Securing Windows Nt/2000 Servers for the Internet: A Checklist for System Administrators
In recent years, Windows NT and Windows 2000 systems have emerged as viable platforms for Internet servers. More and more organizations are now entrusting the full spectrum of business activities--including e-commerce--to Windows. Unfortunately, the typical Windows NT/2000 installation makes a Windows server an easy target for attacks, and configuring Windows for secure Internet use is a complex task. Securing Windows NT/2000 Servers for the Internet suggests a two-part strategy to accomplish the task: "Hardening" any Windows server that could potentially be exposed to attacks from the Internet, so the exposed system (known as a "bastion host") is as secure as it can be. Providing extra security protection for exposed systems by installing an additional network (known as a "perimeter network") that separates the Internet from an organization's internal networks. Securing Windows NT/2000 Servers for the Internet is a concise guide that pares down installation and configuration instructions into a series of checklists aimed at Windows administrators. Topics include: Introduction--Windows NT/2000 security threats, architecture of the Windows NT/2000 operating system and typical perimeter networks. How to build a Windows NT bastion host. Configuring Windows and network services, encrypting the password database, editing the registry, setting system policy characteristics, performing TCP/IP configuration, configuring administrative tools, and setting necessary permissions. Differences between Windows NT and Windows 2000 security including IPSec (IP Security Protocol) configuration. Secure remote administration--SSH, OpenSSH, TCP Wrappers, the Virtual Network Console, and the new Windows 2000 Terminal Services. Windows NT/2000 backup, recovery, auditing, and monitoring--event logs, the audit policy, time synchronization with NTP (Network Time Protocol), remote logging, integrity checking, and intrusion detection. Administrators who carefully follow the detailed instructions provided in this book will dramatically increase the security of their Windows NT/2000 Internet servers.
Format:Paperback
Language:English
ISBN:1565927680
ISBN13:9781565927681
Release Date:December 2000
Publisher:O'Reilly Media
Length:216 Pages
Weight:0.95 lbs.
Dimensions:0.6" x 7.0" x 9.2"
Customer Reviews
5 ratings
Excellent for *nix Admins needing to secure WinNT/2000
Published by Thriftbooks.com User , 22 years ago
As a Solaris/Linux admin, I had no clue how to secure a windows machine. I knew to turn off services I recognized but that is about it. Since we only really use NT for the PDC, the file server, and internal groupware client- I really was not interested in pouring over documentation to secure these boxes. I have too much to do in keeping the frontline unix boxes secure.Norberg introduces the architecture and services and othter things that I really did not know about. He then gives practical suggestions on how to lock down the server. He does state that this is a for a bastion host, so that rules out a web server anyway.However, this book explains the services and what would need turned off, you can then modify this to your needs.This book is a must for any Unix admin that needs to learn about WinNt and security for it. I give this book five stars for being exactly what it says it is.
A must for any Windows NT/2k admin wanting to stay employed
Published by Thriftbooks.com User , 23 years ago
I am a senior engineer for network security operations. I read "Securing Windows NT/2000 Servers for the Internet" (SWNS) to better advise clients on secure configuration of their Windows platforms. Stefan's wonderful book is a testament to the fundamental insecurity of stock Windows platforms. Luckily, his advice transforms vulnerable systems into bastion hosts suitable for deployment on the hostile Internet.SWNS' key insight is the need to cripple many default Windows services in the interest of security. These troublesome "features" include NetBIOS, the Workstation service, the Server service, and others. In fact, after creating a bastion host, Stefan says "there's no way of administering it remotely!" (This is the case because NT's standard remote admin tools, like Event Viewer and Server Manager, require RPC using NetBIOS.) Thankfully, Stefan provides several options for secure remote administration, like pcAnywhere, Windows 2000 Terminal Services, and open source alternatives (Secure Shell, Virtual Network Computer, etc.)I concur with an earlier review noting the lack of attention for Microsoft's IIS web server. Hundreds of thousands of Windows machines were recently compromised by the "Code Red" worm, demonstrating two facts. First, Windows is frequently used to host web servers. Second, IIS is frequently deployed insecurely. A second edition of SWNS should add a chapter on configuring IIS. I was also unhappy with Stefan's dismissal of intrusion detection technology in chapter six. He should try the Windows port of the open source Snort IDS.Overall, SWNS is a must-buy for Windows administrators. The book is a quick read, but it explains many aspects of the internal workings of Microsoft's premier operating systems. As the title implies securing "servers" and not just the underlying operating system, future editions should discuss proper deployment of popular applications for Windows NT/2000, like IIS and Exchange.
Required reading for all NT/2000 Administrator
Published by Thriftbooks.com User , 23 years ago
I run an ASP based on NT and 2000 servers. This book provides real solutions to help minimize your risk of your servers being hacked. I would also recommed the book as a good start for hardening internal file/print/db servers in your corporate LAN/WAN.
Very highly recommended for systems administrators
Published by Thriftbooks.com User , 24 years ago
In Securing Windows NT/2000 Servers For The Internet, Stefan Norberg is designed to assist the experienced users of Windows NT/2000 to protect their computers from Internet intrusion, sabotage, information theft, and other unwanted encroachments. Very highly recommended for systems administrators and the non-specialist general users concerned with security issues, Securing Windows NT/2000 Servers For The Internet covers every aspect of building Windows 2000 security systems is comprehensively presented.
Excellent NT/2000 Security Resource
Published by Thriftbooks.com User , 24 years ago
Stefan Norberg wrote one of the first good securing NT documents that were available on the Internet. This book takes that paper to the next level. I have read and researched quite a bit on securing NT/2000 and from what I've read so far (not quite done yet), I consider this one of the best resources. The section on installing SSH on NT is extremely helpful for those who have not tackled that beast before. Norberg's original paper was considered by many (including myself) to be essential reading for anyone concerned with NT/2000 security. This book is even better and should be a part of the library of any responsible NT/2000 admin.
Copyright © 2025 Thriftbooks.com
Terms of Use | Privacy Policy | Do Not Sell/Share My Personal Information | Cookie Policy | Cookie Preferences | Accessibility Statement
ThriftBooks ® and the ThriftBooks ® logo are registered trademarks of Thrift Books Global, LLC
ThriftBooks ® and the ThriftBooks ® logo are registered trademarks of Thrift Books Global, LLC
