Oh No, Not Another Windows 2000 Security Book

One that gets it right — mostly.

Remember when finding documentation on Windows NT security was hard to do? Remember when securing anything became hot? Eventually we were treated to numerous books on Windows NT security—many of which didn’t tell us much.

Fast forward to the new millennium and a new version of Windows—Windows 2000. Now here’s an operating system with lots of security features right up front and in your face, and documentation abounds. There’s copious material on the Web sites, certification guides, test preps, even an Official Microsoft Curriculum course. Then there’s a Win2K security tome written by every known security guru (and quite a few unknowns). Thousands of pages. Some quite informative, some lacking in information. There are some authors who thought their extensive knowledge of Windows NT security would be enough to get them through (it wasn’t), some who struggled with the concepts, and some who got it right.

Windows 2000 Security Handbook, by Philip Cox, Tom Sheldon and others, is one that gets it right—mostly.

This isn’t just another Win2K Security book. It’s full of important, well-organized information. Part 1, Security 101, covers security in general, including short sections on threats, countermeasures, policies and management. Part 2, Win2K Security, presents an overview of the Win2K architecture and the basic security subsystem, user groups, authentication and authorization, along with network protocols and Win2K-specific risks and solutions. Part 3 focuses on securing Win2K. Here you’ll find an introduction to Active Directory, information on group policies, user and group security management, logon and authentication, file system and share security, and auditing. Part 4 moves on to network issues and includes defensive strategies including firewalls, proxy servers, remote access, VPNs, client security and enterprise security. Finally, Part 5 offers chapters on securing IIS, fault tolerance and hardening Win2K, which is really instructions on how to bring up a hardened server. If you want a book that introduces the panoply of topics that is info security look no further.

Both the principal authors have a long history of work with Windows products and are well known in the field. Also, it’s obvious they’ve invested time and energy in studying the new OS. However, even though the book’s been released more than a year after the product, there isn’t much “lessons learned” information included. The exception is the chapter on hardening Win2K, in which the authors caution would-be implementers that the suggestions might break a production server. Good. I would, however, have liked to see some backup for some recommendations. For example, page 662 lists essential Win2K services and recommends disabling all others, then only enabling the other services if necessary. However, it doesn’t say what these claims are based on—an article by Microsoft? (I can’t find one.) Private conversations with helpful contacts at same? Extensive research? Educated guesses? I’d like to take the information on faith—but I’ve been thrown once too often when riding that particular horse. This is invaluable information, and I wish there was more of it (and that it was better supported).

You can also find updated and additional information on the book’s Web site. The book refers to an appendix on Win2K services but doesn’t include one. You can find it at http://www.osborne.com/networking_comm/0072124334/0072124334.shtml along with a document on PKI.

In sum, this is a good overall introductory book. It seeks to cover an immense amount of ground and thus covers few topics in detail. I’m a little unhappy that a book published long after the introduction of Win2K improperly defines Native and Mixed mode domains, but a correction is, however, posted to System Experts web site.

About the Author

Roberta Bragg, MCSE: Security, CISSP, Security+, and Microsoft MVP is a Redmond contributing editor and the owner of Have Computer Will Travel Inc., an independent firm specializing in information security and operating systems. She's series editor for Osborne/McGraw-Hill's Hardening series, books that instruct you on how to secure your networks before you are hacked, and author of the first book in the series, Hardening Windows Systems.


  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.