Slashdot Mirror

← Back to Stories (view on slashdot.org)

Special Ops

Posted by timothy on from the rat-patrol dept.

If maintaining the security of networked machines running Microsoft Windows is part of your job (but you need a touch of Oracle and UNIX advice, too), take heart. elwing writes "Don't let the cover title and camo look turn you away -- Special Ops is a no-nonsense guide to securing your network from inside attackers. This is one of the first books I've seen which covers this topic in detail. It doesn't skimp on external threats, but the majority of the book deals with host based security." Read on for the rest of elwing's review. Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle author Erik Pace Birkholz, et al. pages 1040 publisher Syngress rating 8 - Worth Reading reviewer elwing ISBN 1931836698 summary Taking a look at securing your network from the inside.

In order to get the most out of Special Ops, I suggest that you brush up on your system administration skills, particularly Microsoft technologies. The book is aimed primarily at security and systems administrators, but several of the chapters are either aimed specifically at management (Chaps 17 & 18), or could easily be understood by them (chaps 1-3).

The authors write in a conversational, matter-of-fact style, including personal anecdotes and experiences where appropriate. The editors did a great job of "smoothing out" the styles of the different authors to give Special Ops a consistent feel.

One of the best features of Special Ops is the end-of-chapter content. These summaries include a "Security Checklist" which creates a nice list for admins to take into the field, a one-page summary of the chapter, links to relevant web pages, relevant mailing lists, other books to read for more in-depth information, a "Solutions Fast Track," and a FAQ. Some chapters list all of the freeware and commercial tools used/mentioned in that chapter. The Solutions Fast Track is a great section to hand to your slightly more technical manager explaining why you should secure a specific service. These chapter extras make Special Ops a great reference book, even if you never bother to read the rest of it.

Another great feature is the "Notes from the Underground ..." sections scattered throughout the book. All of the authors have worked in security for several years, and they share specific examples of attacks or other interesting tidbits they've seen over the years.

I had trouble giving Special Ops a rating of 9 or 10 for a few reasons. Even though the book is an easy read, it's a lot of information to digest. The subtitle makes it sound as if Microsoft, UNIX, and Oracle would receive equal treatment: not so. While there are 7 chapters on Microsoft specific technologies, UNIX and Oracle rate one chapter each. I would have preferred to see Special Ops split into 2 or 3 books, giving equal attention to all of the technologies.

The authors' bias towards certain commercial tools shows through as well. Granted, the majority of the authors are also Foundstone employees, but they should have given equal treatment to all tools. Explain the strengths and weaknesses of each tool and allow the reader to decide on the "best" tool.

All in all, Special Ops is a great book. It will definitely reside on my reference shelf for years to come.

Table of Contents
  1. Assessing Internal Network Security
  2. Inventory and Exposure of Corporate Assets
  3. Hunting for High Severity Vulnerabilities (HSV)
  4. Attacking and Defending Windows XP Professional
  5. Attacking and Defending Windows 2000
  6. Securing Active Directory
  7. Securing Exchange and Outlook Web Access
  8. Attacking and Defending DNS
  9. Attacking and Defending Microsoft Terminal Services
  10. Securing IIS
  11. Hacking Custom Web Applications
  12. Attacking and Defending Microsoft SQL Server
  13. Attacking and Defending Oracle
  14. Attacking and Defending Unix
  15. Wireless LANs: Discovery and Defense
  16. Network Architecture
  17. Architecting the Human Factor
  18. Creating Effective Corporate Security Policies

You can purchase the Special Ops from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

15 of 95 comments (clear)

  1. Defending Windows 2000? by corebreech · · Score: 2, Funny

    He means, Uninstalling Windows 2000, doesn't he?

    --
    Is this truly the only Earth I can live on?
    1. Re:Defending Windows 2000? by Niksie3 · · Score: 3, Funny

      I was thinking more allong the lines of a good, old fashioned, brick and concrete wall.

      --
      Sig you!
  2. Well, of course by Faust7 · · Score: 5, Funny

    While there are 7 chapters on Microsoft specific technologies, UNIX and Oracle rate one chapter each.

    Well, this is a security guide, isn't it? :)

    --
    The coolest voice ever.
  3. 1) Put computer in room by burgburgburg · · Score: 4, Funny
    2) Put cinderblocks around room
    3) Put bricks around cinderblocks

    Congratulations. Your Windows installation is now secure.

    1. Re:1) Put computer in room by Piquan · · Score: 2, Funny

      Y'know, we haven't heard from our MCSE since he started on this. But at least that banging noise from the NT server room died down after a few days.

    2. Re:1) Put computer in room by _ph1ux_ · · Score: 3, Funny

      8) ??????
      9) Profit!

  4. deja vu by BrianUofR · · Score: 5, Funny

    ...If maintaining the security of networked machines running Microsoft Windows is part of your job...

    I had a nightmare about that last week. wierd.

  5. In Re(sponse): by Jonsey · · Score: 5, Funny

    In response to the large numbers of complaints that the book focuses too narrowly on Micro$oft Products, I propose the following changes to make it more universal.

    Please remove pages 1 - 1040 and replace with the following sheet of paper:
    - - - - - - - -
    1.) Educate your users.

    Failing that:

    2.) Execute your users.

    --
    I assert that my comment is only my opinion, not that of any employer, past, present or future.
  6. Re:I Wonder by ch-chuck · · Score: 4, Funny

    Just create a text file called "Important Microsoft Security Update", put instructions in it to buy you the book, then copy it to \\bossspc\c$\windows\desktop

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }
  7. Re:I see Windows as a challenge... by phorm · · Score: 2, Funny

    Making windows more secure? Part of it starts out like this...

    Build a 'nix firewall...
    Put the windows machine behind the 'nix firewall...
    Adjust iptables rules accordingly...

  8. Hole In The Bucket by jabbadabbadoo · · Score: 4, Funny
    I was a win admin once. Seriously, it reminded me of a traditional song called "There's a Hole In the Bucket." For your convenience, her are the lyrics (note that Henry corresponds to the win admin wannabe, Liza the security "expert"):

    I urge your to read the hole thing, one verse pr. line.

    There's a hole in the bucket, dear Liza, dear Liza, There's a hole in the bucket, dear Liza, a hole.
    So fix it dear Henry, dear Henry, dear Henry, So fix it dear Henry, dear Henry, fix it.
    With what should I fix it, dear Liza, dear Liza, With what should I fix it, dear Liza, with what?
    With straw, dear Henry, dear Henry, dear Henry, With straw, dear Henry, dear Henry, with straw.
    But the straw is too long, dear Liza, dear Liza, The straw is too long, dear Liza, too long.
    So cut it dear Henry, dear Henry, dear Henry, So cut it dear Henry, dear Henry, cut it!
    With what should I cut it, dear Liza, dear Liza, With what should I cut it, dear Liza, with what?
    Use the hatchet, dear Henry, dear Henry, dear Henry, Use the hatchet, dear Henry, the hatchet.
    But the hatchet's too dull, dear Liza, dear Liza, The hatchet's too dull, dear Liza, too dull.
    So, sharpen it, dear Henry, dear Henry, dear Henry, So sharpen it dear Henry, dear Henry, sharpen it!
    With what should I sharpen it, dear Liza, dear Liza, With what should I sharpen, dear Liza, with what?
    Use the stone, dear Henry, dear Henry, dear Henry, Use the stone, dear Henry, dear Henry, the stone.
    But the stone is too dry, dear Liza, dear Liza, The stone is too dry, dear Liza, too dry.
    So wet it, dear Henry, dear Henry, dear Henry, So wet it dear Henry, dear Henry, wet it.
    With what should I wet it, dear Liza, dear Liza, With what should I wet it, dear Liza, with what?
    With water, dear Henry, dear Henry, dear Henry, With water, dear Henry, dear Henry, water.
    With what should I carry it, dear Liza, dear Liza, With what should I carry it dear Liza, with what?
    Use the bucket dear Henry, dear Henry, dear Henry, Use the bucket, dear Henry, dear Henry, the bucket!
    There's a hole in the bucket, dear Liza, dear Liza, There's a hole in the bucket, dear Liza, a hole.

  9. 4 steps to a Secure Windows boxen by CoyoteGuy · · Score: 2, Funny

    Step 1: Place Windows system in a lead safe
    Step 2: Take wire cutters and cut ethernet cable to said computer
    Step 3: Close door
    Step 4: Dump the safe into closest body of water

    Now you have a windows system no one can touch.

    --
    Slashdot.. Land of nerds, trolls, and FlameBait..
  10. Re:I see Windows as a challenge... by Jester99 · · Score: 4, Funny

    ...but someone who can make a windows box truely secure... now they've done something!!

    Unplugged the machine? :)

  11. Re:I Wonder by Captain+Large+Face · · Score: 2, Funny

    In case it's password-protected, the password is "12345".

  12. Not a chance by sharkey · · Score: 4, Funny
    Don't let the cover title and camo look turn you away

    It won't get a chance to turn me away. One glance at the website, and I was hammering the Back button.

    --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.