<< 1 >>
Rating: 
Summary: I'm the technical editor for this book...
Review: It's always hard to select a book online- sometimes the description of the book does not really tell you what you want to know. So I'll take this space to tell you a little about the book. What It Is:
If you're interested in a book that is part technical reference, part programmer's guide, and all Windows 2000, then this book is for you. It goes deep enough into each topic to give you a thorough understanding of the feature or concept being described, but does not bog down and put you to sleep like a technical reference. It is not just "fluff" material, however- the material is what I would generally describe as 300 level in terms of technical depth. What It's Not:
If you're looking for a step-by-step guide to hardening a Windows 2000 machine, then you should look elsewhere. This is not a rehash of information you'll find on the Microsoft security site. It is also not <i>just</i> a programmer's guide. There are entire books dedicated just to security programming on Windows NT. However, if you're already familiar with NT security programming, and just want an quick orientation to using the new features of Windows 2000, then this book may be for you.
This book discusses Windows 2000 security from an architectural standpoint, then discusses how to write code to use some of the new features such as CAPI 2.0, and closes with discussions of intrusion detection, penetration testing and security best practices. I personally found the chapter "Writing Secure Code" to be particularly interesting. As a demonstration of insecure coding practices, it actually walks you through constructing a buffer overflow attack against a vulnerable Windows application that you also write. Here's the table of contents: I. Windows 2000 System Basics
1. Windows 2000 Architecture
2. Processes and Threads
3. Security Model
4. NTFS 5.0
5. Services
6. Drivers II. Computer Network Security Foundations
7. Windows Networking Protocols
8. Cryptography
9. IPSec
10. PKI
11. Kerberos
12. X.500 and LDAP III. Network Security in Windows 2000
13. Networking Model
14. Active Directory
15. Authentication
16. SSPI
17. CryptoAPI
18. Certificate Services
19. COM, DCOM, and RPC
20. VPNs
21. EFS
22. DNS, DDNS, & WINS IV. Protecting Youself and Your Network Services
23. Secure Computing Practices
24. Building and Administering a Secure Server
25. Security with High-Speed Full-Time Connections
26. Detecting and Reacting to Intrusions
27. Recent Issues Explored
28. Penetration Testing
29. Writing Secure Code
Rating:
Summary: I met Jeff Schmidt
Review: I met the writer for a job interview, he is a great guy... but who cares? this is a boook review right? I work for a computer emergency response team and we use this book as a "security crash course" and as a hard reference. If you want to know about windows 2000 security this is seriously the book to have. It is very technical and not for script kiddies. If you are just looking for something to use as a basic refresher then skip this, get a microsoft book or something tame. This is grassroots hardcore good.
Rating:
Summary: One of the best books I paid for
Review: This book easily complements my Win2K manuals. Most notable chapters are 28-29, i.e. Penetration Testing: Hack Your Own System and Writing Secure Code. Highly recommended for anyone trying to secure their Win2K environment. Pity it's not available in PDF.
Rating:
Summary: Excellent, in-depth discussion
Review: While most security books are simple walk-through guides, Mr. Schmidt's text contains all of the details that the others leave out. While parts were well over my head, I appreciated the focus on technical completeness and understanding of security concepts. This book was an excellent addition to my bookshelf and I highly recommend it.
Rating:
Summary: Excellent, in-depth discussion
Review: While most security books are simple walk-through guides, Mr. Schmidt's text contains all of the details that the others leave out. While parts were well over my head, I appreciated the focus on technical completeness and understanding of security concepts. This book was an excellent addition to my bookshelf and I highly recommend it.
<< 1 >>
| 
