The concern of this tutorial is the security of the Windows NT and Windows 2000 operating systems. Practical methods for implementing a security design are presented; this is the main merit of the book. Moreover, suggestions are given for such a design.
The first part contains a brief introduction to security concepts and an overview of the Windows NT 4.0 security functions.
Part 2 is the core of the book. It explains Windows NT 4.0 security components. File and directory security is the basis of all security; it is based on permissions. User profiles and system policies control what appears on the desktop, the system settings, and access to resources. They apply to all users, groups of users, individual users, all computers, or individual computers. The Microsoft Proxy Server implements firewalls, including packet filtering, domain filtering, hiding internal IP addresses, logging, monitoring, and alerting. The author discusses security concerns of the system registry. The audit feature enables system managers to track events; an audit policy must be designed and implemented. Two newer features, the Microsoft Management Console (MMC) and the Security Configuration Manager (SCM), point to Windows 2000. The MMC will be the central management and administration tool of Windows 2000 networks. In NT 4.0, it has only a small amount of functionality. The SCM combines many security management features that had been spread out over many tools; all of the major security settings are covered here.
Chapter 6 addresses cryptography, authentication (Kerberos), and digital signatures as general subjects.
Part 3 introduces some of the new features in Windows 2000. Here, the MMC is realized for all system-related management tasks. The active directory service is based on a hierarchical name space. It organizes objects in the network, provides a means to locate them, and allows centralized or distributed management. The security configuration tool set is a group of services and tools for building and maintaining system security. Group policies make it possible to change settings for groups of users or computers, not only security settings. The distributed file system enhances scalability. Its security features are introduced, and the encrypting file system is covered in some detail.
The part on general security concepts is too short, and no references are given. For example, the terms “firewall” and “Trojan horse” are not explained (the index does contain an entry for “firewall,” but the referenced page provides no explanation). If a more economical layout had been used, or if some of the many screenshots had been omitted, a lot of additional space would have been available for a broader exposition of general security subjects.
The book is well written and easy to understand. The recipes are clear, except that acronyms are used but not explained, and there is no glossary.
The book is intended for system and network administrators and other professionals who need to apply Windows NT or Windows 2000 security features. Readers should have a good administrative knowledge of the operating system they are interested in.
