» » Windows 2000 (Hacking Exposed)

Download Windows 2000 (Hacking Exposed) epub

by Joel Scambray

From the best-selling co-authors of the world-renowned book, Hacking Exposed, comes Hacking Windows 2000 Exposed. You'll learn, step-by-step, how to defend against the latest attacks by understanding how intruders enter and pilfer compromised networks and weaknesses in password encryption, domain control, Web and IIS 5 communications, LM/NTLM protocols, Active Directory, NetBIOS services, and much more.
Download Windows 2000 (Hacking Exposed) epub
ISBN: 0072192623
ISBN13: 978-0072192629
Category: Technology
Subcategory: Networking & Cloud Computing
Author: Joel Scambray
Language: English
Publisher: Computing Mcgraw-Hill; 1st edition (August 29, 2001)
Pages: 500 pages
ePUB size: 1815 kb
FB2 size: 1547 kb
Rating: 4.1
Votes: 673
Other Formats: doc mbr txt lrf

I've read a number of Win2k Security and hacking books, and up to this point have been uniformly unimpressed. Most of these books talk about the theory behind various security concepts, such as how Kerberos works, how IPSec works on the packet level, etc. While this is important information, it doesn't help the working network engineer and admin with the practical aspects of securing the enterprise network.
Hacking Exposed Win2k breaks the mold for Windows Security books. Every few pages you'll find an Aha! experience. I'm happy with a book that provides one or two of these. This book has hundreds of them! You can use the information IMMEDIATELY. You don't have to translate "propeller head" language into action. They give you the actions in plain English.
What's truly remarkable is that these guys *are* propeller heads, but can write so a normal person not only understands, but enjoys, what they have to say! A very rare talent.
EVERYONE who runs a Win2k network needs this book. Get it and you'll not be disappointed. I'd give it 10 stars if I could.
Simple fellow
This is a general comment regarding Hacking Exposed series. I owned Hacking Exposed (first edition) and then I moved to the more specific Hacking Exposed books, so now I've got Hacking Linux Exposed, Hacking Windows 2000 Exposed and hacking web Applications exposed. All those books absolutely worth it, do not hesitate to buy any of them.
If you are responsible for a Windows 2000 server and do not have this book, you are asking for trouble. Get it today!!!!
How do these hackers find my Windows network? What info can they get? How do they actually "connect" and compromise my system? Can I do anything about it? Will it be hard, expensive or will I have to hire somebody or maybe will just a firewall do? What is this netbios thing anyhow? If you have questions like this then this book is for you. Hacking Windows 2000 Exposed is not a book about building a bastion host, configuring a firewall, or encryption theory. It does however show in a very understandable way how "hackers" use common system utilities(netstat,net,nslookup,etc)and free tools(superscan,etc) to find weaknesses in a network or computer and exploit them for fun or profit. I think Microsoft has gotten a bad rap about producing insecure operating systems. Fact is that Windows 2000 can be VERY secure, but by default it is configured for ease of use and backwards compatability (that is changing in .NET Server). Equipped with the right knowledge such as this book, and being serious about taking the time and effort to do something, the vast majority of hack attacks will be stopped cold. 99.9% of hackers are unsophisticated and exploit common weaknesses and negligence. As the book explains weak passwords, no account lockout policy, lack of physical security, and using file and print sharing carelessly are still the biggest problems. However of course there are MANY other issues that need to be dealt with.
Hacking Windows 2000 Exposed is very well organized. It takes you through the steps of how someone actually compomises a system and what you can do about it. It puts you in the mindset of a hacker and their methodology - finding a network, extracting information about it, attempting the connect/attack, gaining access, trying to get system or administrator access, reaking havok, and covering their tracks - maybe even leaving a backdoor for remote control! This approach to writing the book will leave you well prepared to defend yourself, audit activity, and show you how to test your own network for vulnerability. You will learn about netbios, network utilities, authentication
protocols, ports, services, anonymous access, permissions, sniffers - how they can be used against you, what to do about it and a whole lot more. The first part of the book focuses on the Windows 2000 operating system. Later chapters focus on applications such as Internet Information Server, SQL, and Internet Explorer(including some great tips everyone can use) and tells you how to manage them for maximum security. The end of the book covers specific security features of Windows 2000 such as Ipsec, Efs, group policy, seurity templates, and how to use them. Appendix A is a concise summary on how to lock down your Windows 2000 computer - a recap of concepts covered throughout the book. Each chapter also has a very helpful summary at the end that reinforces what was covered(specifically the actions to take) in case you are overwhelmed by technical detail in the reading. I like to periodically go back and leaf through the chapter summaries as kind of a refresher course of the meat of what is covered in the book. There is a list of references of other books and internet sites for further reading if more info is desired of material covered in each chapter. I highly recommend Hacking Windows 2000 Exposed to anyone intested in protecting their network and computers from unauthorized access - even those who have just a few computers at home and a cable/dsl connection should take heed. The writing style assumes you have some basic understanding of networking but is definitely not just for techies and keeps your interest. For many this could be their only book about network security and others their first book or a must have addition.
Quite honestly, I believe that the material covered in Hacking Win2K Exposed should be covered in the MCSE 70-220 exam -- but it isn't. These guys not only cover all the tricks of the Black-Hat society, ranging from screening and enumeration to password cracking to privilege escalation exploits, but they also give the reader important information on how to implement countermeasures against these attacks.
Out of the box, Win2K will do a better job of protecting the OS than NT -- for example, the default domain group policy settings will prevent user enumeration, even though they permit null sessions (stand-alone systems, by contrast, are just as vulnerable to enumeration as NT 4.0). However, by default, the system is just as vulnerable to to attacks against legacy LM based password hashes as was NT -- this book explains how to avoid this while still maintaining compatibility with legacy consumer Windows products. And the named pipe impersonation privilege escalation exploit was one that I had not heard about. SP2 fixes it, but it's definitely something that you need to be aware of.
This book is a treasure trove of security-critical information for Win2K administrators. You will learn how to apply group policy to effectively lock down your Win2K systems against many of the attacks commonly used against Win2K. You'll get links to all kinds of freeware ranging from hacking tools to intrusion detection software so that you can assess the security of your own Win2K network. You'll learn about the vulnerabilities of IIS, SQL Server, and Terminal Server as well as how you can deploy these services securely.
This is real-world stuff. You just can't learn it by studying for 70-220. Hacking Win2K Exposed is probably the one book that I'd try to grab off the shelf if my library were on fire.