Microsoft Windows Security Resource Kit (Pro-Resource Kit) [Paperback]

Ben Smith (Author), Brian Komar (Author), Microsoft Corporation (Author)

Book Description

Publication Date: April 9, 2003 | ISBN-10: 0735618682 | ISBN-13: 978-0735618688 | Edition: Bk&CD-Rom

Get the in-depth information and tools you need to help secure Microsoft® Windows®–based clients, servers, networks, and Internet services with expertise from those who know the technology best—the Microsoft Security Team. These expert authors prescribe how to plan and implement a comprehensive security-management strategy—from identifying risks to configuring security technologies, applying security best practices, and monitoring and responding to security incidents. The kit also provides essential security tools, scripts, and other on-the-job resources—all designed to help maximize data and system security while minimizing downtime and costs.

• Gain a framework for understanding security threats and vulnerabilities and applying countermeasures
• Help protect servers, desktops, and laptops by configuring permissions, security templates, TCP/IP settings, and application-level security
• Implement security enhancements for domain controllers, Microsoft Internet Information Services 5.0, Windows Terminal Services, and DNS, DHCP, WINS, RAS, VPN, and certificate servers
• Help secure Active Directory® objects, attributes, domains, and forests; use Group Policy; manage user accounts and passwords
• Develop an auditing strategy and incident response team
• Utilize security assessment tools, detect and respond to internal and external security incidents, and recover services
• Create a process for deploying and managing security updates *Help establish your enterprise privacy strategy

CD features: 50+ tools and scripts from the Microsoft Security Team and the Microsoft Windows Resource Kits, including: Subinacl.exe—view and help maintain security on files, registry keys, and services from the command line or in batch files Ntrights.exe—set user rights from the command line or in batch files EventcombMT.exe—collect and search event logs from multiple computers through a GUI Scripts for configuring security Plus, a fully searchable eBook

A Note Regarding the CD or DVD

The print version of this book ships with a CD or DVD. For those customers purchasing one of the digital formats in which this book is available, we are pleased to offer the CD/DVD content as a free download via O'Reilly Media's Digital Distribution services. To download this content, please visit O'Reilly's web site, search for the title of this book to find its catalog page, and click on the link below the cover image (Examples, Companion Content, or Practice Files). Note that while we provide as much of the media content as we are able via free download, we are sometimes limited by licensing restrictions. Please direct any questions or concerns to booktech@oreilly.com.

Product Details

• Paperback: 720 pages
• Publisher: Microsoft Press; Bk&CD-Rom edition (April 9, 2003)
• Language: English
• ISBN-10: 0735618682
• ISBN-13: 978-0735618688
• Product Dimensions: 9.2 x 7.4 x 1.8 inches
• Shipping Weight: 6.8 pounds
• Average Customer Review: 4.6 out of 5 stars  See all reviews (10 customer reviews)
• Amazon Best Sellers Rank: #1,435,698 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

31 of 31 people found the following review helpful:

5.0 out of 5 stars Great security info and not just for administrators, August 12, 2003

By 

Steven L. Umbach (Bartlett, Il United States) - See all my reviews
(REAL NAME)   

This review is from: Microsoft Windows Security Resource Kit (Pro-Resource Kit) (Paperback)

The Windows Security Resource Kit is a wonderful wealth of information on securing Windows networks and operating systems. It is useful for anyone above the beginner level. It concentrates on using features of primarily Windows 2000 and XP to maximize security for various levels of needs. It is not about building a bastion host or configuring firewalls.

It is not a "cookbook" like too many training manuals are these days and is not full of fluff - it covers a lot of territory in it's 680 pages and is not geared for technogeeks, but is clearly written and understandable to the average Joe and Jane [except page 349]. The first two chapters put you in the security "mindset" - Key Principles of Security [including the Ten Immutable Laws of Security] and Understanding Your Enemy. I think that is very important, because security needs to be approached from an attitude about what you are up against and how only one vulnerability can sink your boat.

The next twenty three chapters are logically divided into security topics that can later be accessed easily as needed for reference purposes. Each chapter ends with best pratices recap and references to other books or Knowledge Base articles.

I thought the "meat" of the book was thorough, interesting, and accurate. Finally I have one place to go for an explaination of what ALL the user rights, security options, and services are. There is an excellent chapter on securing tcp/ip with specific recommendations on registry modifications to defend against a denial of service attack and even a .vbs script on the cdrom to implement them all. An equally excellent chapter on auditing including comprehensive tables explaining Event Ids and Event ID 681 failure codes. I finally know what the difference is between auditing account log on and log on events. Chapter 10 goes into great detail about ALL of the various settings in the Web Content Zones for Internet Explorer and how to configure them for your needs. Cookie/Privacy settings are also explained in detail. Chapter 7 includes specific recommendations on ntfs security settings for every folder in a new installation and a security template to implement them. I was impressed with Chapter 21 in that it shows you how to secure an IIS 5.0 server without having to be an IIS expert. Chapters 22 and 23 nicely explain patch management, Windows Update, using Microsoft Baseline Security Analyzer tool, and using SUS for patch management on a large scale basis. The chapter on remote access and vpn explains the differences in pptp and l2tp and when to use each. Other chapters cover securing Terminal Services, authentication - various settings for Lan Manager authentication level, managing security templates/Security Configuration and Analysis tool, wireless networking/WEP, EFS [ten pages of crucial info], ipsec, Certificate Services, Group Policy, Active Directory [I now know how to use dsacls to reset object permissions to default], securing laptops [very informative], permissions, account/password policies, and managing users. Chapter 24 covers using security assessment tools including how to port scan and a extensive chart of common Windows ports and what applications use them.

Part VI of the book breaks away from Windows specific configurations and is called Planning and Performing Security Assessments and Incident Responses. It discusses vulnerability scanning, penetration testing, and security audits. This part is also extremely informative to those of us who are not trained in what to do after an incident - what to do when an intrusion is detected, who to inform , and most importantly how to preserve data in the event of criminal prosecution or to reconstruct the attack. The last chapter goes into privacy issues that one needs to know as how far can one go in gathering information from a legal standpoint.

Windows Security Resource kit is a very valuable resource in my opinion to anyone interested in securing a Windows computer or network. The writing style is very understandable and you do not have to read the whole book for it to make sense if only certain topics are of interest. It does not however go into too much detail on importance of virus/trojan protection or perimiter/firewall security but there are whole other books written on those topics. The included cdrom has many tools from the Resource Kit and the book itself. I also highly recommend it to anyone studying for their MCSE and consider it a "must have" for anyone planning to take any of the MCSE security exams or pursue the MCSE Security certification. Kudos to Microsoft Press for this one.

8 of 9 people found the following review helpful:

3.0 out of 5 stars An overly wordy reference with lots of hidden gems, January 27, 2004

By 

Craig Humphrey (Auckland, New Zealand) - See all my reviews

This review is from: Microsoft Windows Security Resource Kit (Pro-Resource Kit) (Paperback)

I've read nearly a dozen security related books now, including a lot from the Hacking Exposed team. This doesn't compare. There's no flare, there's no personality, it's a reference text.

It reads like a text book, infact, 90% of what's in it is probably in the standard MS texts, manuals and online. So while it's great they've brought all this info together in one place, they might have been better to wrap explination around references, rather than repeating information verbose.

There are lots of gems hidden away, like a detailed description of how kerberos and the token issueing processes work. But sometimes it really falls short, like when listing security related event IDs, it only lists the "more common" ones and there's no reference to locate the rest.

I read this cover to cover, which I think was a mistake, it's probably better as a reference, where if you've got a task to perform, you skim the relevant sections.

Your milage may vary.

4 of 4 people found the following review helpful:

5.0 out of 5 stars Handy security reference manual to have around., March 24, 2003

By 

Michael J Woznicki "Michael J Woznicki" (Holland, MA USA) - See all my reviews
(HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Microsoft Windows Security Resource Kit (Pro-Resource Kit) (Paperback)

Recently I passed the 70-214 exam, Security in a Windows 2000 Network Environment, I had very little resources to work with in my studies. What I could have used is this book which makes the perfect companion to Microsoft Press 70-214 Study guide.

The text is written to a specific exam, but rather to a specific topic, security and securing your network. The book works with Windows 2000 and XP network environments and gives you extensive coverage of the security settings you may need to implement on your network.

The authors created a 650 plus page text, which covers everything from passwords and group policies to terminal services and remote access security. I found some very and highly useful information, I really like chapter 2, Understanding Your Enemy.

Included with the book is a cdrom with over 50 utilities you can use for finding security leaks, holes and other risks. One tool I think needs to be added is the MBSA utility and this can be added in future updates.

Overall if you are looking to find ways to make you network more secure than this book is for you. Also whether you are new to the security arena or an old timer you can certainly learn something new.