Hacking Exposed Windows 2000

I'd recommend this book for any WinNT/2k system administator.

Rating:
Summary: MUST have if you're responsible for NT2K Host Based Security
Review: Another excellent book from the folks at Foundstone. This book has a few pointers that are not yet in the SANS Win2k Step-by-Step Guide. Beyond checklisting, this book gives you an understanding of how vulnerabilities are actually executed. As always, suggested countermeasures are provided.

Rating:
Summary: Buy this book if you use windows
Review: Don't run Windows without it. An in-depth windows security book written for those who do not understand geek. Easy to read and chocked full of info provided to save you from common (and not so common) windows sins. Definitely for the home and enterprise network user/admin.

Rating:
Summary: Excellent
Review: Even in a world of Full Disclosure, the 'Hacking Elite' seem to be in their own private club. Hacking Exposed Windows 2000 is your all-access pass beyond the velvet ropes...

Rating:
Summary: Excellent security book
Review: Excellent book which helps you secure your system from the attacker's point of view. It makes you think as a hacker to be able to find the vulnerabilities in your machine/network.

Rating:
Summary: Excellent and timely
Review: Extremely well organized and presented in an easy-to-grasp way, Hacking Windows 2000 Exposed will have the novice's jaws dropping, yet even the seasoned Win2K expert will raise an eyebrow (or both). The latest hacks and cracks are explained in detail, allowing the admin to really and truly see what they are up against and why security is so important to ANY computer attached to a network. I highly recommend that before you attach a Windows 2000 system to the Internet, read this book and test your system's security fully -- before an unwanted intruder does.

Rating:
Summary: Interesting
Review: Good book to read among the list of others. So many ways to break in to a Windows system.

Was recently at a hacker gathering, some of these already have "script kiddie support". The other ones are scarier than these. Layer 2 hacking and redirects. DoS of systems themselves. Printers cracking their own passwords. Now that is scrary.

None the less this is a good book to start, I would also recommend some CISSP or SANS GIAC books to get a better understanding of digital defense techniques. The Hacking Exposed series are very good if you do not have much time to research or disassemble the code.

Rating:
Summary: Good book for any system admin.
Review: Great book to show you just how insecure Windows 2000 / XP can be. A must have for any system admin. The book also gives the names of software you can use to test your security or lack of.

Rating:
Summary: Windows security demystified!
Review: How do these hackers find my Windows network? What info can they get? How do they actually "connect" and compromise my system? Can I do anything about it? Will it be hard, expensive or will I have to hire somebody or maybe will just a firewall do? What is this netbios thing anyhow? If you have questions like this then this book is for you. Hacking Windows 2000 Exposed is not a book about building a bastion host, configuring a firewall, or encryption theory. It does however show in a very understandable way how "hackers" use common system utilities(netstat,net,nslookup,etc)and free tools(superscan,etc) to find weaknesses in a network or computer and exploit them for fun or profit. I think Microsoft has gotten a bad rap about producing insecure operating systems. Fact is that Windows 2000 can be VERY secure, but by default it is configured for ease of use and backwards compatability (that is changing in .NET Server). Equipped with the right knowledge such as this book, and being serious about taking the time and effort to do something, the vast majority of hack attacks will be stopped cold. 99.9% of hackers are unsophisticated and exploit common weaknesses and negligence. As the book explains weak passwords, no account lockout policy, lack of physical security, and using file and print sharing carelessly are still the biggest problems. However of course there are MANY other issues that need to be dealt with.
Hacking Windows 2000 Exposed is very well organized. It takes you through the steps of how someone actually compomises a system and what you can do about it. It puts you in the mindset of a hacker and their methodology - finding a network, extracting information about it, attempting the connect/attack, gaining access, trying to get system or administrator access, reaking havok, and covering their tracks - maybe even leaving a backdoor for remote control! This approach to writing the book will leave you well prepared to defend yourself, audit activity, and show you how to test your own network for vulnerability. You will learn about netbios, network utilities, authentication
protocols, ports, services, anonymous access, permissions, sniffers - how they can be used against you, what to do about it and a whole lot more. The first part of the book focuses on the Windows 2000 operating system. Later chapters focus on applications such as Internet Information Server, SQL, and Internet Explorer(including some great tips everyone can use) and tells you how to manage them for maximum security. The end of the book covers specific security features of Windows 2000 such as Ipsec, Efs, group policy, seurity templates, and how to use them. Appendix A is a concise summary on how to lock down your Windows 2000 computer - a recap of concepts covered throughout the book. Each chapter also has a very helpful summary at the end that reinforces what was covered(specifically the actions to take) in case you are overwhelmed by technical detail in the reading. I like to periodically go back and leaf through the chapter summaries as kind of a refresher course of the meat of what is covered in the book. There is a list of references of other books and internet sites for further reading if more info is desired of material covered in each chapter. I highly recommend Hacking Windows 2000 Exposed to anyone intested in protecting their network and computers from unauthorized access - even those who have just a few computers at home and a cable/dsl connection should take heed. The writing style assumes you have some basic understanding of networking but is definitely not just for techies and keeps your interest. For many this could be their only book about network security and others their first book or a must have addition.

Rating:
Summary: The "Hacking Exposed" series scores a hat trick
Review: I am a senior engineer for network security operations. I read "Hacking Exposed Windows 2000" ("HEW2K") to learn how adversaries compromise Windows hosts. Like the original "Hacking Exposed" (now in a third edition) and the newer "Hacking Linux Exposed," HEW2K delivers no-nonsense, high-impact security information. I give all three books my highest recommendation.

Having read the original "Hacking Exposed" in Oct 99, I knew the authors possessed strong Windows security and administration skills. HEW2K gives the Foundstone crew a way to share their knowledge with the world. Thankfully, HEW2K doesn't repeat information found in the general-purpose "Hacking Exposed." For example, HEW2K covers Windows-specific denial of service issues, but directs readers to "Hacking Exposed, Third Edition" for a broader description of DoS. The same approach is taken with social engineering and dial-up security.

The "Hacking Exposed" series differ from the "Maximum Security" and "Hack Proofing" titles. While the latter are predominantly defensive-minded, HEW2K and its cousins are more offensive in nature. Vulnerability assessors and penetration testers will appreciate this focus. I was able to immediately apply tools and techniques in HEW2K to discover at-risk hosts on client networks.

HEW2K continues to offer the best combination of command-line examples, screen shots, and sample output of any security books I've read. I could literally read, type commands, and check results against the material in HEW2K. Furthermore, HEW2K covers topics given little attention elsewhere; these include attacking and defending SQL Server, Terminal Services, and client applications. HEW2K also gives enough background on each topic, like ISAPI filters or ASP, to give unfamiliar readers enough context to understand security implications of these technologies.

HEW2K is another must-buy from Osborne McGraw-Hill. As Foundstone principles, the authors ride the cutting edge of security developments. They recognize and communicate that application security (IIS, SQL Server, etc.) is the target of choice as administrators lock down layer 4 and below. With its clear methodology, expert explanations, and inside tips, HEW2K easily differentiates itself from the pack. We readers benefit, and hopefully our adversaries will not.

(Disclaimer: I received a free review copy from the publisher.)