Software Restriction Policies, information about Active Directory security and Group Policy, and much more detailed info on the internal security workings of Windows. Each of the security settings/options are explained with examples including the upgraded RestrictAnonymous, ICF, and IPSec. IIS 5.1 is explored as well as .NET's wholly redesigned IIS 6.0. In chapter 11, the authors clearly explain some interesting caveats you should definitely know about managing Windows XP in a Windows 2000 domain. Many of the new features in XP/.NET are introduced, including new tools, and security recommendations from folks who do this stuff on a daily basis.

4 of 4 people found the following review helpful:

5.0 out of 5 stars Great Resource, November 15, 2002

By 

Jason J Dorst (Nashville, TN) - See all my reviews

This review is from: Windows(R) XP Professional Security (Paperback)

The authors dont just provide how to info, but also why things work like they do, its heavy on internals and how to's
I'm a systems administrator and it really helped me with my group policy designs, and my wireless network setup. This book is definitive resource for all windows security, and gets into more than just xp, including 2000 and .NET.