- The Windows 2000\XP\.NET Resource Index

Home | About Us | Search

Last Updated January 22, 2004

Windows 2003
Windows 2000
Windows XP
Book Reviews
  General References
  Win2000 Pro
  Win2000 Server
  Active Directory
  MCSE Certification
  Perl for Win32
  Visual Basic
Career Tools
Device Drivers
Hardware Guides
MCSE Toolkit
Service Packs
, Utilities

  Articles & Whitepapers
  Disaster Recovery
  Security FAQ's
  Intrusion Detection
  Legal Resources
  Security Links








Windows 2000 Security Books Reviews

The problem with most security books is that almost as soon as their published, they're already a little out of date. All of these books provide excellent overviews of security, but no are (or can be) an absolute reference. Use these books as introductory guides to Hacking and Security Guidelines, but the best resources available for staying current are on the web.

Note: Most links on this page will take you to the books description on Bookpool is an online bookstore similar to, but they specialize in Technical books (and they are less expensive.) This is not a paid endorsement, and we do not receive sales commissions from We just think they're the best place to buy our books. We hope you'll agree!

Due to the large number of graphics on this page, it may take a minute or so to load on a 28.8kbps connection. Thanks for being patient!

Think we missed an exceptional book? Let us know at

Newest Reviews...


The Art of Deception: Controlling the Human Element of Security
By Kevin D. Mitnick and William L. Simon. Published by John Wiley, October 2002. Hardcover, 352 pages. ISBN 0471237124 "
Social engineering", or the art of deceiving and manipulating people in order to gain information, is an underestimated security risk that is rarely addressed in employee training programs or corporate security policies. For the hacker, it's an essential skill that can be used to bypass even the most sophisticated security measures without even being detected. Sound far fetched? Social engineering was the one the preferred tools used by the most notorious hacker in the world, Kevin Mitnick - the author of this book. The goal of "The Art of Deception" is to raise awareness of the tools and techniques of social engineers, and not to teach the art to a new generation of hackers. Mitnick spends 13 of the 16 chapters relating "fictional" accounts of social engineering techniques, provides analyses of these accounts from both the attackers and victims perspective, and then offers advice on preventing or defeating these attacks. The accounts are brief, entertaining, and eye opening to those uninitiated to con games. The analysis and advice section are written in layman's terms with a minimum of technical jargon, making this an ideal book for management as well as administrators. For the security administrator, the last 2 chapters are the real jewel of the book. Here, Mitnick provides a number of sample security policies and procedures, including data classification categories, verification and authentication procedures, guidelines for awareness training, methods of identifying a social engineering attacks, warning signs, and flowcharts for responding to requests for information or action. Included with every security policy suggestion is a follow up paragraph of explanations and notes that outline the potential vulnerabilities in the policy. Definitely a must read for the security conscious! Read our full review here.
Publishers Price
: $27.50 each  Street Price: $17.50

Hacking Windows 2000 Exposed
By Joel Scambray and Stuart McClure. Published by McGraw-Hill, September 2001. Paperback 495 pages. ISBN 0072192623 If your a fan of the popular "Hacking Exposed" series, but are tired of skimming past the UNIX/Linux and Novell sections, the publishers have spun off the content into a an operating system focused series. Although many of the exploits outlined in this book have already been addressed in Microsoft service packs and hotfixes, it's important to understand the hacker mentality of how to locate vulnerabilities and how to rattle the "doors and windows" of a network. (Also keep in mind that 90% of successful attacks use known vulnerabilities) The authors do a great job of walking you through simulated attacks, explaining the tools used to attack your system, and what countermeasures are available. They also include a suggested reading list after each chapter, and a security checklists at the end of the book for Windows 2000 pro and server as well as IIS, SQL, and Terminal Services
Our recommendations...

Hacking Exposed: Network Security Secrets and Solutions
By Stuart McClure. Published by McGraw Hill, October 2001. Paperback 729 pages, ISBN 0072193816 Our favorite security book just got even better! The third edition adds information on wireless networks, Windows XP, Windows .NET, as well as new strategies for preventing untrusted access to SNMP, Active Directory, and NetBIOS/SMB services using IPSec filters, firewalls, and TCP/IP Security. This is an impressive work, and one of the best "how to" security books we've ever read. This book literally walks you step by step through a hackers attack on a network, starting with basic sweeps and rattling the doors and windows. It covers all of the tools of the trade and common techniques for Unix, Novell, and of course NT. This edition also includes a CD-ROM with links to security tools mentioned in the book, key security tools for download from the CD, and a password database. If you're new to security and hacking, this is the book to get! Check out the companion website at 

Windows 2000 Security Handbook
By Tom Sheldon, Published by McGraw Hill, December 2000. Paperback 738 pages, ISBN 0072124334
This is an excellent place to start for inexperienced Administrators who are just learning the basics of Windows 2000 and need to master security as well. It reads and feels like a textbook, featuring detailed walkthroughs, easy to understand explanations, and lots of screenshots and illustrations. The coverage is thorough and includes a basic primer on security threats, countermeasures, policies and management before moving on to an overview of Windows 2000 Security and User and Group management, auditing, firewalls, proxy servers, remote access, securing clients, enterprise security, and IIS. The appendix ISA server as well as third party tools for auditing and intrusion detection.

Hack Proofing Your Network: The Only Way to Stop a Hacker Is to Think Like One  
By Ryan Russell and Stace Cunningham. Published by Syngress, July 2000, Paperback, 450 pages. ISBN 1928994156
Although this book isn't written specifically for Windows 2000 (or any single OS), it is a very well done and real world guide covering common hacker methodologies, classes of attack, and hacking theory that should be a required reading for all network administrators. Buffer overflow, session hijacking, sniffing, spoofing, and other common attacks are covered in detail. The chapters are well organized and include plenty of script examples, screenshots, and special tips for IT Professionals. Once you pick up this book and start reading it, you won't be able to put it down!

Configuring Windows 2000 Server Security
By Tom and Deb Shinder. Published by Syngress, November 1999. Paperback, 394 pages, ISBN 1928994024  This book isn't a primer to Windows 2000 security or an in-depth desk reference, but a very "hands on" workbook for new and experienced administrators who need to understand and configure the new security features in Windows 2000. Kerberos v5, Public Key Infrastructure (PKI), NTFS file encryption, IP Sec, Smart Cards, and the new Security Management snap ins for the MMC are covered in detail The authors provide easy to understand introductions to each component, followed by step by step illustrated walkthroughs of how to install and configure them. In addition, each chapter ends with a helpful summary and FAQ.

Securing Windows NT/2000 Servers for the Internet
By Stephan Norberg. Published by O'Reilly & Associates, November 2000. Paperback 199 pages. ISBN 1565927680 A very practical, hands on, and straight to the point reference. This book is filled with checklists and countless step by step walkthroughs supported by screenshots and useful illustrations that will guide you through the process of creating and managing a secure web server. Although a certain level of Administration experience is expected, the author does an excellent job of covering both basic and advanced topics, including valuable real world lessons in each chapter. The book begins with an introduction to Internet security and dives straight into building and administrating a Bastion host. This is followed by an excellent chapter on configuring Windows NT/2000 for Remote Administration that covers Terminal Services, PCAnywhere, or Open Source software. The last 2 chapters focus on auditing and maintaining perimeter security, and the appendix features a useful table of well known ports used by Windows NT/2000 services. You can read a Sample Chapter of this excellent book here.
E-Mail Virus Protection Handbook
By Brian Bagnall, Published by Syngress, October 2000. Paperback, 476 pages. ISBN 1928994237 With 80% of today's computer viruses entering computer networks through the e-mail system, it's important to lock down the corporate mail servers and clients. This book is the place to start. It begins with an easy to understand and well balanced introduction to the threats facing e-mail systems including histories and case studies of e-mail attacks. The next chapters focus on securing mail clients including Outlook 2000, Outlook Express, and Eudora as well as web based mail issues. The mid section contains some semi-useful information regarding client side AntiVirus applications, Mobile Code Protection, and an overview of several personal firewalls. The last third of the book is the most valuable. It includes an excellent chapter on securing Windows 2000 Advanced Sever and Red Hat Linux 6. Additional chapters cover Exchange 5.5 as well as Sendmail and IMAP security. The final chapter covers the deployment of server side e-mail content filters and scanners including Groupshield, ScanMail, and MIMEsweeper. Overall we found this book to be an excellent and realistic look at the problem with clearly presented solutions that will save you time and aggravation. If you're in charge of securing your company's mail systems, this book may even save your job!.  

Network Intrusion Detection : An Analyst's Handbook, 2nd Edition
Published by New Riders, Sept 2000. Paperback 430 pages. ISBN 0735710082 Although not written specifically for Windows 2000, this is an excellent and practical technical reference by the developer of the Shadow intrusion detection system. However, it should not be considered to be a primer for the uninitiated, and strong TCP/IP skills are a must if you want to get the most out of this book. Coverage of common attacks, architectural issues, detection of exploits, intelligence gathering, risk management, and tools are excellent. The author also provides plenty of personal anecdotes and samples of real log files throughout the book, making this a valuable resource for Admins who want a real world perspective of intrusion detection.

Windows 2000 Security Little Black Book
Published by Coriolis Group, February 2000, Paperback 415 pages, ISBN 1576103870 A straight forward, task oriented work on security. The organizational style of the book makes it easy to find what you need, making it an ideal desk reference. We found it a bit too dry to read cover to cover, and feel that it's better suited to experienced NT administrators who need to brush up for Windows 2000. If you're new to Windows 2000 and enterprise security you may want to "cut your teeth" on something else first.

maxsecurity.gif (4834 bytes)

Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network, Third Edition  
Published by Sams, May 2001, Paperback, 861 pages, ISBN 0672318717. When the first edition of this book was published in June 1997, it immediately shot to the top of several computer security bestseller lists, surpassing even established security books. Written by a "reformed" Hacker, this book covers security from a Hacker's perspective on Windows NT, Novell, UNIX and Macintosh. Although the book is a good introduction for administrators new to security, it focuses on so many operating systems that the content devoted to Windows NT/2000 is paltry. The CD contains many of the utilities discussed in the book as well as links and other resources. 

Peter Norton's Security Fundamentals
Published by Sams, November 1999. Hardcover, 232 pages. ISBN 0672316919 An ideal primer for managers and network administrators looking for a well rounded overview of network and system security.  Covers risks and planning, firewalls, dial in networking and VPN security, authentication, network planning, security concerns for the major operations systems, desktop security, intrusion detection, and post incident response. We found this book to well organized, and very easy to read. If you're short on time and just need the basics, this is the book to get.
Where to find great books at great prices....  
Everybody knows about, but Bookpool is frequently less expensive, and they specialize in Technical Books. They carry MS Press, O'Reilly, Que, Osborne, SAMS, and others.  
Another online professional bookstore. Although we prefer Bookpool's prices, FatBrain has a better selection in a few categories. Essentially our second stop on the web when looking for a title.

Half Price Computer Books
Another source for great deals on computer books. Much cheaper than Amazon and B&N

O'Reilly and Associates  
Publishers of some of the best books in the industry. Well written, concise, accurate, and great cover art!. If I'm looking for a reference book, I always check O'Reilly first. I've never been disappointed. (This is not a paid endorsement!)

bookpool.gif (2912 bytes)

 If you would like to contribute to this page, please send e-mail to



Entire contents
© 1999
All rights reserved

This site and its contents are Copyright 1999-2003 by Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with The products referenced in this site are provided by parties other than makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.