REVIEW: Internet Security with NT

[mea culpa <jericho () DIMENSIONAL COM>]

From: "Noonan, Michael D" <michael.d.noonan () intel com>

"Internet Security with Windows NT", Mark Joseph Edwards, 1998,
1-882419-62-6, U$49.95
%A   Mark Joseph Edwards mark () ntshop net mark () ntsecurity net
%C   221 E. 29th St., Loveland, CO   80538
%D   1998
%G   1-882419-62-6
%I   Duke Communications/29th Street Press
%O   U$49.95 800-621-1544 970-663-4700 fax: 970-667-2321
%O   www.29thstreetpress.com ccarmel () 29thstreetpress com
%P   515 + CD-ROM
%T   "Internet Security with Windows NT"

The introduction states that the book is intended for those with little or
no NT security knowledge, but I suspect that making this the sole resource
for a new system manager would be a dangerous thing, since it provides the
proverbial "little knowledge."

Chapter one gives the user or administrator too much and, at the same
time, not enough background on TCP/IP.  There is a lot of trivia that does
not relate to security, while there is no discussion of, for example,
dynamic re-routing, which would be important in future examinations of IP
spoofing.  The grab bag of mostly intrusion related information in chapter
two is not terribly helpful in preparing a defence.  It is not clear to me
why this part is entitled "TCP/IP Essentials."

Part two outlines the basics of the Microsoft Windows security model.
There is little presentation of a conceptual understanding or framework of
the foundation chapter three, which instead lists a number of terms and
programs.  The "how to" of simple security operations is more
comprehensible in chapter four.

Part three talks about principles of network security.  Chapter five does
not deal with multiprotocol networks, but again lists an assortment of
security concerns.  A number of security threats are described in chapter
six, but not in an organized fashion.  (The virus information, obtained
from the Semantec [sic] Anti-virus Research Center, is basically useless.)
A number of aspects that should be addressed in a security policy are
listed in chapter seven.  Chapter eight discusses a number of client
programs for NT, but without much security relevance.  A number of attacks
are tersely described in chapter nine.

Part four looks at firewalls.  Chapter ten does a reasonable job of
explaining the different types of firewalls, although it also includes
some unrelated material.  Some considerations for evaluation are given in
chapter eleven.

Part five outlines the Microsoft Proxy Server.  Chapter twelve runs
through dialogue boxes in the Internet Information Server.  The proxy
server itself is described in chapter thirteen.  Design issues are
discussed in chapter fourteen.  Implementation is talked about in chapter
fifteen, although there are a number of areas not completely covered.
Some client considerations are mentioned in chapter sixteen.  Seventeen
looks at troubleshooting and maintenance.

The book can provide some useful material, although most of the utility
comes from the appendices, listing quick suggestions and resource
contacts, rather than the text itself.  Much of the content is unfocussed
and almost disorganized.  Some topics included are not immediately
relevant to security work, while other areas stop short of actually
helping the user or administrator.

copyright Robert M. Slade, 1999 BKINSCNT.RVW 990625

ISN is sponsored by Security-Focus.COM