Hacking Exposed Windows Server 2003

I gave the original HE:W2K five stars for finally breaking out Windows-specific security material into its own "Hacking Exposed" title. HE:W03 is mainly an update of its predecessor, a fact I confirmed with a chapter-by-chapter evaluation. HE:W03 has a new foreword and better organization. Ch 1 sports five more pages, and ch 2 offers a new discussion on service accounts and groups. Ch 4 adds an RPC enumeration section while ch 5 provides info on sniffing Kerberos authentication. Ch 6 mentions exploiting the Windows debugger but is short on details. Ch 7 explains psexec and ch 8 explains usage of MDcrack. Ch 10 gives new info on IIS 6, ch 11 mentions SQL Slammer and more defensive strategies, and ch 12 updates remote access methods for Windows XP and 2003. Ch 13 presents a few recent client-side attacks and ch 16 mentions several defensive tools. Ch 17 is mainly original, although the Windows OS roadmap appears as dated as the one first proposed in HE:W2K. Oddly, chs 9, 10, and 16 were missing material, like talk of hiding files via streaming and the "runas" command. Ch 3, 14, and 15 are mostly the same.

HE:W03 is still the best book available if you want to learn how to assess and compromise Windows servers using publicly available tools. It will not teach original exploitation techniques like coding exploits, although this is usually unnecessary when admins deploy stock servers with blank administrator passwords. The authors are experts when it comes to performing pen tests of Windows targets, even though they are unapologetic Windows fans. (Page 195 bears the quote "command-line brain damage of Linux.") Their bias is also apparent as they question the applicability of the word "monopoly" to Microsoft (a legal fact); this isn't surprising given the authors' employers. Their bias also colors their judgment in the introduction, where they propose that security is a zero sum game between security and usability. Attitudes like that can no longer cover for Microsoft's security lapses.

If you're forced to run Microsoft products, it pays to understand how intruders can compromise them. It's also helpful to know how to defend those systems. HE:W03 shows both sides of the coin in the plain language readers have been enjoying since the original "Hacking Exposed" was published in 1999. I recommend this book, especially if you haven't read HE:W2K.

Rating:
Summary: Not the ultimate Windows 2003 security book, but still solid
Review: "Hacking Exposed: Windows 2000" (HE:W2K) was published in August 2001, eight months after the W2K OS was released to manufacturing (RM) in December 1999. "Hacking Exposed: Windows 2003" (HE:W03) was published in October 2003, seven months after the Windows 2003 OS was RTM. Does the shorter gap between OS availability and book publication hurt the successor to the original hit Windows security book? It's possible, but I don't see many contenders for the title of best Windows assessment guide. Because this book delivers the technical goods in a proven format, I give HE:W03 four stars.

I gave the original HE:W2K five stars for finally breaking out Windows-specific security material into its own "Hacking Exposed" title. HE:W03 is mainly an update of its predecessor, a fact I confirmed with a chapter-by-chapter evaluation. HE:W03 has a new foreword and better organization. Ch 1 sports five more pages, and ch 2 offers a new discussion on service accounts and groups. Ch 4 adds an RPC enumeration section while ch 5 provides info on sniffing Kerberos authentication. Ch 6 mentions exploiting the Windows debugger but is short on details. Ch 7 explains psexec and ch 8 explains usage of MDcrack. Ch 10 gives new info on IIS 6, ch 11 mentions SQL Slammer and more defensive strategies, and ch 12 updates remote access methods for Windows XP and 2003. Ch 13 presents a few recent client-side attacks and ch 16 mentions several defensive tools. Ch 17 is mainly original, although the Windows OS roadmap appears as dated as the one first proposed in HE:W2K. Oddly, chs 9, 10, and 16 were missing material, like talk of hiding files via streaming and the "runas" command. Ch 3, 14, and 15 are mostly the same.

HE:W03 is still the best book available if you want to learn how to assess and compromise Windows servers using publicly available tools. It will not teach original exploitation techniques like coding exploits, although this is usually unnecessary when admins deploy stock servers with blank administrator passwords. The authors are experts when it comes to performing pen tests of Windows targets, even though they are unapologetic Windows fans. (Page 195 bears the quote "command-line brain damage of Linux.") Their bias is also apparent as they question the applicability of the word "monopoly" to Microsoft (a legal fact); this isn't surprising given the authors' employers. Their bias also colors their judgment in the introduction, where they propose that security is a zero sum game between security and usability. Attitudes like that can no longer cover for Microsoft's security lapses.

If you're forced to run Microsoft products, it pays to understand how intruders can compromise them. It's also helpful to know how to defend those systems. HE:W03 shows both sides of the coin in the plain language readers have been enjoying since the original "Hacking Exposed" was published in 1999. I recommend this book, especially if you haven't read HE:W2K.

Rating:
Summary: Excellent Resource for Windows Server 2003 Admins
Review: Hacking Exposed- Windows Server 2003 is the latest addition to the Hacking Exposed series of books. Joel Scambray and Stuart McClure have teamed up to create another excellent source of information to help you understand the weaknesses in your Windows Server 2003 system and what you can do to defend against them.

It may not be quite as gripping as a John Grisham novel, but the Hacking Exposed books are relatively easy to follow and understand. The use of Tips, Notes and Cautions helps to highlight specific areas that deserve more attentions than others.

As with other books from the Hacking Exposed series, this one walks through how an attacker would locate and exploit your machine. It covers how to footprint and enumerate potential targets and then goes into comprehensive detail for the various attacks and vulnerabilities. Each attack or vulnerability is ranked based on its popularity, simplicity and potential impact to arrive at an overall risk rating.

This book covers the latest exploits and security measures for Windows Server 2003 including Windows-specific services such as MSRPC and IIS6. The authors also provide information on attacks against Terminal Services such as password guessing and privilege escalation as well as the latest DoS (Denial of Service) attacks.

New security features of Windows Server 2003 are covered as well- updates to IPSec, software restrictions and ICF (Internet Connection Firewall).

Anyone with Windows Server 2003 should read this book.

Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security (http://netsecurity.about.com), providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security (http://www.tonybradley.com).


Rating:
Summary: Good place to start, but just a refresh on the 2000 edition
Review: Having read "Hacking Exposed Windows 2000" (and most of the other Hacking Exposed books), and just started using Windows 2003 Server, I ordered this book with an eager anticipation for what it would reveal on Microsoft's supposedly significantly more secure OS.

The opening chapters were a disappointment and in general a lot of the content had been copied from the previous Windows 2000 edition, often with just "Windows 2000" replaced with "Windows 2003", which while sometimes accurate, was more often than not, completely inaccurate.

Many of the example outputs and screen shots didn't match the text and often there were inconstancies in the outputs, suggesting that they had perhaps been hand crafted.

In general the editing was poor and this book didn't really come up to the standard I've come to expect from the Hacking Exposed series. It had all the hallmarks of a book rushed to press.

As for Win2003 specifics, there was actually very little. Weather that's because Win2003 is super secure... or just that the author's (and perhaps the hacking community) hadn't really come to grips with the product....

Even the updated Win2000 content was largely pre SP3, which is odd, since SP4 had gone public, well before this book was released (in fact, some of the virus/worm references in the book are post SP4's release).

If you haven't read the Windows 2000 edition, then don't bother, get this one, it has all the content from that edition, plus a small amount of new Win2003 content.

If you've already read the Win2000 edition recently, then don't bother with this one, especially if you're already playing with Win2003. You've probably got most of the Win2003 info already, from MS and other public sources.

I've just started reading "Microsoft Windows Server 2003: Insider Solutions" (ISBN 0-672-32609-4) written by a team of writers who have been using Win2003 in it's pre-beta and early adopter stages. These guys had been using Win2003 since most of us got Win2000! Hopefully this will cover some of the security aspects that are missing in the Hacking Exposed book.

Rating:
Summary: Good place to start, but just a refresh on the 2000 edition
Review: Having read "Hacking Exposed Windows 2000" (and most of the other Hacking Exposed books), and just started using Windows 2003 Server, I ordered this book with an eager anticipation for what it would reveal on Microsoft's supposedly significantly more secure OS.

The opening chapters were a disappointment and in general a lot of the content had been copied from the previous Windows 2000 edition, often with just "Windows 2000" replaced with "Windows 2003", which while sometimes accurate, was more often than not, completely inaccurate.

Many of the example outputs and screen shots didn't match the text and often there were inconstancies in the outputs, suggesting that they had perhaps been hand crafted.

In general the editing was poor and this book didn't really come up to the standard I've come to expect from the Hacking Exposed series. It had all the hallmarks of a book rushed to press.

As for Win2003 specifics, there was actually very little. Weather that's because Win2003 is super secure... or just that the author's (and perhaps the hacking community) hadn't really come to grips with the product....

Even the updated Win2000 content was largely pre SP3, which is odd, since SP4 had gone public, well before this book was released (in fact, some of the virus/worm references in the book are post SP4's release).

If you haven't read the Windows 2000 edition, then don't bother, get this one, it has all the content from that edition, plus a small amount of new Win2003 content.

If you've already read the Win2000 edition recently, then don't bother with this one, especially if you're already playing with Win2003. You've probably got most of the Win2003 info already, from MS and other public sources.

I've just started reading "Microsoft Windows Server 2003: Insider Solutions" (ISBN 0-672-32609-4) written by a team of writers who have been using Win2003 in it's pre-beta and early adopter stages. These guys had been using Win2003 since most of us got Win2000! Hopefully this will cover some of the security aspects that are missing in the Hacking Exposed book.

Rating:
Summary: Lots of old information that does not apply to Win2003
Review: I like this book because it illuminates many of the approaches a hacker would take when trying to invade the system. But it is already out of date for anyone who has Windows 2003 and the latest version of IIS and SQL Server.

Most of the entire section on IIS describes vulnerabilities in IIS 5.0 and does not apply to Win2003. Some of the recommended tools from Microsoft will not even download onto a Win2003 machine running IIS 6!

The SQL Server chapter describes vulnerabilities that are already fixed in SP3. It does however describe application defects that can be exploited, and tells how to guard against them.

So, this is a good reference on general vulnerability mitigation, but much of the information is already out of date as of Christmas 2003.

Rating:
Summary: Lots of old information that does not apply to Win2003
Review: I like this book because it illuminates many of the approaches a hacker would take when trying to invade the system. But it is already out of date for anyone who has Windows 2003 and the latest version of IIS and SQL Server.

Most of the entire section on IIS describes vulnerabilities in IIS 5.0 and does not apply to Win2003. Some of the recommended tools from Microsoft will not even download onto a Win2003 machine running IIS 6!

The SQL Server chapter describes vulnerabilities that are already fixed in SP3. It does however describe application defects that can be exploited, and tells how to guard against them.

So, this is a good reference on general vulnerability mitigation, but much of the information is already out of date as of Christmas 2003.

Rating:
Summary: The best security practice guide for Windows Server 2003
Review: This book will guide you how to secure windows server 2003 from the hacker point of view. It details how microsoft internally improve security in Windows Server 2003. This book follows the writing standard of Best Seller: Hacking Exposed which is very easy to read and understand.

Rating:
Summary: A Must read for security expert!!!
Review: Two things that I love and want to share are special URL link to useful information and chapter about hacking iis. If you want to protect your windows network,you can not miss this book. I think it's also good for everyone who follow up the security technology implemented in new windows server.

Rating:
Summary: A Must read for security expert!!!
Review: Two things that I love and want to share are special URL link to useful information and chapter about hacking iis. If you want to protect your windows network,you can not miss this book. I think it's also good for everyone who follow up the security technology implemented in new windows server.