- Paperback: 628 pages
- Publisher: McGraw-Hill Osborne; illustrated edition edition (1 Nov 2003)
- Language English
- ISBN-10: 0072230614
- ISBN-13: 978-0072230611
- Product Dimensions: 22.9 x 18.5 x 3 cm
- Average Customer Review: 1.0 out of 5 stars See all reviews (2 customer reviews)
- Amazon Bestsellers Rank: 1,071,510 in Books (See Top 100 in Books)
- See Complete Table of Contents
Did you know you can trade in your old books for an Amazon.co.uk Gift Card to spend on the things you want? Plus, get an extra £5 Gift Certificate when you trade in books worth £10 or more before June 30, 2012. Visit the Books Trade-In Store for more details. |
|
There is a newer edition of this item:
|
Product details |
More About the Authors
Discover books, learn about writers, and more.
Product Description
Product Description
Complete coverage of the new security features in Windows Server 2003—all in the best-selling Hacking Exposed format.
Hacking Exposed Windows Server 2003 is ideal for any network professional working with a Windows Server 2003 and/or Windows XP system.
From the Back Cover
"The end-all of hacking.... A must-read if you want to secure your networks." --W2Knews
Plug the holes in your Windows infrastructure by seeing it through the eyes of the attacker
Protect your Windows Server 2003 systems from the latest widespread and devastating attacks the tried-and-true Hacking Exposed way. You'll learn, step-by-step, how intruders locate targets, gain super-user access, and ransack compromised networks. Fully updated chapters detail all-new Windows Server 2003 footprinting and scanning methods, IIS6 security flaws, buffer overflow exploits, Terminal Services hacks, and DoS/DDoS vulnerabilities. Real-world cases and code examples demonstrate the most current dangers and spell out countermeasures to stonewall malicious intruders every time.
New and Updated Material:
- All-new Windows footprinting and scanning tools and techniques
- NetBIOS, MSRPC, SMB, DNS, SNMP, and Active Directory enumeration protection
- Updated exploits of Windows-specific services, including the MSRPC interface vulnerability that led to the Blaster worm, SQL Slammer, and eavesdropping attacks on Kerberos
- Details on the new IIS6 security architecture, URLScan, Microsoft Web services source code disclosure exploits, and HTR chunked encoding exploits
- All-new Terminal Services information including new password guessing, privilege escalation, and eavesdropping countermeasures
- New client-side exploits using popular multimedia file formats, and strong new countermeasures using Internet Explorer Enhanced Security Configuration
- The latest countermeasures for Denial of Service (DoS) attacks including bogon filtering and sink holes
- New security features such as Internet Connection Firewall, software restriction policies, and updates to IPSec
About the Authors:
Joel Scambray is Senior Director of Security for Microsoft's MSN and Stuart McClure is President/CTO of Foundstone, Inc., an enterprise security products company. They are co-authors of four editions of Hacking Exposed as well as Hacking Exposed Windows 2000.
Inside This Book
(Learn More)
First Sentence
It's difficult to talk about any system in a vacuum, especially one that is so widely deployed in so many roles as Windows Server in all of its flavors. Read the first page
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
It's difficult to talk about any system in a vacuum, especially one that is so widely deployed in so many roles as Windows Server in all of its flavors. Read the first page
Explore More
Concordance
Browse Sample PagesConcordance
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Tag this product(What's this?)Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organise and find favourite items. |
Sell a Digital Version of This Book in the Kindle Store
If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store.
Learn more
What Other Items Do Customers Buy After Viewing This Item?
Customer Reviews
Most Helpful Customer Reviews
24 of 24 people found the following review helpful
Format:Paperback
First of all let me say that I have purchased 3 Hacking Exposed... titles before this one and I was happy with each of them. I therefore had no problems forking out £25 on this tome......until such times as I actually received it and began to read. This seems little more than a blatant attempt to extort money on the back of a successful series of books.
The amount of W2003 specific material could have been written on the back of a postcard stuck inside the cover. It has a chapter on IIS hacking which starts off telling you that IIS 6 is pretty secure and then fills up page after page of how to hack IIS 5. Ummmmm..didn't you already release (and get paid for) Hacking Windows 2000? This sort of tactic is used to fill up virtually every chapter of the book, with some chapters including such pearls of wisdom as "you should apply the MS00-xx patch", er...that patch would be 4 years old now. Yes I should apply it, but W2003 specific/relevant? Nope, not by a long chalk.
The only pieces of information I found useful were that W2003 domain controllers relax the security on SMB (think RestrictAnonymous) such that a lot of attacks work, and that TS now has a "Deny logon through Terminal Services" user right. They didn't even tell me how to resolve the lower privilege on SMB for DC's issue!! GAH! Save your money.
4 of 4 people found the following review helpful
Format:Paperback
I've read most of the Hacking Exposed series and have always been impressed, as the books have always been well documented, and extremely well written. That is until this one came along.
This book spends more time discussing Windows 2000 server than it does Windows 2003, and that's a real disappointment. If I would have known this I would never have wasted the money on this book, as I already have the Windows 2000 version(damn good read).
If you're looking for a book on Windows 2003 security, I really wouldn't bother with this one.
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:
8 reviews
19 of 19 people found the following review helpful
Lots of old information that does not apply to Win2003
27 Dec 2003
Format:Paperback
I like this book because it illuminates many of the approaches a hacker would take when trying to invade the system. But it is already out of date for anyone who has Windows 2003 and the latest version of IIS and SQL Server.
Most of the entire section on IIS describes vulnerabilities in IIS 5.0 and does not apply to Win2003. Some of the recommended tools from Microsoft will not even download onto a Win2003 machine running IIS 6!
The SQL Server chapter describes vulnerabilities that are already fixed in SP3. It does however describe application defects that can be exploited, and tells how to guard against them.
So, this is a good reference on general vulnerability mitigation, but much of the information is already out of date as of Christmas 2003.
12 of 13 people found the following review helpful
Not the ultimate Windows 2003 security book, but still solid
2 Jun 2004
Format:Paperback
"Hacking Exposed: Windows 2000" (HE:W2K) was published in August 2001, eight months after the W2K OS was released to manufacturing (RM) in December 1999. "Hacking Exposed: Windows 2003" (HE:W03) was published in October 2003, seven months after the Windows 2003 OS was RTM. Does the shorter gap between OS availability and book publication hurt the successor to the original hit Windows security book? It's possible, but I don't see many contenders for the title of best Windows assessment guide. Because this book delivers the technical goods in a proven format, I give HE:W03 four stars.
I gave the original HE:W2K five stars for finally breaking out Windows-specific security material into its own "Hacking Exposed" title. HE:W03 is mainly an update of its predecessor, a fact I confirmed with a chapter-by-chapter evaluation. HE:W03 has a new foreword and better organization. Ch 1 sports five more pages, and ch 2 offers a new discussion on service accounts and groups. Ch 4 adds an RPC enumeration section while ch 5 provides info on sniffing Kerberos authentication. Ch 6 mentions exploiting the Windows debugger but is short on details. Ch 7 explains psexec and ch 8 explains usage of MDcrack. Ch 10 gives new info on IIS 6, ch 11 mentions SQL Slammer and more defensive strategies, and ch 12 updates remote access methods for Windows XP and 2003. Ch 13 presents a few recent client-side attacks and ch 16 mentions several defensive tools. Ch 17 is mainly original, although the Windows OS roadmap appears as dated as the one first proposed in HE:W2K. Oddly, chs 9, 10, and 16 were missing material, like talk of hiding files via streaming and the "runas" command. Ch 3, 14, and 15 are mostly the same.
HE:W03 is still the best book available if you want to learn how to assess and compromise Windows servers using publicly available tools. It will not teach original exploitation techniques like coding exploits, although this is usually unnecessary when admins deploy stock servers with blank administrator passwords. The authors are experts when it comes to performing pen tests of Windows targets, even though they are unapologetic Windows fans. (Page 195 bears the quote "command-line brain damage of Linux.") Their bias is also apparent as they question the applicability of the word "monopoly" to Microsoft (a legal fact); this isn't surprising given the authors' employers. Their bias also colors their judgment in the introduction, where they propose that security is a zero sum game between security and usability. Attitudes like that can no longer cover for Microsoft's security lapses.
If you're forced to run Microsoft products, it pays to understand how intruders can compromise them. It's also helpful to know how to defend those systems. HE:W03 shows both sides of the coin in the plain language readers have been enjoying since the original "Hacking Exposed" was published in 1999. I recommend this book, especially if you haven't read HE:W2K.
12 of 13 people found the following review helpful
Good place to start, but just a refresh on the 2000 edition
1 Mar 2004
Format:Paperback
Having read "Hacking Exposed Windows 2000" (and most of the other Hacking Exposed books), and just started using Windows 2003 Server, I ordered this book with an eager anticipation for what it would reveal on Microsoft's supposedly significantly more secure OS.
The opening chapters were a disappointment and in general a lot of the content had been copied from the previous Windows 2000 edition, often with just "Windows 2000" replaced with "Windows 2003", which while sometimes accurate, was more often than not, completely inaccurate.
Many of the example outputs and screen shots didn't match the text and often there were inconstancies in the outputs, suggesting that they had perhaps been hand crafted.
In general the editing was poor and this book didn't really come up to the standard I've come to expect from the Hacking Exposed series. It had all the hallmarks of a book rushed to press.
As for Win2003 specifics, there was actually very little. Weather that's because Win2003 is super secure... or just that the author's (and perhaps the hacking community) hadn't really come to grips with the product....
Even the updated Win2000 content was largely pre SP3, which is odd, since SP4 had gone public, well before this book was released (in fact, some of the virus/worm references in the book are post SP4's release).
If you haven't read the Windows 2000 edition, then don't bother, get this one, it has all the content from that edition, plus a small amount of new Win2003 content.
If you've already read the Win2000 edition recently, then don't bother with this one, especially if you're already playing with Win2003. You've probably got most of the Win2003 info already, from MS and other public sources.
I've just started reading "Microsoft Windows Server 2003: Insider Solutions" (ISBN 0-672-32609-4) written by a team of writers who have been using Win2003 in it's pre-beta and early adopter stages. These guys had been using Win2003 since most of us got Win2000! Hopefully this will cover some of the security aspects that are missing in the Hacking Exposed book.
Were these reviews helpful?
Let us know
Listmania!
Look for similar items by category
Look for similar items by subject
Feedback
- Would you like to update product info or give feedback on images?
- I am the Author, and I want to comment on my book.
- I am the Publisher, and I want to comment on this book.
