The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'NT 4 Network Security'

Cover of NT 4 Network Security
TitleNT 4 Network Security
Author(s)Matthew Strebe, Charles Perkins, Michael G. Moncur, Michael Moncur
ISBN0782124259
LanguageEnglish
PublishedMarch 1999
PublisherSybex
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer security
Amazon.com info for NT 4 Network Security

Score:

Vote for this book

The Virtual Bookcase Reviews of 'NT 4 Network Security':

Reviewer amazon.com wrote:
A massive volume covering a decidedly massive topic, NT 4 Network Security is a well-constructed collection of network-security jewels. The book starts out by breaking down basic security concepts and terminology, such as data theft, data communication security, and file system security. Subsequent portions discuss larger and more Windows NT-specific topics, such as Virtual Private Networking using the Microsoft Point to Point Tunneling Protocol and potential BackOffice security holes. In addition, the authors deal heavily with the issue of creating a coherent and logical corporate security policy. Not only do they weave policy suggestions into the book, but they also devote a chapter and appendix exclusively to the subject. In addition to its content, the design of this book is especially nifty. The pages are studded with tips, terminology, and reality-check sidebars. These contain such nuggets as the URL for the Microsoft Web site, which has software updates to fix security holes in Windows NT that diligent anti-Microsoft hackers have unearthed. They also contain anecdotal data mined from many collective years of consulting experience. (The implied message is to learn from the mistakes of others.) This volume's five appendices are also super-handy. One contains a list of Windows NT security utilities, another features a wealth of online resources, and yet another tackles the security enhancements in Windows NT 5 (now called Windows 2000).
Reviewer Rob Slade wrote:
While dauntingly thick, this is a generally readable, and fairly comprehensive, introduction to security in general, and particularly to Windows NT in a networked environment. On the other hand, it sometimes has less material than you would expect. Chapter one presents a general overview of security, touching lightly on a range of topics and indicating areas the book is going to cover. It is interesting to note that one subject seems to be left out: data and business recovery is only mentioned tangentially. For example, the NTFS disk format is noted to fully support security, but the possible problems in recovering when the disk goes bad are not mentioned. Human security, in chapter two, covers a wide range of social factors, including an extensive discussion of password choice, and the importance of treating your employees fairly and well. The explanation of encryption, in chapter three, deals with a number of important aspects, but is poorly structured. It also brings in a number of unrealistic factors, such as the use of quantum computers, and neglects some fairly important current developments. A general plan for administering security is proposed in chapter four. Chapter five presents the Windows NT security model, and, while it does a better job than many other such works, it does not really provide a clear working picture. User account functions, with another look at passwords, is reviewed in chapter six. System policy is introduced in chapter seven, but the overall operation and effect is not explained well, and the material almost immediately degenerates into a terse listing of policy options. Although chapter eight purports to examine file systems, most of it deals with setting security permissions with NTFS. Chapter nine starts to look at networking issues with workgroups and shares. Unfortunately, while the mechanics of sharing operations are clear enough, the concepts are not. Domains and trust relationships are introduced, but not very functionally, in chapter ten. Fault tolerance, in chapter eleven, gives some basic information on various types of disk redundance, and a few tips on backup. Chapter twelve talks about virus protection. I am used to security texts that have numerous mistakes in this area, but I was astonished to see, at the beginning of this section, mention of a "CMOS virus" (no such thing) that infects the CMOS BIOS code. A computer's "CMOS" is the term used to refer to the small chip containing battery supported memory, holding a small table of information. This information is used by the BIOS programming, which programming is generally stored in read-only memory. (The next page actually mentions this.) CMOS memory is generally too small to hold any effective virus. In addition, it is only called as data, and no program that you did manage to store in the CMOS area would ever run. In any case, the text goes on to say that these viruses can obtain complete control over a computer, and cannot be removed by most antiviral software. (I suppose the statement about removal is true enough: since they don't exist, who would bother to write removal programs?) There is also an erroneous account of the Brain virus, a two page exegesis on Java that finally admits Java can't be used to create viral applets, a statement that NT is "immune" to file viruses (it's not), a list of antiviral types that only mentions different types of scanners (never mentioning activity monitors or change detection software), and a section on trojan software. Remote access actually starts with a brief mention, at the end of chapter twelve, of the dangers of pcAnywhere. (Both here and in the following, there are stories of scanning local networks from home ISP service. The authors do not mention that this operation is restricted to those with cable modems.) Chapter thirteen starts off with some opining on phone phreaking, but then does move on to some reasonable information on securing dial-in situations. The material on multi- vendor networks, in chapter fourteen, does little more than assert that other operating systems have security holes, too, you know! Chapter fifteen is an introduction to the Internet, but, because of a rather loose structure, does not present security concepts in a coherent manner. Similarly, the overview of TCP/IP, in chapter sixteen, lists a number of potential problems with the protocols but not much instruction on what to do about them. Chapter seventeen describes a rather random bag of advice on security aspects on client (non-server, or, in other words, user) machines. Then we move back into network territory with a blend of firewall and virtual private network (VPN) technology in chapter eighteen. Chapter nineteen tells us about VPNs, with a few mentions of firewalls. Microsoft BackOffice is reviewed in chapter twenty, but without much specific information about security. Chapter twenty one lists a variety of user (application) level security loopholes. A number of attacks available at the network level are listed in chapter twenty two. "The Secure Server," in chapter twenty three, looks primarily at physical security and concerns (and finally admits that NTFS can be bypassed after all). Chapter twenty four looks at physical matters again, mostly in the TEMPEST realm (and with a little misinformation about fibre optics and fish tanks). The authors have tried to lighten up a rather heavy topic by including humour in the text. While the remarks don't really get in the way of the content, they don't really support it, either. There is also an attempt to keep readers from getting lost in the jargon by providing "terminology" boxes throughout the book. This is helpful, but is not used as consistently as it could be. Acronyms, in particular, frequently start to appear in the text without ever having been specifically defined. This work has better conceptual coverage than "Microsoft Windows NT 4.0 Security, Audit, and Control" by James G. Jumes et al, (see reviews), and is about equal to "Windows NT Server 4 Security Handbook" by Hadfield, Hatter, and Bixler (see reviews). There is better structure and more willingness to discuss flaws than is apparent in the "Windows NT Security Guide" by Stephen A. Sutton (see reviews). It has perhaps the same level of quality, and is certainly larger than "Windows NT Security" by Charles B. Rutstein (see reviews), but there is not as much depth in places. "PCWeek Microsoft Windows NT Security," by Lambert and Patel (see reviews), has better material in significantly less space. In terms of Internet material, it is about the same as "Internet Security with Windows NT," by Mark Joseph Edwards (see reviews), although it could hardly be worse. In general it is a good, useful guide, but there are still a number of holes to patch. copyright Robert M. Slade, 2000
Add my review for NT 4 Network Security

Book description:

Malevolent hackers, disgruntled employees, acts of nature--what could bring your NT network to its knees? Find out with the second edition of this comprehensive guide to NT security. Practical examples show you how to identify and defend against real security threats, whether your network handles two users or two thousand. Learn how to attack your own NT network and servers to identify weak links; inoculate your servers and clients against viruses; secure data against theft and corruption; and protect equipment from theft or malicious damage. Includes special coverage of Internet- and intranet-related security issues.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement