BKSWN2SI.RVW 20010320 "Securing Windows NT/2000 Servers for the Internet", Stefan Norberg, 2001, 1-56592-768-0, U$29.95/C$43.95 %A Stefan Norberg stefan@norberg.org http://people.hp.se/stnor %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2001 %G 1-56592-768-0 %I O'Reilly & Associates, Inc. %O U$29.95/C$43.95 800-998-9938 fax: 707-829-0104 nuts@ora.com %P 199 p. %T "Securing Windows NT/2000 Servers for the Internet" This book is based on the paper "Building a Windows NT bastion host in practice," which is available on the author's Web site. The title of the essay is much more accurate than the title of the text. The work is concerned strictly with bastion hosts, and does not address, in more than a nominal way, considerations of applications that are necessarily part of any Internet server. Chapter one takes a brief, scattered, and not very clear look at a number of issues related to Windows and/or security. This disregard for background information extends into chapter two. Having presented an extensive list of services to turn off, Norberg tells us that "[you now] understand the purpose of all active software components on the host." The irony of this bald assertion stems from the fact that there has been little discussion of why these services are to be turned off, and what you lose along the way. (Further, for those new to Windows NT or 2000, there is no indication of how to accomplish the task of reduction.) Once we get into more advanced tuning there is slightly more information, but not much. The material on the differences in Win2K, contained in chapter three, does present a bit more detail on how to accomplish the restrictions. Chapter four describes a number of software tools that will encrypt sessions to be used for remote administration, but does not deal with system management itself. The standard advice you always read about backups ("make one") is repeated in chapter five. Chapter six reviews auditing and logging, with, for some unknown reason, four times as much space devoted to network time synchronization as to intrusion detection. "Maintaining Your Perimeter Network" is the title of chapter seven, but it seems to be a return to the same kind of catchall discussion that started the book. In the Preface, Norberg does state that the book is not intended as a primer for security, or even for Windows security. The text is written as a kind of a checklist for those thoroughly familiar with NT or 2K. There is, of course, nothing wrong with such an approach, and those in the target audience will appreciate the brevity of this concise guide. The approach does, however, severely limit the utility of the work. Chapter two (and three, if you are using Win2K) is the heart of the book, and the rest seems to be an attempt to expand the text to more than pamphlet length. copyright Robert M. Slade, 2001 BKSWN2SI.RVW 20010320