Comments about O'Reilly Media Securing Windows NT/2000 Servers for the Internet:

I have just finished up the migration for our external web site form NT4 to Windows 2000. And of the plethora Windows 2000 Security Books on my Shelf this is the only book I would recommend. It is the only book I found, that explains in detail the processes you go through to develop secure Internet Servers. I have read in from cover to cover at least 3 times during the migration.

Comments about O'Reilly Media Securing Windows NT/2000 Servers for the Internet:

After digging through countless books on securing and maintaining WinNT/2K servers which are nothing more than rehashes of Microsoft tech notes and other material, this book is a godsend. Most other books seem content in the assumption that the Microsoft security procedures themselves are sufficient, and working within the framework is the best solution. Norberg rather follows the age old security practices of system minimalization and "bare metal" hardenning. For anyone coming from a UNIX background and frustrated with the seeming dependence on "full systems" advocated by most Microsoft security books, this book is just what the doctor ordered. Direct, useful, and enlightening, this book more than lives up to its O'Reilly name.

Comments about O'Reilly Media Securing Windows NT/2000 Servers for the Internet:

This is an excellent book for anyone running an Internet-accessible Windows server. It focuses on perimeter "bastion hosts," but most of the tips are applicable if you just have a single machine running IIS as we do. Unfortunately the only advice on IIS itself the author gives is to install the latest security patches. (Well, that's not quite true. He also advises not running it unless absolutely necessary.) I also dilike his advice on installing Cygwin dlls and binaries in the Windows SYSTEM directory--a non-standard practice which will get you flamed on the Cygwin mailing list if you have any problems. I'd recommend installing Cygwin in c:\cygwin instead. It's easier to find and what Cygwin developers expect.

Comments about O'Reilly Media Securing Windows NT/2000 Servers for the Internet:

This is an excellent book, not only from the perspective of NT/2000 security, but also in presenting many IT security ideas in a clear way, easy to understand but nonetheless thorough.

Comments about O'Reilly Media Securing Windows NT/2000 Servers for the Internet:

An extremely informative book on this complex subject. Not just a collection of recipes like many other Win2K security books, here you understand what and why. As usual with O'Reilly : concise, precise, complete, crystal clear. Recommended.

Comments about O'Reilly Media Securing Windows NT/2000 Servers for the Internet:

Securing NT is difficult. While there are a handful of books that promise to tell you everything

you need to know, they have so far been disappointing. But with the publication of Securing

Windows NT/2000 Servers by Stefan Norberg, this is no longer true. Norberg explains simply

what the issues are, how to resolve the problems, and he offers his advice, based on

experience, on how best to tackle the problem.

Chapter 1 is especially good. Norberg gives you a broad overview of the security threats you

need to guard against, what you need to build a secure site, the design and security issues

facing NT and W2K (Norberg is quite critical of the design of NT), the problems you will face

putting NT/W2K servers on the Net, and the basics of cryptography. You won't be an expert

in anything after reading this chapter, but you will have a broad understanding of the issues

involved in securing a network, which will help you understand better the later, more detailed,

chapters.

Building an NT Bastion Host is the subject of Chapter 2. A bastion host is a very secure server

that provides a service to people on the Net. After reading this chapter you'll know everything

you need to know about building an NT bastion host and most everything you need to know

about doing the same for W2K. W2K is sufficiently similar with NT that most all of the base

steps are the same; however, there are some differences in W2K, and they are discussed in

Chapter 3.

Chapter 4 walks you through building a secure remote administration service for NT using

PCAnywhere, W2K Terminal Services, and open-source tools like SSH.

Chapter 5 is a very brief one, covering backup strategies for NT and W2K from a security

perspective.

Auditing your servers, synchronising the time, remote logging and log management, integrity

checking, and intrusion detection systems are the subject of Chapter 6. While it's short, it does

give you a basic understanding of the issues, how to go about them, and where to look for more

information.

The book ends with Chapter 7, Maintaining your Perimeter Network. Building your network is

the easy part. Maintaining your network to ensure that it remains secure while you add new

services and change existing ones is more difficult.

Appendix A summarises popular ports used by NT, W2K, and various Microsoft server

products like SQL Server and Exchange. It doesn't list ones used by Lotus Domino, for

example, which seems peculiar. Domino is sufficiently popular that more than one or two NT

sysadmins need to worry about it.

Appendix B lists all security-related Knowledge Base articles for NT and W2K. At least, ones

current at the time the book was printed.

After reading the book you'll know most everything you need to know about securing your

Microsoft-based network. It's a lot of work as neither NT nor W2K are secure or nearly secure

out-of-the-box.

But this book is the best to date on the subject, and I cannot recommend it

highly enough.

Comments about O'Reilly Media Securing Windows NT/2000 Servers for the Internet:

Well, I *tried* a pre-publication "review" of this book, based on similar documents on the author's website. But, somebody deleted it. Probably prudent, from the publisher's perspective. Now that the the University of Washington Bookstore has finally gotten me a copy....

Anyhow, this is the equivalent of Will Strunk's and Andy White's _Elements of Style_ for practical Win2K Internet Security. Buy it, read it, read it again, and pass it on.