A list of recommended materials for public libraries, describing network security using Windows NT/2000 operating systems

In Print

Anderson-Redick, Stacey. Windows System Policy Editor. Sebastopol, CA: O'Reilly & Associates, 2000. ISBN: 1565926498. $34.95. For an intermediate audience.

Benson, Allen C. Securing PCs and Data in Libraries and Scbools: A Handbook with Menuing, Anti-Virus, and Other Protective Software. Neal-Schuman, 1998. ISBN: 1555703216. $125.00. A guide to the various aspects of workstation security, for a non-technical-to-intermediate audience.

Freed, Les and Frank J. Derfler, Jr. How Networks Work. Que Corporation, 1998. ISBN: 0789715953. $29.99. For a non-technical audience.

Kosiur, David. Building & Managing Virtual Private Networks. John Wiley & Sons, 1998. ISBN: 0471295264. $44.99. For a technical audience.

McInerney, Michael J. Windows NT Security. Prentice Hall, Inc., 1999. ISBN: 0130839906. $49.99. Well-rounded configuration manual, for an intermediate-to-technical audience.

Norberg, Stephan. Securing Windows NT/2000 Servers for the Internet. Sebastopol, CA: O'Reilly & Associates, 2001. ISBN: 1565927680. $29.95. Concise configuration manual, for an intermediate-to-technical technical audience.

Penfold, R. R. C. Computer Security: Businesses at Risk. Robert Hale. 1998. ISBN: 0-7090-6253-2. $24.95. A general guide for managers.

The SANS Institute. Windows NT Security Step by Step. The SANS Institute, 1999. $49.00. A concise, consensus guide (approved by 87 security professionals) to securing the Windows NT operating system, for a technical audience.

Scambray, Joel, Stuart McClure, and George Kurtz. Hacking Exposed. Second edition. McGraw-Hill Professional Publishing, 2000. ISBN: 0072127481. $39.99. Good coverage of a variety of network vulnerabilities, for an intermediate-to-technical audience.

Schultz, E. Eugene. Windows NT/2000 Network Security. Macmillan Technical Publishing, 2000. ISBN: 1578702534. $45.00. For a technical audience.

Wadlow, Thomas A. The Process of Network Security: Designing and Managing a Safe Network. Reading, MA: Addison-Wesley, 2000. ISBN: 0201433176. $34.95. Thorough coverage of the concepts of network security for managers.

Whitehead, Paul, and Ruth Maran. Teach Yourself Networking Visually. IDG Books Worldwide, Inc., 1997. ISBN: 0-7645-6023-9. $29.99. For a non-technical audience.

Wilson, Casey, and Peter Doak. Creating and Implementing Virtual Private Networks. Scottsdale, AZ: The Coriolis Group, 2000. ISBN: 1576104303. $39.99. For a technical audience.

Wood, Charles Cresson. Information Security Policies Made Easy. 7th Edition. Baseline Software. ISBN: 1881585069. $795.00. For an intermediate audience; especially recommended for regional library system professional collections. Offers over 1,000 "ready-to-use" sample network security policies on a comprehensive set of security issues.

Zwicky, Elizabeth D., Simon Cooper, and D. Brent Chapman. Building Internet Firewalls. 2nd edition. Sebastopol, CA: O'Reilly & Associates, 2000. ISBN: 1565928717. $44.95. An excellent resource, for a technical audience.

On the Web

10 Tips for Creating a Network Security Policy. Online: info/policy/10tips.htm (Available August 5, 2001).

Blackford, John and Al diGuido. "Business Guide to Network Computing." Computer Shopper Extra, July 1998.(Available August 5, 2001).

Bys, Cory. "Securing Windows 2000 Server," The SANS Institute, May 20, 2001. Online: sec_server.htm (Available August 5, 2001).

CERT Coordination Center. Windows NT Configuration Guidelines. Carnegie Mellon Software Engineering Institute. April 2000. Online: win_configuration_guidelines.html (Available August 5, 2001).

Cisco Corporation. Networking Essentials for Small and Medium-sized Businesses. Online: 779/smbiz/netguide/ (Available August 5, 2001).

Computer Security Resource Center (CSRC). FIPS 191: Guideline for The Analysis of Local Area Network Security. National Institute of Standards and Technology, November 1994. Online: (Available August 5, 2001). The version at the CSRC site is in Postscript format. A PDF version of the document is available at netsec/fips191.pdf

Crabb-Guel, Michele D. The Network Security Roadmap Poster. SANS Institute. Online: roadmap.htm (Available August 5, 2001).

Culp, Scott. "The Ten Immutable Laws of Security," Microsoft TechNet. Microsoft Corporation, October 2000. Online: 10imlaws.asp (Available August 5, 2001).

Culp, Scott. "The Ten Immutable Laws of Security Administration," Microsoft TechNet. Microsoft Corporation, November 2000. Online: 10salaws.asp (Available August 5, 2001).

Curry, David A. "Selecting Good Passwords." Online: Security/Docs/passwd.html (Available August 5, 2001).

Edwards, Mark Joseph. Internet Security with Windows NT. 29th Street Press, 1998. ISBN: 1882419626. $49.95. Online: Book.cfm?DocumentID=121 (Available August 5, 2001). An introduction to network and Internet security for Windows NT for the intermediate audience.

Fraser, B., ed. Site Security Handbook. RFC2196. September 1997. Online: in-notes/rfc2196.txt (Available August 5, 2001).

Gibson, Steve. "Shields Up: Internet Connection Security for Windows Users." Gibson Research Corporation. Online: (Available August 5, 2001).

Howard, Michael. "Secure Internet Information Services 5 Checklist," Microsoft TechNet. Microsoft Corporation, June 29, 2000. Online: technet/security/iis5chk.asp (Available August 5, 2001).

Kelley, Marcey and Wendall Mason. Windows NT Network Security: A Manager's Guide (CIAC-2317). CIAC, U. S. Department of Energy, December 1997. Online: CIAC-2317_Windows_NT_Managers_Guide.pdf (Available August 5, 2001).

Linksys International. How to Build a Network. Online: (Available August 5, 2001).

Microsoft Corporation. "Implementing Guidelines for Strong Passwords," Technical Resources, Security Services. Microsoft Corporation, September 19, 1998. Online: ntserver/techresources/security/password.asp (Available August 5, 2001).

Microsoft Corporation. "Microsoft Internet Information Server 4.0 Security Checklist," Microsoft TechNet. Microsoft Corporation, March 15, 2000. Online: security/tools/iischk.asp (Available August 5, 2001).

Microsoft Corporation. "Windows NT 4.0 Workstation Configuration Checklist," Microsoft TechNet. Microsoft Corporation, August 14, 2000. Online: security/tools/wrkstchhk.asp (Available August 5, 2001).

Navy Secure Windows NT Guide. Department of the United States Navy, September 2000. Online: COMPUSEC/ntsecure.html (Available August 5, 2001).

National Center for Educational Statistics. Safeguarding Your Technology: Practical Guidelines for Electronic Education Information Security. U. S. Dept. of Education. (Available August 5, 2001).

"Network Security Product Guide." Resources for Librarians. Texas State Library and Archives Commission. Online: security/index.html (Available August 5, 2001).

NIST's Special Publication: Internet Security Policy: A Technical Guide [DRAFT]. (Available August 5, 2001).

Nolle, Tom. "Security Is Everybody's Business." Network Magazine. May 1, 2000. Online: NMG20000517S0105 (Available August 5, 2001).

NSA Glossary of Terms Used in Security Intrusion Detection. Online: (Available August 5, 2001).

"NT Security Issues." Internet/Network Security. Online: (Available August 5, 2001).

Others: Network Security Library: Network Security Policy. (Available August 5, 2001).

Rekhter , Y., B. Moskowitz, D. Karrenberg, et. al. Address Allocation for Private Internets. RFC 1918. February 1996. Online: (Available August 5, 2001).

Rosch, Winn L. "Planning a Small Network," The Winn L. Rosch Hardware Bible. Fifth edition. Online: (Available August 5, 2001).

The SANS Institute. "Windows Issues," Information Security Reading Room. The SANS Institute. Online: win/win_list.htm (Available August 5, 2001).

The SANS Institute and Network Computing. "Security Alert Consensus: Windows Alerts," SANS Institute Security Digests. The SANS Institute. (Available August 5, 2001).

Satnam Bhogal, Satnam. FAQ for How to Secure Windows NT. The SANS Institute, March 8, 2001. Online: infosecFAQ/win/NT_FAQ.htm (Available August 5, 2001). Network Security Library. Online: (Available August 5, 2001).

"Security Services," Windows NT. Technical Resources. Microsoft Corporation, April 21, 1999. Online: techresources/security/default.asp (Available August 5, 2001). Various papers on configuring Windows NT security and using Windows NT security utilities. Online: (Available August 5, 2001). A general security site with a variety of security information.

Stein, Lincoln D., and John N. Stewart. The World Wide Web Security FAQ. Version 3.1.0. July 28, 2001. Online: Security/Faq/ (Available August 5, 2001).

"What Do I Put in a Security Policy?" Online: policy/policy.htm (Available August 5, 2001).

Windows IT Security. (Available August 5, 2001). A Windows-specific security site.

Windows Registry Guide. Online: (Available August 5, 2001).

Windows Security Guide. Online: (Available August 5, 2001).

By E-mail

SANS Newsletter Subscription Service. The SANS Institute. Online: (Available May 1, 2001). A site providing free sign-up for three e-mail-based security newsletters.

Product Security Notification. Microsoft Corporation. Online: notify.asp (Available August 5, 2001). Description of free service providing e-mail notification of product security bulletins. Recommended for the security administrator for Microsoft products.

Periodicals & Columns

Information Security Magazine. TruSecure Corporation. Online: (Available: August 5, 2001).

Network Magazine. CMP Media, Inc. Online: (Available: August 5, 2001).

"Security." Network Computing. CMP Media, LLC. (Available: August 5, 2001).

Testing & Analysis Tools

DumpEvt. "SomarSoft Utilities," Online: (Available August 5, 2001).

DumpSec (formerly DumpACL). "SomarSoft Utilities," Online: (Available August 5, 2001).

netcat. "netcat 1.1 for Win95/NT is released," L0pht Heavy Industries. Online: (Available August 5, 2001).

Nmap (Unix/Linux version). Online: (Available August 5, 2001).

nmapNT (Windows NT version). "nmapNT sp1 from eEye Digital Security," eEye Digital Security. Online: Tools/nmapnt.html (Available: August 5, 2001).

SAINT (Security Administrator's Integrated Network Tool; Unix/Linux). World Wide Digital Security, Inc. Free version. Online: (Available August 5, 2001).


Page last modified: March 2, 2011