Securing Windows Server 2003

Larger Cover

By Mike Danseglio

Publisher: O'Reilly Media

Released: November 2004

Pages: 448

With the success of computer viruses like Slammer, security issues are now a top priority for Windows system administrators, right alongside day-to-day tasks such as setting up accounts and managing performance. If you use Windows 2003 Server at a small to medium-sized organization, or use Microsoft's Small Business Server, this thorough yet concise tutorial offers the hands-on advice you need for securing your network.

Modern network operating systems include bundled services that range from traditional file and print sharing and Internet services to authentication, directory and remote access services each a potential security vulnerability as well as a capability. Securing Windows Server 2003 shows you how to put Windows security tools to work, and how to run the server's subsystems to protect users and resources. But that's just the beginning.

Network security needs to be well thought-out, not treated as a fire drill when a threat occurs. This book focuses primarily on ways to plan and implement a secure operating environment. Microsoft security veteran Mike Danseglio uses real-world examples to show you how various security concepts relate to your own system, including:

File System Security
Group Policy and security templates
Running secure code
Authentication
IP security
Public Key Certificates and Public Key Infrastructure
Smart Card technology
DHCP and DNS security
Internet Information Services security
Active Directory security
Remote access security
Security audits
Sending secure email, and more

Many chapters include a debate, in which fictional protagonists discuss the pros and cons of a particular strategy or solution. These debates provide an objective look at competing methodologies, so you can select the solutions that best fit your network. Read this book cover to cover to create and implement a security plan, or use individual chapters as stand-alone lessons. Either way, Securing Windows Server 2003 will guide you safely through the morass of security threats.

Chapter 1 Introduction to Windows Server 2003 Security
1. What Is Security?
2. What Is Windows Server 2003?
3. Security Design in Windows Server 2003
4. Security Features in the Windows Server 2003 Family
5. Summary
Chapter 2 Basics of Computer Security
1. Why Computer Security Is Important
2. Security Enforcement Mechanisms
3. POLA: The Principle of Least Access
4. Key-Based Cryptography
5. Authorization and Authentication
6. Password Basics
7. Network Security
8. Keeping Your Eyes Open
9. Summary
Chapter 3 Physical Security
1. Identifying Physical Security Vulnerabilities
2. Protecting Physical Assets
3. Holistic Security: Best Practices
4. Summary
Chapter 4 File System Security
1. Protecting Files with NTFS File Permissions
2. Protecting Data with the Encrypting File System
3. Protecting System Information with Syskey
4. Summary
Chapter 5 Group Policy and Security Templates
1. What Is Group Policy?
2. How Group Policy Works
3. How Do Security Templates Work?
4. Using Group Policy to Enforce Security
5. Using Security Templates to Deploy Secure Configurations
6. Summary
Chapter 6 Running Secure Code
1. Identifying Secure Code
2. Driver Signing
3. Software Restriction Policies
4. Summary
Chapter 7 Authentication
1. LAN Manager and NTLM
2. Kerberos
3. Summary
Chapter 8 IP Security
1. What Is IP Security?
2. How Does IPSec Work?
3. Microsoft’s Implementation of IPSec in Windows Server 2003
4. Using IPSec Correctly
5. Summary
Chapter 9 Certificates and Public Key Infrastructure
1. What Are Certificates?
2. What Do I Do with Certificates?
3. What Is a Certification Authority?
4. Deciding Between Public and Private Certification Authorities
5. Implementing a Public PKI
6. Planning Your Private Certification Hierarchy
7. Implementing a Private Certification Hierarchy
8. Maintaining Your Hierarchy
9. Summary
Chapter 10 Smart Card Technology
1. What Are Smart Cards?
2. Using Smart Cards
3. Summary
Chapter 11 DHCP and DNS Security
1. DHCP
2. DNS
3. DNS and DHCP Together
4. Summary
Chapter 12 Internet Information Services Security
1. What Is IIS?
2. How Does IIS Work?
3. Using IIS Securely
4. Summary
Chapter 13 Active Directory Security
1. What Is Active Directory?
2. Structural Components of Active Directory
3. Domain Controllers
4. Default Security Through GPOs
5. Providing Security for Domains
6. Providing Security for Forests
7. Providing Security for Active Directory Objects
8. Providing Security for Domain Controllers
9. Summary
Chapter 14 Remote Access Security
1. What Is Remote Access?
2. Controlling Access
3. Authentication and Encryption Protocols
4. Virtual Private Networks
5. Example Implementations for Remote Access
6. Summary
Chapter 15 Auditing and Ongoing Security
1. Security Policies and Procedures
2. Auditing
3. Operating System Updates
4. Summary

Appendix Sending Secure Email
1. What Is Secure Email?
2. How Does Secure Email Work?
3. Considerations for Secure Email
4. Secure Email Implementation
5. Summary
Colophon

Title:

Securing Windows Server 2003

By:

Mike Danseglio

Publisher:

O'Reilly Media

Formats:

Print
Safari Books Online

Print:

November 2004

Pages:

448

Print ISBN:

978-0-596-00685-3

| ISBN 10:

0-596-00685-3

Colophon

Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The animal on the cover of Securing Windows Server 2003 is a wandering albatross (Diomedea exulans). Named for its unique flying ability, the wandering albatross covers the Southern hemisphere by wing, landing only to mate and scavenge. In nonbreeding years, it has been known to circumnavigate the globe.

The largest of the seabirds, the wandering albatross can achieve a wingspan of almost 3.5 meters and can reach up to 1.35 meters in length. (Females are somewhat smaller than males.) From a distance, the bird appears entirely white, except for its pinkish beak. Viewed up close, however, it has fine black lines on its neck, breast, tail, and wingtips.

The wandering albatross can live up to 60 years. It matures at around 12 years of age. The albatross socializes and courts during its adolescent years, then mates for life. During its lifetime, it will breed every two years. Its preferred food and drink include saltwater, cuttlefish, squid, and food scraps cast off from ships.

An endangered species, the wandering albatross is threatened by surface longline fishing for tuna. The albatross may ingest baited hooks used in such fishing. Tending to follow sailing ships, the wandering albatross has been the inspiration for much marine folklore and poetry. Claire Cloutier was the production editor for Securing Windows Server 2003. Brian MacDonald was the developmental editor; Norma Emory was the copyeditor; and Linley Dolby was the proofreader. Linley Dolby, Philip Dangler, and Darren Kelly provided quality control. Caitrin McCullough, Marlowe Shaeffer, and Mary Agner provided production assistance. Judy Hoer wrote the index.

Emma Colby designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from the Dover Pictorial Archive. Emma Colby produced the cover layout with QuarkXPress 4.1 using Adobe's ITC Garamond font.

Melanie Wang designed the interior layout, based on a series design by David Futato. This book was converted by Joe Wizda to FrameMaker 5.5.6 with a format conversion tool created by Erik Ray, Jason McIntosh, Neil Walls, and Mike Sierra that uses Perl and XML technologies. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSans Mono Condensed. The illustrations that appear in the book were produced by Robert Romano and Jessamyn Read using Macromedia FreeHand MX and Adobe Photoshop CS. The tip and warning icons were drawn by Christopher Bing. This colophon was written by Meghan Lydon.

Description

Table of Contents

Product Details

About the Author

Colophon

Recommended for You

Recently Viewed

Programming PHP, 2nd Edition

Creating Dynamic Web Pages

By Rasmus Lerdorf, Kevin Tatroe, Peter MacIntyre

April 2006

Ebook: $31.99

Print & Ebook: $43.99

Print: $39.99

BSD Hacks

100 Industrial Tip & Tools

By Dru Lavigne

May 2004

Ebook: $19.99

Print & Ebook: $27.45

Print: $24.95

Access Cookbook, 2nd Edition

Solutions to Common User Interface & Programming Problems

By Ken Getz, Paul Litwin, Andy Baron

March 2004

Ebook: $31.99

Print & Ebook: $54.95

Print: $49.95

Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews

oreilly Securing Windows Server 2003

5.0

(based on 1 review)

Reviews

Reviewed by 1 customer

Displaying review 1

2/18/2005

5.0

An excellent security book for all

By Anonymous

from Undisclosed

Comments about oreilly Securing Windows Server 2003:

The book is very thorough. Mike Danseglio really knows his stuff and he knows how to impart it in a practical and comprehensible way. If you are responsible for a Windows 2003 server then everything you really need to know and implement on a day to day basis is in here. He takes you from a simple description of what security really is and means, to the unspoken and over looked security problems and solutions of DHCP, DNS and IIS and much, much more. This book covers the total nature of creating an environment which maintains an acceptable level of security. It doesn't kid you that you can make any system 100% secure, but it gives you the peace of mind that comes from knowing exactly what your exposure is at the end of your security policy implementation. It takes each physical and programatical security issue of a Windows 2003 environment (though most of the advise could be applied to any computing environment), points out the security loop holes and tells you what your options are for plugging them, from newer ideas like smart cards to good practices, securing your network protocols and using encryption.

Some of the book explores the varying options for security implementation on any given security issue, bringing you to the understanding that there is no one right answer and that making a system usable is directly contrary to making it secure, so you have to strike the right balance and be proactive as well as reactive.Conclusion:

Read it cover to cover, go through it systematically to secure your entire server or use it as a reference for specific items you want to secure. You won't be sorry you bought this book. If you only buy one Security book this year, make it this one.

Displaying review 1

Save a Tree - Go Digital what is this?

Print: $39.95

Safari Books Online - Read now >

Chapter 1 Introduction to Windows Server 2003 Security

What Is Security?

What Is Windows Server 2003?

Security Design in Windows Server 2003

Security Features in the Windows Server 2003 Family

Summary

Chapter 2 Basics of Computer Security

Why Computer Security Is Important

Security Enforcement Mechanisms

POLA: The Principle of Least Access

Key-Based Cryptography

Authorization and Authentication

Password Basics

Network Security

Keeping Your Eyes Open

Summary

Chapter 3 Physical Security

Identifying Physical Security Vulnerabilities

Protecting Physical Assets

Holistic Security: Best Practices

Summary

Chapter 4 File System Security

Protecting Files with NTFS File Permissions

Protecting Data with the Encrypting File System

Protecting System Information with Syskey

Summary

Chapter 5 Group Policy and Security Templates

What Is Group Policy?

How Group Policy Works

How Do Security Templates Work?

Using Group Policy to Enforce Security

Using Security Templates to Deploy Secure Configurations

Summary

Chapter 6 Running Secure Code

Identifying Secure Code

Driver Signing

Software Restriction Policies

Summary

Chapter 7 Authentication

LAN Manager and NTLM

Kerberos

Summary

Chapter 8 IP Security

What Is IP Security?

How Does IPSec Work?

Microsoft’s Implementation of IPSec in Windows Server 2003

Using IPSec Correctly

Summary

Chapter 9 Certificates and Public Key Infrastructure

What Are Certificates?

What Do I Do with Certificates?

What Is a Certification Authority?

Deciding Between Public and Private Certification Authorities

Implementing a Public PKI

Planning Your Private Certification Hierarchy

Implementing a Private Certification Hierarchy

Maintaining Your Hierarchy

Summary

Chapter 10 Smart Card Technology

What Are Smart Cards?

Using Smart Cards

Summary

Chapter 11 DHCP and DNS Security

DHCP

DNS

DNS and DHCP Together

Summary

Chapter 12 Internet Information Services Security

What Is IIS?

How Does IIS Work?

Using IIS Securely

Summary

Chapter 13 Active Directory Security

What Is Active Directory?

Structural Components of Active Directory

Domain Controllers

Default Security Through GPOs

Providing Security for Domains

Providing Security for Forests

Providing Security for Active Directory Objects