For professionals who are heavily involved with Windows, a book titled
"Hardening Windows" just cries out to be read. As you might suspect,
this book is about computer security, and it begins with a quote from
security expert Scott Collins, who says "you should be exactly as
paranoid as it is cost-effective to be." That's timely advice, given
that today's computer systems are under constant attack. Some of those
attacks are vicious and designed to cripple a company's computer
systems. And although other attacks are simply a nuisance, they still
result in lost time, money, and productivity as staff repair the
damage.
The author of "Hardening Windows" is Jonathan Hassell, a systems
administrator and IT consultant who defines the term "hardening" as
"the process of protecting a system against unknown threats." He
continues by saying that one of a system administrator's primary goals
should be to "harden against whatever they think could be a threat."
To be effective in supporting and achieving that goal, Hassell
believes that all companies need to have a well-defined, practical
security policy. He points out that the four cornerstones of any such
policy are privacy, trust, authenticity, and integrity. Privacy is the
capability that a company or organization possesses to keep
information confidential, and trust questions the validity of data and
objects by not simply accepting things at face value. Authenticity
involves ensuring that people really are who they say they are, and
integrity ensures that systems aren't compromised in any way.
In the opening chapter of the book, Hassell presents the theory
behind hardening and provides a general overview of computer security.
He explains that "focusing for a bit on the more general aspects of
computer security allows you to harden your systems in ways that you
might otherwise ignore or fail to imagine." The author addresses
security concerns for Windows NT, Windows 2000, and Windows XP in the
second, third, and fourth chapters, respectively.
The book provides an additional six chapters, each of which
discusses different subjects associated with the security and
integrity of a company's systems and networks. For example, two of
these chapters cover the topics of Microsoft IIS security and
Microsoft Exchange 2000 Server security, while others discuss patch
management and the steps involved in defining enterprise security
policies with Win2K and later OS versions. You can browse through the
book's table of contents on the book publisher's Web site at
http://www.apress.com . While you're there, you can download chapter
10 of the book, titled "Security Auditing and Event Logs."
In addition to discussing guidelines for hardening a system's
software, Hassell makes sure readers are aware that they need to take
steps to harden their hardware. In fact, he's quick to point out that
he would have been remiss not to include these steps. After all, he
says, "Windows depends as much on external hardware devices for
security as it does on its own internal mechanisms."
One of the features of "Hardening Windows" that I particularly
liked is the inclusion of checkpoints at the conclusion of each
chapter. Reading through these lists represents a quick, convenient
way of recapping the major points that the author has covered in each
of the chapters.
These checkpoints also act as spurs to carry out actions to
increase your system's security. For instance, two of the checkpoints
from the chapter on XP security are to "use XP's included Internet
Connection Firewall (ICF) to close off open ports" and to "enable ICF
logging for later forensic analysis and intrusion detection." For
quick reference, the book's only appendix contains a master list of
all the checkpoints that the author discusses throughout the book.
I personally favor technical books that I don't have to read from
cover to cover to make maximum use of them. The manner in which
Hassell has put together "Hardening Windows" means that each of the
chapters stands alone. You're free to read them in any order that
suits you and to bypass any sections that aren't immediately relevant
to you or your work.
The most appealing aspect of this book is the amount of useful
information that it contains, without it being comprised of hundreds
of pages. Although his book is less than 200 pages in length, Hassell
fits in more than 140 suggestions for hardening your systems. He
openly admits that he never set out to write a "1600-page Windows
bible" but instead he created a book that's "meant to be carried under
your arm to client workstations, placed on the top of the server rack,
or snugly kept right beside your monitor for easy reference."
In a book of this limited size, it's physically impossible to
address every security concern that affects Windows. Hassell
justifiably explains that his book "would never be complete if it
attempted to describe every view of every way to possibly secure a
system from an unknown threat." Instead, he chose to "keep the book
short, using proven, time-tested ways to achieve maximum protection
for the time and money invested." That's an explanation that I
wholeheartedly agree with.
Hardening Windows
Author: Jonathan Hassell
Publisher: Apress
Published: April 2004
ISBN: 1-59059-266-2
Paperback, 185 pages
Price: $29.99