Rating: 
Summary: What The MCSE Prep Material Doesn't Tell You
Review: Quite honestly, I believe that the material covered in Hacking Win2K Exposed should be covered in the MCSE 70-220 exam -- but it isn't. These guys not only cover all the tricks of the Black-Hat society, ranging from screening and enumeration to password cracking to privilege escalation exploits, but they also give the reader important information on how to implement countermeasures against these attacks.Out of the box, Win2K will do a better job of protecting the OS than NT -- for example, the default domain group policy settings will prevent user enumeration, even though they permit null sessions (stand-alone systems, by contrast, are just as vulnerable to enumeration as NT 4.0). However, by default, the system is just as vulnerable to to attacks against legacy LM based password hashes as was NT -- this book explains how to avoid this while still maintaining compatibility with legacy consumer Windows products. And the named pipe impersonation privilege escalation exploit was one that I had not heard about. SP2 fixes it, but it's definitely something that you need to be aware of. This book is a treasure trove of security-critical information for Win2K administrators. You will learn how to apply group policy to effectively lock down your Win2K systems against many of the attacks commonly used against Win2K. You'll get links to all kinds of freeware ranging from hacking tools to intrusion detection software so that you can assess the security of your own Win2K network. You'll learn about the vulnerabilities of IIS, SQL Server, and Terminal Server as well as how you can deploy these services securely. This is real-world stuff. You just can't learn it by studying for 70-220. Hacking Win2K Exposed is probably the one book that I'd try to grab off the shelf if my library were on fire.
Rating:
Summary: Great informative book!
Review: This book belongs to a great series of books. I have read Hacking Exposed, the first edition and then i read this one. It really provides important detailed information focusing on windows 2000. I advise anyone who administers a windows 2000 network to buy it!!
Rating:
Summary: This book will give Windows 2000 users cold sweats!
Review: This book describes in clinical detail how hackers
go through Windows 2000 security like a stilletto
between the ribs. Absolutely amazing reading, given
that it's essentially a catalog of proven ways to crack
the OS (or of security holes to patch if you care
about the integrity of your system). I now run IE and
OE with practically every option turned off that *can*
be turned off as a result.
Rating:
Summary: Interesting
Review: This is a needed book for anyone deploying windows 2000 servers. The IIS chapter is really good even though URLScan will take care of most of the problems. I enjoyed the 100's of links to utility's. I always turned off services not needed but this book explains "WHY" things are turned off. Great book.
Rating:
Summary: This book explains the WHY on several topics
Review: This is a needed book for anyone deploying windows 2000 servers. The IIS chapter is really good even though URLScan will take care of most of the problems. I enjoyed the 100's of links to utility's. I always turned off services not needed but this book explains "WHY" things are turned off. Great book.
Rating:
Summary: Do yourself and your end users a favour. Get this one!!
Review: This is one of the best W2K books I've read. It's up-to-date, easily to read, and offers good honest practical advice. A must for any body administering a W2K network - novice or expert.
Rating:
Summary: A book of great quality, and practicality.
Review: Truly a good book. I am a web developer, I focus on developing web applications, not security. This book really helped me to secure my own infrastructure, and helped me give much great advise to my clients. The chapters are well written and easy to understand. The authors have an in depth understand hacking (almost to the point of arousing suspicion). There are many great tools that they recommend, which will help you to assess the security of your organization.
Rating: 
Summary: So you think your website is secure?
Review: When I started reading, I could not put the book down. Very easy to read and very eye opening. I really like how they offer tools and present actual code in action. HOWEVER, fortunately for us, the book is dated. Microsoft released the URLSCAN utility that "countermeasures" most of the IIS 5 related chapter. This utility is not mentioned. I suspect each chapter has a rollup patch from microsoft for same. BUT, knowing what the patches are actually attempting to do is the very best part of this book. This book is a must read for anyone who thinks their websvr or AD setup is secure. Even if you confirm there are ZERO holes, the process to reach that conclusion will be an education in itself and this book is the teacher.
| 
