With the success of computer viruses like Slammer, security issues are now a top priority for Windows system administrators, right alongside day-to-day tasks such as setting up accounts and managing performance. If you use Windows 2003 Server at a small to medium-sized organization, or use Microsoft's Small Business Server, this thorough yet concise tutorial offers the hands-on advice you need for securing your network.Modern network operating systems include bundled services that range from traditional file and print sharing and Internet services to authentication, directory and remote access services each a potential security vulnerability as well as a capability. Securing Windows Server 2003 shows you how to put Windows security tools to work, and how to run the server's subsystems to protect users and resources. But that's just the beginning.Network security needs to be well thought-out, not treated as a fire drill when a threat occurs. This book focuses primarily on ways to plan and implement a secure operating environment. Microsoft security veteran Mike Danseglio uses real-world examples to show you how various security concepts relate to your own system, including:
File System Security
Group Policy and security templates
Running secure code
Public Key Certificates and Public Key Infrastructure
Smart Card technology
DHCP and DNS security
Internet Information Services security
Active Directory security
Remote access security
Sending secure email, and more
Many chapters include a debate, in which fictional protagonists discuss the pros and cons of a particular strategy or solution. These debates provide an objective look at competing methodologies, so you can select the solutions that best fit your network. Read this book cover to cover to create and implement a security plan, or use individual chapters as stand-alone lessons. Either way, Securing Windows Server 2003 will guide you safely through the morass of security threats.
Chapter 1 Introduction to Windows Server 2003 Security
What Is Security?
What Is Windows Server 2003?
Security Design in Windows Server 2003
Security Features in the Windows Server 2003 Family
Chapter 2 Basics of Computer Security
Why Computer Security Is Important
Security Enforcement Mechanisms
POLA: The Principle of Least Access
Authorization and Authentication
Keeping Your Eyes Open
Chapter 3 Physical Security
Identifying Physical Security Vulnerabilities
Protecting Physical Assets
Holistic Security: Best Practices
Chapter 4 File System Security
Protecting Files with NTFS File Permissions
Protecting Data with the Encrypting File System
Protecting System Information with Syskey
Chapter 5 Group Policy and Security Templates
What Is Group Policy?
How Group Policy Works
How Do Security Templates Work?
Using Group Policy to Enforce Security
Using Security Templates to Deploy Secure Configurations
Chapter 6 Running Secure Code
Identifying Secure Code
Software Restriction Policies
Chapter 7 Authentication
LAN Manager and NTLM
Chapter 8 IP Security
What Is IP Security?
How Does IPSec Work?
Microsoft’s Implementation of IPSec in Windows Server 2003
Using IPSec Correctly
Chapter 9 Certificates and Public Key Infrastructure
What Are Certificates?
What Do I Do with Certificates?
What Is a Certification Authority?
Deciding Between Public and Private Certification Authorities
Mike Danseglio is a Program Manager in the Security Solutions group at Microsoft Corporation. He has worked in the areas of security and technology for the last decade. He holds several technical certifications including MCSE and CISSP. His work includes developing and teaching extensive security training on topics including cryptography, security technology, and attacks and countermeasures. His recent projects include writing security documentation for Windows XP and the Windows Server 2003 family as well as working on a host of white papers and articles. He also works on security feature development for Microsoft Windows.
Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The animal on the cover of Securing Windows Server 2003 is a wandering albatross (Diomedea exulans). Named for its unique flying ability, the wandering albatross covers the Southern hemisphere by wing, landing only to mate and scavenge. In nonbreeding years, it has been known to circumnavigate the globe.The largest of the seabirds, the wandering albatross can achieve a wingspan of almost 3.5 meters and can reach up to 1.35 meters in length. (Females are somewhat smaller than males.) From a distance, the bird appears entirely white, except for its pinkish beak. Viewed up close, however, it has fine black lines on its neck, breast, tail, and wingtips.The wandering albatross can live up to 60 years. It matures at around 12 years of age. The albatross socializes and courts during its adolescent years, then mates for life. During its lifetime, it will breed every two years. Its preferred food and drink include saltwater, cuttlefish, squid, and food scraps cast off from ships.An endangered species, the wandering albatross is threatened by surface longline fishing for tuna. The albatross may ingest baited hooks used in such fishing. Tending to follow sailing ships, the wandering albatross has been the inspiration for much marine folklore and poetry. Claire Cloutier was the production editor for Securing Windows Server 2003. Brian MacDonald was the developmental editor; Norma Emory was the copyeditor; and Linley Dolby was the proofreader. Linley Dolby, Philip Dangler, and Darren Kelly provided quality control. Caitrin McCullough, Marlowe Shaeffer, and Mary Agner provided production assistance. Judy Hoer wrote the index.Emma Colby designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from the Dover Pictorial Archive. Emma Colby produced the cover layout with QuarkXPress 4.1 using Adobe's ITC Garamond font.Melanie Wang designed the interior layout, based on a series design by David Futato. This book was converted by Joe Wizda to FrameMaker 5.5.6 with a format conversion tool created by Erik Ray, Jason McIntosh, Neil Walls, and Mike Sierra that uses Perl and XML technologies. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSans Mono Condensed. The illustrations that appear in the book were produced by Robert Romano and Jessamyn Read using Macromedia FreeHand MX and Adobe Photoshop CS. The tip and warning icons were drawn by Christopher Bing. This colophon was written by Meghan Lydon.
Comments about oreilly Securing Windows Server 2003:
The book is very thorough. Mike Danseglio really knows his stuff and he knows how to impart it in a practical and comprehensible way. If you are responsible for a Windows 2003 server then everything you really need to know and implement on a day to day basis is in here. He takes you from a simple description of what security really is and means, to the unspoken and over looked security problems and solutions of DHCP, DNS and IIS and much, much more. This book covers the total nature of creating an environment which maintains an acceptable level of security. It doesn't kid you that you can make any system 100% secure, but it gives you the peace of mind that comes from knowing exactly what your exposure is at the end of your security policy implementation. It takes each physical and programatical security issue of a Windows 2003 environment (though most of the advise could be applied to any computing environment), points out the security loop holes and tells you what your options are for plugging them, from newer ideas like smart cards to good practices, securing your network protocols and using encryption.
Some of the book explores the varying options for security implementation on any given security issue, bringing you to the understanding that there is no one right answer and that making a system usable is directly contrary to making it secure, so you have to strike the right balance and be proactive as well as reactive.Conclusion:
Read it cover to cover, go through it systematically to secure your entire server or use it as a reference for specific items you want to secure. You won't be sorry you bought this book. If you only buy one Security book this year, make it this one.