Windows 2000 (Hacking Exposed) (Paperback)

by Joel Scambray (Author), Stuart McClure (Author)

Editorial Reviews

Amazon.com Review
With a revised Microsoft operating system comes a revised set of security holes and means of attacking them. Hacking Exposed: Windows 2000 presents a snapshot of known Windows 2000 security weaknesses and the tools that have been developed to exploit them, in turn enabling system operators to mount better defenses. This book builds on and contributes to the small but respected Hacking Exposed series, giving network administrators a detailed picture of the threats their Windows 2000 machines face--and all the motivation they should need to install the latest patches right away. Which points out a characteristic of this book: Many of the problems it catalogs are known bugs that shouldn't be a problem if you've installed the latest fixes and have good password and privilege policies. The point: Even with this book on your shelf, keep an eye on the security sites for news of emerging problems.

Joel Scambray and Stuart McClure have chosen to organize their book according to the steps involved in system compromise (identifying a target, gaining access and privileges, using or destroying the system, and so on) as well as by area of vulnerability. In addition to well-written passages that explain general hacking strategies and concepts, the authors devote sections to software (meaning native Windows commands, tools that are part of the Windows NT/2000 Resource Kit, as well as external software). Sometimes, they'll just offer a description, but most of the time, the authors present a step-by-step guide to carrying out the exploit at hand. This is a valuable book that every Windows 2000 expert should read closely. --David Wall

Topics covered: How to break into a Windows 2000 system and, by extension, how to go about defending against attacks. Sections deal with tools for locating victim systems, gaining access to them, and either damaging them, overloading them, or using them as bases for further attacks. The authors also highlight the weaknesses in Windows 2000 services, including Internet Information Services (IIS) and Microsoft SQL Server.

Product Description
From the best-selling co-authors of the world-renowned book, Hacking Exposed, comes Hacking Windows 2000 Exposed. You'll learn, step-by-step, how to defend against the latest attacks by understanding how intruders enter and pilfer compromised networks and weaknesses in password encryption, domain control, Web and IIS 5 communications, LM/NTLM protocols, Active Directory, NetBIOS services, and much more.

See all Editorial Reviews

Product Details

• Paperback: 500 pages
• Publisher: McGraw-Hill Companies; 1st edition (August 29, 2001)
• Language: English
• ISBN-10: 0072192623
• ISBN-13: 978-0072192629
• Product Dimensions: 9.2 x 7.4 x 1.2 inches
• Shipping Weight: 2.4 pounds (View shipping rates and policies)
• Average Customer Review: 4.9 out of 5 stars See all reviews (23 customer reviews)
• Amazon.com Sales Rank: #813,063 in Books (See Bestsellers in Books)

  Popular in this category: (What's this?)

  #43 in

  Books > Computers & Internet > Home Computing > Internet > Web for Kids

Customer Reviews

Most Helpful Customer Reviews

25 of 28 people found the following review helpful:

5.0 out of 5 stars The "Hacking Exposed" series scores a hat trick, October 10, 2001

By	Richard Bejtlich "TaoSecurity.com" (Washington, DC) - See all my reviews (TOP 500 REVIEWER)    (REAL NAME)

I am a senior engineer for network security operations. I read "Hacking Exposed Windows 2000" ("HEW2K") to learn how adversaries compromise Windows hosts. Like the original "Hacking Exposed" (now in a third edition) and the newer "Hacking Linux Exposed," HEW2K delivers no-nonsense, high-impact security information. I give all three books my highest recommendation.

Having read the original "Hacking Exposed" in Oct 99, I knew the authors possessed strong Windows security and administration skills. HEW2K gives the Foundstone crew a way to share their knowledge with the world. Thankfully, HEW2K doesn't repeat information found in the general-purpose "Hacking Exposed." For example, HEW2K covers Windows-specific denial of service issues, but directs readers to "Hacking Exposed, Third Edition" for a broader description of DoS. The same approach is taken with social engineering and dial-up security.

The "Hacking Exposed" series differ from the "Maximum Security" and "Hack Proofing" titles. While the latter are predominantly defensive-minded, HEW2K and its cousins are more offensive in nature. Vulnerability assessors and penetration testers will appreciate this focus. I was able to immediately apply tools and techniques in HEW2K to discover at-risk hosts on client networks.

HEW2K continues to offer the best combination of command-line examples, screen shots, and sample output of any security books I've read. I could literally read, type commands, and check results against the material in HEW2K. Furthermore, HEW2K covers topics given little attention elsewhere; these include attacking and defending SQL Server, Terminal Services, and client applications. HEW2K also gives enough background on each topic, like ISAPI filters or ASP, to give unfamiliar readers enough context to understand security implications of these technologies.

HEW2K is another must-buy from Osborne McGraw-Hill. As Foundstone principles, the authors ride the cutting edge of security developments. They recognize and communicate that application security (IIS, SQL Server, etc.) is the target of choice as administrators lock down layer 4 and below. With its clear methodology, expert explanations, and inside tips, HEW2K easily differentiates itself from the pack. We readers benefit, and hopefully our adversaries will not.

(Disclaimer: I received a free review copy from the publisher.)

11 of 11 people found the following review helpful:

5.0 out of 5 stars Excellent and timely, September 10, 2001

By	Simple Nomad (Arlington, TX United States) - See all my reviews

Extremely well organized and presented in an easy-to-grasp way, Hacking Windows 2000 Exposed will have the novice's jaws dropping, yet even the seasoned Win2K expert will raise an eyebrow (or both). The latest hacks and cracks are explained in detail, allowing the admin to really and truly see what they are up against and why security is so important to ANY computer attached to a network. I highly recommend that before you attach a Windows 2000 system to the Internet, read this book and test your system's security fully -- before an unwanted intruder does.

12 of 13 people found the following review helpful:

5.0 out of 5 stars One of the few GREAT Win2k Books of all time!, February 4, 2002

By	Thomas W Shinder (Dallas, TX United States) - See all my reviews

I've read a number of Win2k Security and hacking books, and up to this point have been uniformly unimpressed. Most of these books talk about the theory behind various security concepts, such as how Kerberos works, how IPSec works on the packet level, etc. While this is important information, it doesn't help the working network engineer and admin with the practical aspects of securing the enterprise network.

Hacking Exposed Win2k breaks the mold for Windows Security books. Every few pages you'll find an Aha! experience. I'm happy with a book that provides one or two of these. This book has hundreds of them! You can use the information IMMEDIATELY. You don't have to translate "propeller head" language into action. They give you the actions in plain English.

What's truly remarkable is that these guys *are* propeller heads, but can write so a normal person not only understands, but enjoys, what they have to say! A very rare talent.

EVERYONE who runs a Win2k network needs this book. Get it and you'll not be disappointed. I'd give it 10 stars if I could.