- The Windows 2000\XP\.NET Resource Index
Home | About Us | Search

Last Updated December 16, 2003

Windows 2003
Windows 2000
Windows XP
Book Reviews
Career Tools
Device Drivers
Hardware Guides
MCSE Toolkit
Service Packs
  Articles & Whitepapers
  Books on Security
  Disaster Recovery
  FAQ's & Tutorials
  Incident Response
  Intrusion Detection
  Legal Resources
  Online Seminars
  Password Security
  Penetration Testing
  Security Links
  Securing Networks
  Social Engineering








Security FAQ's, Tutorials and Guides for Beginners

Nobody is born a security expert. All Administrators have to start somewhere, even if you started your professional IT career as a "reformed" Hacker. Here's a little collection of good places to start. Make sure that you check out our Security Book Reviews for additional resources.
Where to start....
Information System Security - An Overview for Beginners  
An excellent starting point for those new to System Security. It covers definitions, security models, classification of Information, risk analysis, and cryptography. Source:

A Strategic View of Penetration Testing
"White-hat" security testing is now a mainstream business practice. So why are so many organizations still missing the Big Picture? Source: Information Security Magazine (Sept 1999)

An Introduction to Computer Security for Lawyers  
Actually, this is a pretty good guide for just about anyone.

Best Practices for Enterprise Security
A collection of white papers focusing on the different aspects of security in enterprise networks. The white papers are grouped into three general categories that reflect the different levels of knowledge needed to create and implement a successful security concept. The structure also allows readers to approach the subject of security based on their individual areas of expertise and interest.  Source:

Considerations on Securing End Systems
The starting point for any security model is to assure that security standards and policies are in place to protect the system from external attacks and unauthorized internal usage. Securing computer resources, applications, and related data is an integral part of securing an enterprise. Securing a system involves implementing a set of procedures, practices, and technologies to protect the information technology (IT) infrastructure as well as software and associated data throughout the organization. In this white paper, we will take a close look at the common steps needed to secure a Microsoft© Windows© system. We will use a real world example based on a Microsoft Consulting Services project in the banking industry to show how to develop a security plan.

IT Baseline Protection Manual  
Excellent Web-Site that recommends measures to meet Medium-Level Protection Requirements for Windows NT, Unix, Novell, Firewalls, PBX, Databases, Email, etc.) They even offer a free CD! Don't worry about the German intro, the site is in English (although they could use a better translator).

IT Introduction to Windows 2000 Security
This introduction provides an overview of how Windows 2000 security services work. It outlines the key business and technical benefits your company can gain from deploying Windows 2000. Source:

IT Security Cookbook  
A great online "book" designed as a self help guide for managers, programmers, and network administrators.

Manager's Guide to Securing Windows NT Server
A downloadable whitepaper in PDF Format from CIAC.

Mastering the Fundamentals, Part 1
Encryption Technology provides a valuable means to guarantee confidentiality, integrity and authenticity in today's networked world. Source: Information Security Magazine (January 2000)

Mastering the Fundamentals, Part 2
Extending your business to the Web requires securing your corporate perimeter, identifying and fixing vulnerabilities and conducting best practices in e-commerce security. Source: Information Security Magazine (Feb 2000)

Mastering the Fundamentals, Part 3
Getting all the details right may still leave your business insecure©maybe even unsecurable. Amazingly, many organizations miss the big picture entirely. Source: Information Security Magazine (March 2000)

Microsoft's Security 101 Basics  
A broad based single page overview of IT security, but contains additional links and whitepapers.

PKP Course on Data and Network Security   
Part of the Professional Knowledge Program, this is an excellent online course that covers all of the fundamentals. It also offers online testing and certification.

NT Security FAQ 
An exceptional (and fairly large) guide to NT Security in the familiar FAQ format. One of the nice things about this FAQ is that it includes footnotes for most of its references. A must read!

Securing Your Networks: A Primer
This year©s ?Love Bug? e-mail worm and denial-of-service attacks against Yahoo,, and other e-commerce giants caused many companies to reevaluate their security programs. Advancing your security program can be complex and perhaps costly, but this guide can help you decide what to improve and how. The money and effort needed to protect sensitive information or keep a revenue-generating e-commerce site running will be well spent. Source: 8 Wire (Nov 2000)

Security Considerations for Administrative Authority
This white paper is one of a series. Best Practices for Enterprise Security contains a complete list of all the articles in this series. See also the Security Entities Building Block Architecture.

Security Provisions, Basic to Advanced
Security is a dynamic problem and requires implementing a range of technologies for full-spectrum protection. Any network connected to the Internet needs basic security hardware and software, but companies with especially sensitive information need to consider more advanced measures. Source: 8 Wire (Aug 31, 2000)

Windows Hacking 101
Unfortunately for all you script kiddies, this is not the definitive guide to hacking into someone©s system. Our goal is to walk the network administrator through the basic steps a hacker takes to locate and identify target machines. Source: 8Wire (March 2001)

Windows Hacking 102
We created this series to walk the network administrator through the steps a hacker takes to locate and identify target machines on a Windows system. This installment plunges into the world of using more advanced techniques such as Null Sessions to gain information about and access to a system. Source: 8 Wire (April 2001)

Steps for Evaluating the Security of a Windows NT Installation  
A very useful excerpt from Tom Sheldon's Windows NT Security Handbook

The ABC's of computer security (Apr 1999)
This White Paper gives an introduction to computer security and its significance for businesses, followed by an alphabetical guide to common security measures and threats. Source: Sophos (April 1999)

Unofficial NT Hack FAQ  
An FAQ for Hackers on how to break NT security. A useful primer for SysAdmins. From Simple Nomad.

USENET Computer Security FAQ's  
Ohio State University's Usenet FAQ's on Computer Security.

Windows 2000 Distributed Security Features
This paper discusses the features of the Windows 2000 Distributed Security Services, which include Integration with Windows 2000 Active Directory services, Kerberos version 5 authentication protocol, strong authentication using public-key certificates, secure channels based on Secure Sockets Layer (SSL) 3.0 and CryptoAPI. Source:

Entire contents
© 1999-2003 and TechTarget
All rights reserved

This site and its contents are Copyright 1999-2003 by Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with The products referenced in this site are provided by parties other than makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.