Hardening Windows, 2nd edition by Jonathan Hassell


Hardening Windows, 2nd edition

  • Author: Jonathan Hassell
  • Softcover: 216 pages
  • Publisher: Apress(Oct 26 2005 12:00AM)
  • Book dimensions: 9.1 x 7.4 x 0.6 inches
  • ISBN: 1590595394
  • ITBookworm score: 3.5 /5

Score Reasoning

It’s really kind of hard to resolve why I didn’t give this one 5 stars, but to boil it down to a simple statement, I just found it a little light. Most of the concepts here are very easily found in resources that are quite public and easily obtainable. It’s a good basic reference for locking down your systems, but I just don’t think there’s enough detail. I’m one of those guys who likes to have reasons behind things, and this book just doesn’t provide that level of study. If that’s not what you’re after, then this book is perfect for you, and you’ll be very happy with just being told what to do and leaving it at that.

Synopsis

This book is really kind of a verbose checklist for configuring security for Windows. I’m frankly having a hard time reconciling the author’s stated purpose, and what actually came out. In this book you’ll cover a lot of basics of managing a Windows system like managing patches, and discovering event viewer. There’s a chapter on Exchange that’s interesting if you don’t know anything about it already, but it’s way too basic for Exchange admins. Most of the stuff in this book is easily found through other means, but it is nice to have it all in one place. Overall, I liked the presentation style, and if I were to use it to help me lock down a system, I would skip the chapters and just use the lockdown checklist in the appendix. It does have some good walkthroughs though, and I did actually learn some things, so it clearly has a purpose. I think if he wanted to make a perfect book, he would have written in some of the inner workings of the hows and the whys of we’re taking some of the steps we are. Theory is never overrated, and the more you tell your readers the more they’ll be able to grow into the book as their knowledge increases. This detail I’m asking for would go really well with the appendix of security checklists that’s provided in the back. This book only has one audience really, and had he included more details, and theory, it could have multiple audiences. A good work, I just found it a little light. Still, there are a couple interesting factoids that would be more difficult to ferret out if you were on your own.

Who is this book really for?

Well, this book states that it’s for Windows admins who are fed up with playing catch-up with hackers. Ok, that said, how good of a job did it do at hitting its audience? Therein lies the rub. I think that admins would be mostly bored here because most of this is very common knowledge that you could find plastered on Microsoft’s site, and other easily obtainable resources. In fact, many of the lessons here are clearly geared towards an absolute beginner. The section on event viewer is a perfect example. If this book is for admins, then why is there a need to explain the simplest basics of event viewer? However, many topics assume some level of knowledge so the absolute beginner may be lost as well. So I would say that this book is really for someone with a working knowledge of Windows, but doesn’t really know enough about security to be sure his system is protected. An admin will be bored, and a beginner will be lost. If you’re an intermediate Windows user and you just want to be told some things you can do to lock down your system, and you don’t want any reasoning behind the methods you’re employing, then this book is probably for you.

Writing Style

This book is fairly straightforward in the way it presents its material, but at the same time some of the author’s personality shows. He doesn’t really go out of his way to be amusing, but you can definitely tell it’s him. He explains things in a very clear style that’s not boring. Even if his style were boring the book really isn’t long enough for you to even have time to get bored, so it works out well. Overall though, I’d say it’s a decent read.

Condition

This book is put together very well. I don’t have much to say about it though. I bent it up, twisted it, dropped it lots, tore at the binding, and it held up very well. This will last you as a reference for quite some time.

Table of Contents

Chapter 1: Some Words About Hardening

This chapter starts out talking about what security actually is and the dilemmas of security. I’ll admit that I thought this was going to be a cheesy section that just spit out simple concepts like, you have to keep your system secure, and, nobody is safe. However, I found it to actually be surprisingly anecdotal with some pretty good advice thrown in there to boot. In fact, the way Jonathan suggests you think about security is probably the most concise way I’ve ever heard it put before, and I’m honestly a better person for having heard it. Ok, that’s going a bit far, but still, it’s a good read. Next is a very brief discussion on what Windows is lacking. I found it interesting, though a lot of it I’ve heard before. I really wished he would have fleshed out the discussion a little more. I realize he’s trying to keep the discussion short to make this more of a quick reference, but in these conceptual chapters, the concepts really need to be fleshed out more. What happens is he touches on something, and I have no idea where to go for any really good further reading. Now there are some general hardening suggestions given for both software and hardware. Initially, I say that I’ve heard most of it if not all of it before, but any simile that uses sex has my vote, so rock on Jonathan. It’s good discussion anyway and given that this book probably has a wide audience, it’s good to have anyway. Under the hardware section though he mentions that it’s good practice to have an IDS. Chip Andrews however, says that these are usually not worth much as they’re pretty easy to circumvent. If this is the case, and I’m prepared to believe that it is, then I think this is something Jonathan should have mentioned here if even just as a side note. One of the things I like about this book is the checkpoints at the end of the chapters. Checkpoints are a bulleted list of what you should have learned. Right away I’ve started reading the checkpoints first to see if the chapter was something I’m interested in, and to give me a jump on the reading. I then go back and read the chapter once I know what it’s about.

Chapter 2: Windows NT Security

Here we start out with a healthy discussion of the System Policy Editor. Different policies are discussed, and then a list of suggested policy settings is given. It took me a while that by NT, he meant pre-Windows 2000, and not NT as a whole. Next, it goes into extending policies. He assumes knowledge the reader may not have. When discussing ADM files, he whets your appetite with what they can do for you, and that they’re freely downloadable from both MS and other sites, but offers no links so you can obtain them easily. Now I have to go on a hunt, and I may actually never find the best ones… who knows? Next, passwords are discussed, and he gives some advice on password policy settings. And while I disagree with some of his recommendations, it at least gives you someplace to start from. The NSA site actually has some very good material on this subject. Ok, now the section on password cracking is just intriguing, and I can’t wait to try out some of the stuff discussed. Of course, this time he provided the links to the software he’s talking about so I’ll actually be able to test it out. Next, we get into brief discussions on the same tricks we all know and love… protecting user accounts, locking down portions of the registry, and protecting the file system. Now we get into internet threats and assigning user rights. These too are good discussions, and there’s a rather long list of user rights with suggested settings.

Chapter 3: Windows 2000 Security

This isn’t really a long chapter and it does take some knowledge for granted. It starts out talking about system updates and slipstreaming. It walks you through a basic slipstream process with a service pack, but doesn’t mention that you can also do it with hotfixes. Next, critical updates and hotfixes are discussed briefly. Now you get directly into security templates. It not only shows you how to work with the default, but also shows you how to create your own. There are some recommended security policy settings that it touches on, but nothing earth shattering. It finishes by talking about tightening unused services.

Chapter 4: Windows XP Security

This chapter starts out talking about working with XP firewall. It then moves on to profiles and group policy. These are fairly short sections so don’t expect a lot of detail. Easily the biggest section in this chapter is on disabling services. There are quite a few pages dedicated to a list of services and the recommended settings. We finish here with BPSA, file system security, and hardening accounts.

Chapter 5: Windows Server 2003 Security

We’ve got another short chapter here. It’s pretty decent though. It starts out highlighting the improvements in SP1. It then begins the discussion that will take up the rest of the chapter… the security configuration wizard. It explains what the wizard is, how to install it, and how to work with it. It’s not extremely detailed, but it’s enough to get going pretty well.

Chapter 6: Deploying Enterprise Security Policies

Pretty much this entire chapter is dedicated to discussing system and group policies. It has a few good discussions on how group policy works and interacts with other policies. There aren’t tons of details, but it’s a good overview and you will definitely learn something about GP here. However, if you need a ground zero introduction to GP, I wouldn’t rely solely on this chapter.

Chapter 7: Patch Management

Patch management is a touchy and complicated subject. There’s really not a perfect solution for it. This chapter tries to walk you through working with Microsoft’s strategy for patching. It starts out with a discussion on what WSUS is, and how it compares to SMS. It then gives you a decent walkthrough of how to install the WSUS server and configure it to pull updates from the Microsoft server. It then goes into how to do some basic admin tasks like synchronizing content, creating computer groups, approving content, etc. It then gets into pushing out the clients and configuring them. Overall it’s a good chapter. It’s a good walkthrough of how to setup free patch distribution for your servers.

Chapter 8: Network Access Quarantine Control

Here we start out talking about what NAQC is and what it’s for. It then jumps into a brief discussion of how it works, and then how to configure it step by step. Now it gets directly into deployment and after a quick discussion on creating quarantines it gets right into writing the baseline script that will be used to measure the client machines to see if they meet the requirements to connect remotely. It gives an example script for you to follow, but I really think it assumes too much. There’s practically no explanation about the script itself, so someone like me who doesn’t really know anything about writing these scripts won’t really be any better off that they were before. I think if the author were intent on actually teaching his readers how to write these scripts, he would have provided an actual tutorial so we would have something to follow along with instead of just some printed code for us to figure out. The rest of the chapter talks about working with quarantines, etc. It’s pretty ok, but not very involved.

Chapter 9: Internet Information Services Security

OK, this is obviously about securing IIS. It starts out talking about the ways to secure IIS with the first being to disable it. That seems rather obvious to me, and not much of a solution considering you usually will have it running securely. Disabling something isn’t really securing it any more than dismantling your car is practicing safe driving. Anyway though… The next step discussed is keeping IIS updated and the different methods for doing that. If you read the section on patch management before you’ll probably be bored during this section. Next it gets into securing files, etc and configuring the indexing service. This next section is important to web servers. It talks about locking down all unused ports using IPsec. Don’t miss this section. You don’t have to be an expert or fully understand it to follow the step by step instructions given to lock down your ports. Finally we tie up some loose ends by talking about default pages, etc. Overall though, a pretty good chapter.

Chapter 10: Exchange Server 2003 Security

This is just an excellent chapter on Exchange security. Now, it may be because I know next to nothing about locking down Exchange, or it may just be that it’s written well. All the same, I learned a few things here that I can apply right away to my email server. So it starts out talking about installation security and policy modifications. Then it gets into service security and patch management. It gets really interesting though when it got to the address spoofing section. There are some really good tips here for protecting yourself. It then gets directly into DoS attacks and how you can protect against them. It finishes off with restricting SMTP access.

Chapter 11: Security Auditing and Event Logs

This is a pretty short chapter talking about event logs and what you should audit and how to work with them a little. There’s nothing really special if you’ve ever worked with event logs at all, so you can probably skip this one if you want. If you’ve never worked with event logs before though, you can give this one a glance and you’ll be able to work through it pretty well.

-Sean McCown, ITBookworm.com

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

*