Next message: mea culpa: "[ISN] Encryption Software Not Protected"
Forward From: "Rob Slade" <rslade�t_private>
BKPWNTSG.RVW 980514
"PCWeek Microsoft Windows NT Security", Nevin Lambert/Manish Patel,
1997, 1-56276-457-8, U$39.99/C$56.95/UK#36.99
%A Nevin Lambert nevinl�t_private
%A Manish Patel manishp�t_private
%C 201 W. 103rd Street, Indianapolis, IN 46290
%D 1997
%G 1-56276-457-8
%I Macmillan Computer Publishing (MCP)
%O U$39.99/C$56.95/UK#36.99 800-858-7674 http://www.mcp.com
%P 388 p.
%T "PCWeek Microsoft Windows NT Security: Security Administrator's
Guide"
I always get a bit worried at a book written by two cofounders of a
consulting startup related to the topic of the book. My alarm level
rises when the sarcasm starts right away in the acknowledgements. I
am not comforted by the fact that the authors are enthralled by the
glories of Microsoft.
Chapter one, however, is a very reasonable look at the different
levels of security that a situation may demand. Physical security,
warnings, accounts, and backups are part of the picture that is
presented. Some of the advice is questionable (the use of NTFS
sometimes involves a tradeoff between access control and recovery) but
the overall scenario has good range and scope. The system history
given in chapter two is rather biased in favour of Microsoft and its
products, but the system overview is useful background. Account and
group concepts and maintenance are covered well in chapter three. The
discussion of filesystems in chapter four still hews closely to the
Microsoft party line, but it does provide information that can be very
helpful for decisions regarding reliability. In the Trusted Computer
System Evaluation Criteria (Orange Book) the term "Trusted Path"
refers to at least B2 level systems, which NT cannot approach.
However, in the review of the NT security subsystem in chapter five,
the authors do a credible job of justifying the use of the phrase
through the level of detail they provide of the logon process, as well
as other operations. Chapter six looks at access to local resources
and gives significant detail and information in such areas as well
known SIDs (Security IDs). However, as is too often the case, the
book fails to furnish a clear explanation of assessment of effective
rights to an object.
The review of basic networking concepts takes up about half of chapter
seven, with the remainder looking at shares and network security
provisions. RAS (Remote Access Service) and the related encryption
schemes are discussed in chapter eight, but the lack of details of the
encryption process make it difficult to assess levels of security and
operational needs. Coverage of printer management in chapter nine is
good, but the implications of options such as spooling and redirection
are not completely addressed. Chapter ten deals with a number of
Registry related topics, including editing, Registry tools, backup,
and security related keys.
Chapter eleven provides a thorough and helpful explanation of
profiles, although, again, extra material on the security implications
of specific choices could be more helpful. The ramifications of
auditing could be discussed forever, of course, but I would have to
say that chapter twelve's coverage is quite appropriate for the target
audience level of the book. Internet security could (and does) fill
other books, so it is acceptable that only concepts and warnings are
raised in chapter thirteen. Chapter fourteen reviews security aspects
of BackOffice but only in a brief and limited manner.
Chapter fifteen provides information on NT's use of cryptography, but
this data is not very helpful since it is not backed up with
conceptual material on cryptographic strengths and key management.
Enterprise policies are reviewed quickly in chapter sixteen. Chapter
seventeen looks to the future delivery of Distributed Security
Services (DSS). The security references and resources listed in the
appendices are not extensive, but they are of reasonably good quality.
The book has both a readable style and useful information. The lack of
formal security concepts means that there are gaps in coverage, but
overall this work can provide both new users and non-specialist
administrators with a measure of protection that would reduce
vulnerability considerably. Security specialists who are not familiar
with Windows NT would likely find the most benefit from using the text
as a tutorial, since they would be able to fill in the blanks from
their own conceptual background.
copyright Robert M. Slade, 1998 BKPWNTSG.RVW 980514
-o-
Subscribe: mail majordomo�t_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 12:58:26 PDT