Windows IT Library UPDATE--May 19, 2004

This Issue Sponsored By

Simplify, Automate, and Secure Group Membership Administration

Exchange & Outlook Administrator


1. Book Review
- Hardening Windows

2. New from Windows IT Library
- Inheritance

3. New Books in Print
- Network Security Hacks
- Managing Windows with VBScript and WMI

4. New eBooks
- A Guide to DNS and Windows 2000
- Building the Small Business Infrastructure
- Preemptive Email Security and Management

5. Windows IT Library Top Five
- Microsoft Windows NT Server Administrator's Bible: Option Pack Edition
- The Microsoft Outlook E-Mail and Fax Guide
- A+ Certification: How to Pass Your Exams
- Microsoft Windows NT Secrets: Option Pack Edition
- Undocumented Windows NT

==== Sponsor: Simplify, Automate, and Secure Group Membership Administration ====
Are you bogged down by requests for distribution list changes? Everyone thinks that their request is the most important and should be fulfilled immediately - after all, it's just a few names that need to be changed, right? Wrong. Managing distribution groups is time consuming for IT departments and risky for the business. End user expectations for accuracy and turnaround time conflict with the significant number of change requests. Implementing these best practices for maintaining distribution and security group memberships not only reduces the burden on IT resources and enhances employee satisfaction, but also provides consistency and security to your organization. Learn how to automate this cumbersome process with this white paper titled: Automating Group Membership Administration.


==== 1. Book Review ====

Hardening Windows
Author: Jonathan Hassell
Publisher: Apress
Published: April 2004
ISBN: 1-59059-266-2
Paperback, 185 pages
Price: $29.99

For professionals who are heavily involved with Windows, a book titled "Hardening Windows" just cries out to be read. As you might suspect, this book is about computer security, and it begins with a quote from security expert Scott Collins, who says "you should be exactly as paranoid as it is cost-effective to be." That's timely advice, given that today's computer systems are under constant attack. Some of those attacks are vicious and designed to cripple a company's computer systems. And although other attacks are simply a nuisance, they still result in lost time, money, and productivity as staff repair the damage.

The author of "Hardening Windows" is Jonathan Hassell, a systems administrator and IT consultant who defines the term "hardening" as "the process of protecting a system against unknown threats." He continues by saying that one of a system administrator's primary goals should be to "harden against whatever they think could be a threat." To be effective in supporting and achieving that goal, Hassell believes that all companies need to have a well-defined, practical security policy. He points out that the four cornerstones of any such policy are privacy, trust, authenticity, and integrity. Privacy is the capability that a company or organization possesses to keep information confidential, and trust questions the validity of data and objects by not simply accepting things at face value. Authenticity involves ensuring that people really are who they say they are, and integrity ensures that systems aren't compromised in any way.

In the opening chapter of the book, Hassell presents the theory behind hardening and provides a general overview of computer security. He explains that "focusing for a bit on the more general aspects of computer security allows you to harden your systems in ways that you might otherwise ignore or fail to imagine." The author addresses security concerns for Windows NT, Windows 2000, and Windows XP in the second, third, and fourth chapters, respectively.

The book provides an additional six chapters, each of which discusses different subjects associated with the security and integrity of a company's systems and networks. For example, two of these chapters cover the topics of Microsoft IIS security and Microsoft Exchange 2000 Server security, while others discuss patch management and the steps involved in defining enterprise security policies with Win2K and later OS versions. You can browse through the book's table of contents on the book publisher's Web site at . While you're there, you can download chapter 10 of the book, titled "Security Auditing and Event Logs."

In addition to discussing guidelines for hardening a system's software, Hassell makes sure readers are aware that they need to take steps to harden their hardware. In fact, he's quick to point out that he would have been remiss not to include these steps. After all, he says, "Windows depends as much on external hardware devices for security as it does on its own internal mechanisms."

One of the features of "Hardening Windows" that I particularly liked is the inclusion of checkpoints at the conclusion of each chapter. Reading through these lists represents a quick, convenient way of recapping the major points that the author has covered in each of the chapters.

These checkpoints also act as spurs to carry out actions to increase your system's security. For instance, two of the checkpoints from the chapter on XP security are to "use XP's included Internet Connection Firewall (ICF) to close off open ports" and to "enable ICF logging for later forensic analysis and intrusion detection." For quick reference, the book's only appendix contains a master list of all the checkpoints that the author discusses throughout the book.

I personally favor technical books that I don't have to read from cover to cover to make maximum use of them. The manner in which Hassell has put together "Hardening Windows" means that each of the chapters stands alone. You're free to read them in any order that suits you and to bypass any sections that aren't immediately relevant to you or your work.

The most appealing aspect of this book is the amount of useful information that it contains, without it being comprised of hundreds of pages. Although his book is less than 200 pages in length, Hassell fits in more than 140 suggestions for hardening your systems. He openly admits that he never set out to write a "1600-page Windows bible" but instead he created a book that's "meant to be carried under your arm to client workstations, placed on the top of the server rack, or snugly kept right beside your monitor for easy reference."

In a book of this limited size, it's physically impossible to address every security concern that affects Windows. Hassell justifiably explains that his book "would never be complete if it attempted to describe every view of every way to possibly secure a system from an unknown threat." Instead, he chose to "keep the book short, using proven, time-tested ways to achieve maximum protection for the time and money invested." That's an explanation that I wholeheartedly agree with.

Tony Stevenson
[email protected]
Windows IT Library Guest Reviewer

For more book reviews, visit the Windows IT Library Web site.

==== Sponsor: Exchange & Outlook Administrator ====
Try a Sample Issue of Exchange & Outlook Administrator!
If you haven't seen Exchange & Outlook Administrator, you're missing out on key information that will go a long way towards preventing serious messaging problems and downtime. Request a sample issue today, and discover tools you won't find anywhere else to help you migrate, optimize, administer, and secure Exchange and Outlook. Order now!


==== Announcements ====

Windows Connections, October 24-27, Orlando, Florida
Save these dates for the Fall 2004 Windows Connections conference, which will run concurrently with Microsoft Exchange Connections. Register early and receive admission to both conferences for one low price. Learn firsthand from Microsoft product architects and the best third-party experts. Go online or call 800-505-1201 for more information.

New Web Seminar: Preemptive Email Security Works for Chick-fil-A--It Can Work for You
Become the company hero! Save your company time and money by preventing unwanted and lost email. In this free Web seminar, hear from an email expert--and learn from a real-world Chick-fil-A case study--about how you can reduce spam and viruses and improve email security and employee productivity. Register now!

Free White Paper--Learn How to Eliminate the Top 5 Email Security Threats Including Spam and Viruses
Discover the top 10 reports every email administrator shouldn't live without, including dashboard views that show threats to your network and how they are being blocked. Plus, learn how to eliminate the top 5 email security threats including spam and viruses. Get this free white paper today!

==== 2. New from Windows IT Library ====

This chapter from "The Guru's Guide to SQL Server Architecture and Internals" gives you an architectural and a practical-use overview of XML for SQL Server (SQLXML). You'll find out how the SQLXML technologies are designed and how they fit together, and you'll learn about practical applications such as using OPENXML, accessing SQL Server over HTTP, and using URL queries.

In this chapter from "Building Applications and Components with Visual Basic .NET," you'll find out about inheritance, a key design feature of OOP that the Windows .NET Framework relies on. After reading this chapter, you'll know why inheritance is important, and you'll know about inheritance from a class, polymorphism and type substitution, and replacement of methods in a derived class.

==== 3. New Books in Print ====

Network Security Hacks
This information-packed book provides more than 100 quick, practical, and clever things to do to help make your Linux, UNIX, and Windows networks more secure. These security hacks don't just cover securing TCP/IP-based services, they also provide intelligent host-based security techniques. Loaded with concise but powerful examples of applied encryption, intrusion detection, logging, trending, and incident response, the book demonstrates effective methods for defending your servers and networks from a variety of devious and subtle attacks.

Managing Windows with VBScript and WMI
"Managing Windows with VBScript and WMI" explains how Windows administrators can effectively use VBScript to automate common administrative tasks and simplify complex ones. Detailed coverage of security concerns provides admins with the means for safely using VBScript in Windows environments. The book is organized around the problems you face daily, with reusable examples and coverage of Windows 2003, Windows XP, Windows 2000, and Windows NT.

==== 4. New eBooks ====

A Guide to DNS and Windows 2000
Windows 2000 and Active Directory (AD) brought DNS into the mainstream. Win2K completely incorporated TCP/IP for all aspects of networking, allowing Windows network administrators to drop the old NetBIOS protocol that NT used as a transport and for name resolution. With NetBIOS gone, Win2K moved to TCP/IP's DNS protocol for network name resolution. Microsoft didn't stop halfway in adopting DNS and TCP/IP: DNS is an essential part of AD, and AD completely depends on a functional DNS implementation. To use DNS effectively, you need to understand its core components. This eBook provides with a basic foundation for understanding DNS.

Building the Small Business Infrastructure
A small to midsized business's needs are different than the needs of larger companies. For these smaller organizations, this eBook helps you plan your IT infrastructure to get the most out of your systems while minimizing the costs involved. Beginning with an overview of Microsoft Small Business Server 2003 and a Windows Decision Point quiz, this eBook helps you decide which Windows version is right for your needs. In addition, you'll learn advanced techniques for keeping crucial servers up to date, how to use terminal services to remotely administer your systems, and how to lower your licensing and operating costs by using a free database solution called MySQL.

Preemptive Email Security and Management
This eBook offers a preventive approach to eliminating spam and viruses, stopping directory harvest attacks, guarding content, and improving email performance. Individual chapters cover the various alternatives for stopping spam and viruses and the alternative "preemptive" approach to email security and management; the various techniques for filtering spam and viruses from email messages; the problem of unwanted email coming from Denial of Service (DoS) and directory harvest attacks and how to deal with the problem; the crucial concerns in managing and controlling email content, with discussions about the inbound and outbound email controls you need to protect proprietary information and meet regulatory mandates; and how an email security and management solution can enhance the visibility of a user's email management to improve performance and availability.

==== 5. Windows IT Library Top Five ====

Microsoft Windows NT Server Administrator's Bible: Option Pack Edition
This book provides specific coverage of the Windows NT 4.0 Option Pack add-ons to help you plan, install, configure, manage, optimize, and connect NT Server 4.0 to the Internet.

The Microsoft Outlook E-Mail and Fax Guide
Written for Microsoft Outlook end users and the administrators who support them, this volume explains all the real-world tasks that you're likely to encounter when working with Outlook and includes many timesaving techniques that take you beyond the basics.

A+ Certification: How to Pass Your Exams
This book walks you through all the skills tested in the Computing Technology Industry Association (CompTIA) A+ Core Hardware exam and A+ OS Technologies exam.

Microsoft Windows NT Secrets: Option Pack Edition
Packed with the kind of notes, tips, and workarounds that come only from years of working day in and day out with a product, this book will help you optimize the performance, reliability, and security of your network.

Undocumented Windows NT
This book documents what goes on under the covers in Windows NT. Three experts share what they've dug up on NT through years of hands-on research and programming experience. The authors dissect the Win32 interface, deconstruct the underlying APIs, and decipher the Memory Management architecture to help you understand operations, fix flaws, and enhance performance.

==== Events Central ====
(A complete Web and live events directory brought to you by Windows & .NET Magazine:

The Exchange Server Seminar Series--Coming to Your City Soon!
Simplify your life and others' lives with Windows Server 2003 and Exchange Server 2003. Learn the advantages of migrating to an integrated communications environment, consolidating and simplifying implementation of technology, and accelerating worker productivity. Register now for this free event!

==== Sponsored Links ====

Comparison Paper: The Argent Guardian Easily Beats Out MOM

Microsoft(R) TechNet
Microsoft(R) TechNet Webcasts: essential guidance, industry experts

==== Contact Us ====

About the newsletter -- [email protected]
About technical questions --
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring this UPDATE -- [email protected]


==== Contact the Sponsor ====

Primary Sponsor:
Quest Software -- -- 1-949-754-8000


This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

Manage Your Account
You are subscribed as [email protected]

You received this email message because you requested to receive additional information about products and services from the Windows & .NET Magazine Network. To unsubscribe, send an email message to [email protected] Thank you.

View the Windows & .NET Magazine Privacy policy at

Windows & .NET Magazine is a division of Penton Media Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.