The publication of Windows 2000 Server Security
coincides with the release of the first distributed denial of service (DDoS) program for Win32 systems, Troj_Trin00. Windows server admins have never needed a greater understanding of network security. Microsoft has put major efforts into Win2000 security. The authors discuss the new features: Kerberos v5, the Encrypting File System (EFS) and IPSec, which secures data on the move. Much of this depends on integrated support for public key encryption systems. They also discuss permissions in the new Active Directory service.
"Discuss" is the operative word here. This is not a how-to book, and won't satisfy readers wanting to learn how implement the various security options available. Most of the content of the first nine chapters is distilled into an "executive briefing"-style tenth chapter, which can itself be boiled down to, "security is a good thing". A "rummage sale" approach to topics, combined with more than a few ungrammatical statements, suggests a rushed approach to sub-editing, as do statements like the authors' incredible claim that "There really is something to be said for attempting 'security through obscurity'". In this reviewer's opinion, obscurity is to security as censorship is to pornography: it only affects those who aren't interested anyway. Windows 2000 Server is here for the long haul, and while those looking for general information will get background here, admins who need to understand the best way to make it secure would do well to wait for more detailed books. --Steve Patient