Hardening Windows Systems

A trip to the local book store will quickly show you that there is no shortage of books on the subject of network security. In fact, Roberta Bragg, the author of Hardening Windows Systems, has written some of the other contributions to this genre as well. So, why another one? Osborne / McGraw-Hill publishing, publishers of the Hacking Exposed series, introduced the Hardening Series of books, to add a fresh perspective and approach to network security books. Rather than simply regurgitating the same theoretical material and security best practice details, these books provide more nitty-gritty, action-oriented information. In the first chapter, Bragg provides a list of ten things you should do immediately to secure your Windows systems. This helps get you very quickly from cracking the cover to getting actionable information you can implement now. Working in I.T. though, I think that the last section is possibly more valuable than the information about securing the system. Getting budget approval, management support and user cooperation are all essential to securing the network and this information is invaluable. I like the structure and approach of this book and recommend it for anyone supporting a Windows-based network. (...)

Roberta Bragg proves once again why she is one of the top Windows Security experts in the world. Unlike most publications that pop out whenever a product "upgrade" by the all-mighty Microsoft empire is released, this text encompasses all product flavors and other MS offerings. I do agree with a previous reviewer that it could've been made better by including 'real world' applications, delving in a bit more on heterogeneous environments where MS products may dominate the architecture, would've been extremely helpful. But, then again, the book is for hardening Windows systems, not hardening network infrastructure (you'll need Wesley Noonan's book for that - a good one as well). Overall, a great book containing tons of immediate solutions for your Microsoft systems, a definite must-buy!

Roberta Bragg's _Hardening Windows Systems_ (HWS) is exactly the sort of book I expected from McGraw-Hill/Osborne's new 'Hardening' series. The publisher gained fame through its assessment-oriented 'Hacking Exposed' series, and now it advocates preventing intrusions via configuration instead of assessment. (Those familiar with my Network Security Monitoring theories will remember I believe 'prevention eventually fails,' but I still recommend doing everything possible to make the intruder's task difficult!) HWS is a Windows security tour-de-force, and I intend to recommend it often. I am blessed by not having to support Windows workstations or servers (other than my family's systems) because I run various UNIX variants at home and at work. If you're stuck defending Windows, HWS will show you how -- immediately. The book has literally one page of theory in ch 1 before advocating numerous 'do it now!' steps. This direct approach keeps the book at a manageable 500 pages or so, yet doesn't skip the details. Furthermore, the term 'Windows' doesn't just mean Windows 2000, the current 'corporate standard' (despite Microsoft's best efforts to encourage upgrades). HWS actually spends time on servers like Windows NT 4, 2000, and 2003, and clients like NT 4, 2000, and XP. Even Windows 95 and 98 receive a few mentions. I was impressed by real advice for operating three sorts of 'domains' in ch 4 -- workgroups, NT 4 domains, or Active Directory forests. Too often Microsoft concentrates on the latest and greatest, but HWS recognizes corporate realities. HWS includes some of the most information-packed tables I've ever seen. Table 5-3, explaining Windows services that can be disabled to improve security, is awesome. Table 9-3, recommending IE security settings, is similarly helpful. Author Bragg packs so much detail into these tables that reading them alone will help your security efforts. Screen shots are also shown to supplement the step-by-step instructions needed to configure Windows. My only real criticism is the complete focus on Windows-bundled features. There is no mention of helpful third party applications, like OpenSSH, Cygwin, or Perl. A great older book on Windows security called _Securing Windows NT/2000 Servers for the Internet_ explained these and other options. Integration with non-Windows systems and services, like sending Windows Event Logs to syslog servers, would recognize the heterogeneous nature of modern enterprises. I would also like to see information on profiling Windows systems, displaying the ports and services expected to be active. This would help sys admins understand normal Windows behavior and possibly identify intruder activity. I plan to add HWS to my recommended reading Listmania List, and I hope you consider this book if securing Windows systems is on your to-do list.

Most books about security don't really address it. They skirt the issue, or they give general advice instead of specific, applicable directions. "Hardening Windows Systems" is one of the few books I've seen -- and I've seen more than a few -- that goes into remarkable depth into how to toughen up a Windows installation, be it a workstation or a server.The first chapter, "An Immediate Call To Action," starts off, "We have a problem." The problem is that not only does Windows ship in a terribly insecure state, but that most people have no idea how to go about protecting it from compromise. Right away, Bragg shows us specific things to do to make Windows that much more secure in only a few minutes: how to toughen password policies, how to turn off unneeded features that are security holes waiting to happen, how to educate yourself.The book is loaded with deeply insightful advice. One of the best boxouts is on the rising fad of biometric security. Bragg pokes a hole in its inflated reputation and talks about why biometric security is no better than a blank password if the implementation is itself weak. Many of the book's tips focus on preventing sidelong compromises through spoofing of administrative access (such as granting a program elevated privileges), something Windows is notoriously bad at preventing.The last chapter is also among the best: it talks honestly and candidly about how to educate users, administrators and the guys with the money on how to make things more secure. This includes things like being able to communicate about security to the non-technical, a grossy underrated ability for many IT people, and how to educate without being condescending (another thing many tecchies are guilty of, myself included).I'm hoping that this book goes through multiple revisions with each future edition of Windows, because as it stands it's already worth the price. It works as a dive-in-and-start-swimming guide to Windows security (what to do FIRST) and as a detailed course in how to keep things secure for years to come. IT people who don't know where to start should start here.

This book is an excellent resource for the system administrator tasked with securing Miscrosoft Windows systems and networks. There is no room for confusion here, step by step directions tell you how to secure your systems. The first chapter, "An Immediate Call to Action" provides ten things to do immediately to begin the process of securing your Windows systems. The book is definitely designed for administrators working "in the trenches" as it is heavy on practical application and light on "theory." If you are responsible for maintaing the security of a Windows environment, this book is a "must have." I have had the book for about a week and I already have pages bookmarked and highlighted.