Shop now Learn more Shop now Shop All Amazon Fashion Shop Suki Ad Campaign Pieces Cloud Drive Photos Shop now Amazon Fire TV Shop now Halloween Pets Shop now Shop Fire Shop Kindle Voyage Listen in Prime Learn more Shop now
  • RRP: £19.99
  • You Save: £18.22 (91%)
FREE Delivery in the UK on orders with at least £10 of books.
Only 1 left in stock (more on the way).
Dispatched from and sold by Amazon. Gift-wrap available.
Securing Windows NT/2000 ... has been added to your Basket
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Securing Windows NT/2000 Servers for the Internet Paperback – 27 Nov 2000

2 customer reviews

See all formats and editions Hide other formats and editions
Amazon Price
New from Used from
"Please retry"
£1.01 £0.01

Great Discounts
Shop the Books Outlet. Discover some great deals on top titles. Shop now
£1.77 FREE Delivery in the UK on orders with at least £10 of books. Only 1 left in stock (more on the way). Dispatched from and sold by Amazon. Gift-wrap available.

Special Offers and Product Promotions

  • Save £20 on with the aqua Classic card. Get an initial credit line of £250-£1,200 and build your credit rating. Representative 32.9% APR (variable). Subject to term and conditions. Learn more.

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet and computer.

  • Apple
  • Android
  • Windows Phone

To get the free app, enter your e-mail address or mobile phone number.

Product details

  • Paperback: 216 pages
  • Publisher: O'Reilly Media; 1 edition (27 Nov. 2000)
  • Language: English
  • ISBN-10: 1565927680
  • ISBN-13: 978-1565927681
  • Product Dimensions: 17.8 x 1.5 x 23.3 cm
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (2 customer reviews)
  • Amazon Bestsellers Rank: 3,198,844 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Author

Discover books, learn about writers, and more.

Product Description


If you are responsible for Windows NT or 2000 security, this book is a must-read. -- Mathias Thurman, Computerworld, Jan 2002

From the Publisher

In recent years, Windows NT and 2000 systems have emerged as viable platforms for Internet servers, but securing Windows for Internet use is a complex task. This concise guide simplifies the task by paring down installation and configuration instructions into a series of security checklists for security administration, including hardening servers for use as "bastion hosts," performing secure remote administration with OpenSSH, TCP Wrappers, VNC, and the new Windows 2000 Terminal Services.

See all Product Description

Customer Reviews

4.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See both customer reviews
Share your thoughts with other customers

Most Helpful Customer Reviews

9 of 10 people found the following review helpful By A Customer on 7 Jan. 2001
Format: Paperback
Anyone serious about setting up a secure and manageable perimeter network of Windows hosts on the internet -and who read Stefan Norberg's white paper on securing Windows NT- knew that this book was something to look out for.
Still, after reading the book, some people may be disappointed that a bit more information and detail haven't been covered. For instance, chapter 2 & 3 explain how NT/2000 hosts can be stripped and secured. However, there isn't a single NTFS DACL (and very few registry DACLs) mentioned in the whole book. Instead, the reader is referred to a couple of URLs. In practice, it means that you will still need the various whitepapers and checklists available on the net to obtain maximum security. The topics that are covered, however, are clearly explained with enough detail. I particularly liked the NT/2000 TCP/IP registry settings and the section on Windows 2000 IPSEC (At last a Windows IPSEC explanation that doesn't start with "Microsoft W2K offers..."). The section on remote management with open source tools like OpenSSH, CygWin, TCPWrappers and VNC is great. As far as commercial remote management products is concerned, only pcANYWHERE is discussed, which imho is a bit limited, as there are other solutions available. The 9-page chapter on backups is fairly useless. Chapter 6, about auditing, however, makes up for it, as it includes sections on NTP time synchronization, syslog remote log management, integrity checking with TripWire.
The biggest shortcoming of the book, imho, is the total lack of security settings and hardening measures for IIS.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
4 of 5 people found the following review helpful By A Customer on 5 Feb. 2001
Format: Paperback Verified Purchase
Typically good O'reilly descriptions of concepts and 'between the lines' opinions on technology implementations.
Sections on free tools like ntp/ssh and appendices listing Microsoft knowledge base articles are simple but invaluable.
This book deals specifically with preparing an NT 2000 host generically for the Internet - System Admins looking for information on general NT security will find this book useful and insightful but should also look elsewhere. Similarly setting up VPN's has only a brief mention.
Personally a lot of the technologies and practices used should be part of every NT installation.
Anyone who works in Internet security will tell you that you need to look in many places to get an overview of best security practice. However this is the best book I have seen in some time that covers the main areas and gets you asking the right questions in one concise edition.
One word of caution though: Security is a volatile business and I would expect a lot of the information to become out of date during the lifetime of the book. Using the URL's provided in the book will certainly help alleviate this.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Helpful Customer Reviews on (beta) 12 reviews
18 of 18 people found the following review helpful
Excellent NT/2000 Security Resource 14 Dec. 2000
By Michael C. Forrester - Published on
Format: Paperback
Stefan Norberg wrote one of the first good securing NT documents that were available on the Internet. This book takes that paper to the next level. I have read and researched quite a bit on securing NT/2000 and from what I've read so far (not quite done yet), I consider this one of the best resources. The section on installing SSH on NT is extremely helpful for those who have not tackled that beast before. Norberg's original paper was considered by many (including myself) to be essential reading for anyone concerned with NT/2000 security. This book is even better and should be a part of the library of any responsible NT/2000 admin.
15 of 15 people found the following review helpful
A must for any Windows NT/2k admin wanting to stay employed 28 July 2001
By Richard Bejtlich - Published on
Format: Paperback
I am a senior engineer for network security operations. I read "Securing Windows NT/2000 Servers for the Internet" (SWNS) to better advise clients on secure configuration of their Windows platforms. Stefan's wonderful book is a testament to the fundamental insecurity of stock Windows platforms. Luckily, his advice transforms vulnerable systems into bastion hosts suitable for deployment on the hostile Internet.
SWNS' key insight is the need to cripple many default Windows services in the interest of security. These troublesome "features" include NetBIOS, the Workstation service, the Server service, and others. In fact, after creating a bastion host, Stefan says "there's no way of administering it remotely!" (This is the case because NT's standard remote admin tools, like Event Viewer and Server Manager, require RPC using NetBIOS.) Thankfully, Stefan provides several options for secure remote administration, like pcAnywhere, Windows 2000 Terminal Services, and open source alternatives (Secure Shell, Virtual Network Computer, etc.)
I concur with an earlier review noting the lack of attention for Microsoft's IIS web server. Hundreds of thousands of Windows machines were recently compromised by the "Code Red" worm, demonstrating two facts. First, Windows is frequently used to host web servers. Second, IIS is frequently deployed insecurely. A second edition of SWNS should add a chapter on configuring IIS. I was also unhappy with Stefan's dismissal of intrusion detection technology in chapter six. He should try the Windows port of the open source Snort IDS.
Overall, SWNS is a must-buy for Windows administrators. The book is a quick read, but it explains many aspects of the internal workings of Microsoft's premier operating systems. As the title implies securing "servers" and not just the underlying operating system, future editions should discuss proper deployment of popular applications for Windows NT/2000, like IIS and Exchange.
14 of 14 people found the following review helpful
Great server security info here for smaller environments 7 Jan. 2001
By Rob - Published on
Format: Paperback
I have been waiting for a book like this for quite a while. For anyone interested in securing W2k Internet servers this book has some excellent advice. The networking security tips are particularly useful and relevant. I was disappointed that there was not more IIS specific security information, given that most W2K servers on the Internet are running IIS. Also, as the author himself points out, much of the changes he is proposing to harden servers are not practical in an enterprise-sized environment. By hardening servers as he describes you loose much of the scalable administration NT and W2K where built around. I would not want to implement the majority of these changes on a production environment of more than 30 or so servers for that reason. I also would not put pcanywhere on any production server as a way to get around just having disabled the functionality of the native remote administration tools. Having said all that, buy this book if you are responsible for securing your Microsoft servers. There is enough great information here to make it well worth it.
14 of 15 people found the following review helpful
A great security book if it fits your needs and architecture 29 July 2001
By Chad - Published on
Format: Paperback Verified Purchase
This is a GREAT book for 2 scenarios:
1) You want a greater understanding of how to secure the NT/2000 operating system (without using 3rd party add-on software). It offers excellent ideas and suggestions on various services and protocols that can be completely disabled in most environments.
2) You run a stand-alone server. When Stefan Norberg says bastion server, that's what he means, NOTHING is getting in. This includes a lot of domain traffic. It would be a disaster to apply this to a computer sitting in a Windows 2000 domain. If you have a stand-alone web server that you want to lock down, then this is you book!
As for other observations...
A few of the extremely useful NT4 bastion server steps are not even given for Windows 2000 use. I was especially disappointed that he gave no description on how to disable the DOS subsystem in Window 2000 (because the NT4 steps sure won't work).
The author provides his email address, but don't bother. He doesn't reply to professional emails containing legitimate comments on his work. Next time, he better just leave the email address out.
I would prefer a 2nd Edition with the NT4 information removed (and even some of the information on the vastly unpopular IPsec) to allow for more in-depth material on Windows 2000 (and even the up and coming Windows XP).
7 of 8 people found the following review helpful
Very highly recommended for systems administrators 23 Jan. 2001
By Midwest Book Review - Published on
Format: Paperback
In Securing Windows NT/2000 Servers For The Internet, Stefan Norberg is designed to assist the experienced users of Windows NT/2000 to protect their computers from Internet intrusion, sabotage, information theft, and other unwanted encroachments. Very highly recommended for systems administrators and the non-specialist general users concerned with security issues, Securing Windows NT/2000 Servers For The Internet covers every aspect of building Windows 2000 security systems is comprehensively presented.
Were these reviews helpful? Let us know