RE: Secure Windows 2000 pro/server
From: Erik Birkholz (erik@foundstone.com)Date: 10/30/01
- Previous message: Mark Medici: "RE: Passwords"
- Maybe in reply to: John Minnella: "Secure Windows 2000 pro/server"
- Next in thread: Salisko, Rick: "RE: Secure Windows 2000 pro/server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <5B8559F3126DD4119C5100B0D022A06D012AB543@mailwest.foundstone.com> From: Erik Birkholz <erik@foundstone.com> To: 'Marc Fossi ' <mfossi@securityfocus.com>, "'Salisko, Rick '" <SaliskoR@ottawapolice.ca> Subject: RE: Secure Windows 2000 pro/server Date: Tue, 30 Oct 2001 11:59:53 -0800
Thanks Mark. Hope this answers Rick's questions.
-Erik B
Why create a whole book? To quote Joel and Stu,
"Hacking Exposed Windows 2000 came about largely because of this tremendous
gap between Microsoft's out-of-the-box configurations and what it takes to
run their software securely - in the real world."
What is different? To quote www.hackingexposed.com,
"Embracing and Extending Hacking Exposed
For all of its similarities, HEW2K is also distinct from the original title
in several key ways. Obviously, it is focused on one platform, as opposed to
the multi-disciplinary approach of Hacking Exposed. While Hacking Exposed
surveys the Windows security landscape, this book peels back further layers
to explore the byte-level workings of Windows 2000 security attacks and
countermeasures, revealing insights that will turn the heads of even
seasoned Windows system administrators. It is this in-depth analysis that
sets it apart from the original title, where the burdens of exploring many
other computing platforms necessitate superficial treatment of some topic
areas.
You will find no aspect of Windows 2000 security treated superficially in
HEW2K. Not only does it embrace all of the great information and features of
the original Hacking Exposed, it extends it in significant ways. Here, you
will find all of the secret knowledge necessary to close the Windows 2000
security gap for good, from the basic architecture of the system to the
undocumented Registry keys that tighten it down."
-----Original Message-----
From: Marc Fossi
To: Salisko, Rick
Cc: 'Erik Birkholz'; 'Brad Judy '; 'John Minnella ';
'focus-ms@securityfocus.com '
Sent: 10/30/2001 11:40 AM
Subject: RE: Secure Windows 2000 pro/server
I'm going to let Erik field this one since he _may_ have been involved
in
these publications;) I've read most of the Win2k book and it is a
definite must-read for anyone with a Windows box anywhere in their
network. Haven't had a chance to look at HE 3ed. yet, though.
Marc Fossi, MCSE
SecurityFocus
www.securityfocus.com
On Tue, 30 Oct 2001, Salisko, Rick wrote:
> Speaking of Hacking Exposed Windows 2000. Is the book a repeat of the
information contained in Hacking Exposed Third Edition, or is it
completely new information ? I'm trying to determine if it is worth
buying both.
>
> Rick Salisko
>
> -----Original Message-----
> From: Erik Birkholz [mailto:erik@foundstone.com]
> Sent: Monday, October 29, 2001 8:29 PM
> To: 'Brad Judy '; 'John Minnella '; 'focus-ms@securityfocus.com '
> Subject: RE: Secure Windows 2000 pro/server
>
>
> Don't forget the one in Hacking Exposed Windows 2000. It is the best
one in
> my obviously biased opinion.
>
> --Erik
>
>
> -----Original Message-----
> From: Brad Judy
> To: John Minnella; focus-ms@securityfocus.com
> Sent: 10/29/2001 9:11 AM
> Subject: RE: Secure Windows 2000 pro/server
>
> There are a number of good write-ups. Some of them are directed
toward
> Server, but most aspects of hardening are common between the two.
Here
> are
> a few of the ones I have used:
>
> "Windows 2000 Baseline Security Checklist" by Microsoft - there are
also
> Server and IIS versions of this document available.
> http://www.microsoft.com/technet/security/tools/w2kprocl.asp
>
> "Hardening Windows 2000" by Phil Cox - From the book "Windows 2000
> Security
> Handbook" Phil Cox et al.
> http://www.systemexperts.com/tutors/HardenW2K101.pdf
>
> Windows 2000 Security Recommendations Guides by the National Security
> Agency - directed toward federal agencies, but much is applicable to
> other
> organizations. Read the "Guide to Securing Microsoft Windows 2000
File
> and
> Disk Resources"
> http://nsa2.www.conxion.com/win2k/download.htm
>
> I like this guide from Yale as well - very similar to the one I am
> writing
> for our campus.
> http://www.yale.edu/its/security/Procedures/Securing/NT/w2k/
>
> A couple of other decent ones:
>
> Labmice.net
> http://www.labmice.net/articles/securingwin2000.htm
>
> ArsTechnica
> http://arstechnica.com/tweak/win2k/security/begin-1.html
>
> Most of these pages overlap greatly and some of them contradict each
> other,
> but there are differences in opinion in all fields. There are many
> other
> resources for Windows 2000 security. Out of the several W2K security
> book I
> have worked with, I like "Windows 2000 Security Handbook" by Phil Cox
et
> al,
> and "Securing Windows NT/2000 Servers for the Internet" by Stefan
> Norberg.
> There is also a Windows 2000 reading room at SANS
> (http://www.sans.org/infosecFAQ/win2000/win2000_list.htm) with many
good
> articles about various aspects of security in Windows 2000.
>
> I hope this helps and was not too much information.
>
> Brad Judy
> Information Technology Services
> University of Colorado at Boulder
>
> > -----Original Message-----
> > From: John Minnella [mailto:JohnM@environics.ca]
> > Sent: Monday, October 29, 2001 7:50 AM
> > To: focus-ms@securityfocus.com
> > Subject: Secure Windows 2000 pro/server
> >
> >
> > Hi,
> > are there any good write ups on how to secure/harden Windows 2000
Pro?
> >
>
>
- Previous message: Mark Medici: "RE: Passwords"
- Maybe in reply to: John Minnella: "Secure Windows 2000 pro/server"
- Next in thread: Salisko, Rick: "RE: Secure Windows 2000 pro/server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
