Windows NT Security Handbook

Design a total security system without gaps

Without truly understanding the intricacies of network security,many systems administrators erroneously believe their Windows NT workstations and servers are secure. One advantage of NT is the first-class security premise on which Microsoft designed and built it. But unless you master the elaborate NT security architecture and correctly implement all the necessary security features, NT's effective security innovations will not protect your system.

Network security threats come from far and wide--from an internaldisgruntled user or systems administrator, from Internet hackers worldwide, and even from accidental and calamitous mishaps. Implementing an effective security system starts by focusing on the primary security issues for your system.

NT security is a topic that deserves its own book, and such is TomSheldon's Windows NT Security Handbook. Sheldon is an experiencednetwork engineer, programmer, and consultant and has written more than 20 books. The handbook reflects his experience.

A Practical Publication
Whereas many security texts are heavily theoretical and are based onlaboratory tests, the handbook is extremely practical, with numerous real-world examples. It is an exhaustive reference that guides you through the issues that face network and security administrators responsible for NT-based systems.

Although the NT documentation and even Microsoft Windows NT ServerResource Kit and Microsoft Windows NT Workstation Resource Kitcontain sections on security, neither is written as clearly and precisely as the handbook. For every possible security breach mentioned in the handbook for NT systems, both standalone and networked, Sheldon provides an appropriate solution you can implement.

The handbook's opening section, "Security Boot Camp," is devotedto general security issues and policies. As the name implies, this sectiondiscusses the essentials of network and computer security. The overview coverseverything from definitions to C2 security, including policies, securitymanagement, and protective measures.

Security Strategies
Experienced security administrators may want to scan the overview sectionquickly and jump to page 100. Where, Sheldon begins exploring in detail all of NT's security features and potential security holes that can place an enterprise at risk.

Sheldon illustrates how to develop security strategies for NT networks andhow to monitor for possible hackers or unauthorized activity. The handbook takesa defensive approach (necessary in any production environment) to developingstrategies and countermeasures that minimize security risks.

Sheldon concentrates on the following areas:

From this list, you can see that the handbook is a comprehensive guide toprotecting your NT system effectively.

Domain Models and Security
The handbook also provides great detail about one of the most confusingaspects of NT: domains. Sheldon explains the different types of NT domains andthe security issues and the resolution needed for each domain type.

No matter which domain model your system uses, you cannot be too concernedabout security. Sheldon writes that paranoia is a good thing: The more you worryabout system security, the more likely you will protect your system from attack.However, he also states that security is often put on the back burner becausemany network administrators reactively put out network fires or single-mindedlystrive for better performance on their networks. Although network throughput iscrucial, what good is a fast server if a rogue user can crash the system andcause costly losses?

The Big Picture
The book attempts to resolve major security issues and give you abig-picture solution. Throughout the handbook, Sheldon lists hundreds ofavailable resources and vendors for solutions to the security issues andproblems he discusses. You can use these resources to design and implement atotal security system without gaps.

For more information, Sheldon maintains a Web page (http://www.ntresearch.com)that contains several additional NT security white papers and references.The handbook also lists hundreds of relevant security and NT-based universalresource locators (URLs) where you can find assistance and advice.

The book concludes with a step-by-step description of how to evaluatesecurity status on an NT device. Sheldon provides a detailed, standardevaluation process for eight different NT security criteria.

Don't Expose Your System
If you do not have an effective security system in place, you might as wellhave a virtual neon "Hack Me" sign attached to your network thatsimultaneously flashes "Secure Me." If you need a guide to NT systemsecurity and general information system security, get a copy of Sheldon's WindowsNT Security Handbook. It is a thorough, informative book about NT security.Just as many systems administrators do not know how to secure theirsystems, many hackers do know how to enter an unsecured system.