Securing Windows Server 2003 [Paperback]

Mike Danseglio (Author)

Book Description

Publication Date: November 19, 2004

With the success of computer viruses like Slammer, security issues are now a top priority for Windows system administrators, right alongside day-to-day tasks such as setting up accounts and managing performance. If you use Windows 2003 Server at a small to medium-sized organization, or use Microsoft's Small Business Server, this thorough yet concise tutorial offers the hands-on advice you need for securing your network.

Modern network operating systems include bundled services that range from traditional file and print sharing and Internet services to authentication, directory and remote access services each a potential security vulnerability as well as a capability. Securing Windows Server 2003 shows you how to put Windows security tools to work, and how to run the server's subsystems to protect users and resources. But that's just the beginning.

Network security needs to be well thought-out, not treated as a fire drill when a threat occurs. This book focuses primarily on ways to plan and implement a secure operating environment. Microsoft security veteran Mike Danseglio uses real-world examples to show you how various security concepts relate to your own system, including:

• File System Security
• Group Policy and security templates
• Running secure code
• Authentication
• IP security
• Public Key Certificates and Public Key Infrastructure
• Smart Card technology
• DHCP and DNS security
• Internet Information Services security
• Active Directory security
• Remote access security
• Security audits
• Sending secure email, and more

Many chapters include a debate, in which fictional protagonists discuss the pros and cons of a particular strategy or solution. These debates provide an objective look at competing methodologies, so you can select the solutions that best fit your network. Read this book cover to cover to create and implement a security plan, or use individual chapters as stand-alone lessons. Either way, Securing Windows Server 2003 will guide you safely through the morass of security threats.

Editorial Reviews

About the Author

Mike Danseglio is a Program Manager in the Security Solutions group at Microsoft Corporation. He has worked in the areas of security and technology for the last decade. He holds several technical certifications including MCSE and CISSP. His work includes developing and teaching extensive security training on topics including cryptography, security technology, and attacks and countermeasures. His recent projects include writing security documentation for Windows XP and the Windows Server 2003 family as well as working on a host of white papers and articles. He also works on security feature development for Microsoft Windows.

Product Details

• Paperback: 450 pages
• Publisher: O'Reilly Media; 1 edition (November 19, 2004)
• Language: English
• ISBN-10: 0596006853
• ISBN-13: 978-0596006853
• Product Dimensions: 9.1 x 7.1 x 1.1 inches
• Shipping Weight: 1.6 pounds (View shipping rates and policies)
• Average Customer Review: 4.3 out of 5 stars  See all reviews (12 customer reviews)
• Amazon Best Sellers Rank: #1,513,425 in Books (See Top 100 in Books)

More About the Author

Mike Danseglio has worked in the IT field for more than 20 years. Starting at the bottom allowed Mike to build experience in all aspects of the computer industry. He is an award-winning author, public speaker, and instructor on a variety of technology topics including security, virtualization, computer hardware, cloud computing, wireless and wired networking, and complete IT lifecycle processes including planning, deployment, operation, consolidation, and decommissioning. His security work has included protecting militaries, government agencies, and private industry around the world. Some of Mike's other work includes designing data centers and managing IT projects spanning multiple years and millions of dollars.

Mike prides himself on his unique writing style and rhythm. Most editors and reviewers comment on his ability to break down complex concepts and technologies into understandable components that "just make sense."

Customer Reviews

Most Helpful Customer Reviews

4 of 4 people found the following review helpful:

5.0 out of 5 stars great security book, December 11, 2004

By 

Computer Geek Guy (USA) - See all my reviews

This review is from: Securing Windows Server 2003 (Paperback)

When I bought this book, I didn't expect much. Another treatment of Windows security. A boring rehash of the same old stuff with a few new tidbits that I could use.

I was wrong. This book is excellent! It shows you exactly how to do things the right way. There's no ambiguous lectures or hints here. It says "Do this and you're safe; do that and you're vulnerable." I love that kind of directness. The book also breaks things down so a beginner can learn while they do. I didn't find these sections too valuable myself, but they were easily skipped and are there for the people still ramping up. And it covered pretty much all the security topics I was looking for, including DHCP and PKI. While a couple of important topics were a little light such as IIS, I've already got books specifically on those that I can use.

If you have to deal with Windows 2003 security and you want a direct, no-nonsense approach, buy this book. I wouldn't want it to be the only book on my shelf, but I find it valuable to have it there.

4 of 5 people found the following review helpful:

5.0 out of 5 stars A Great Security Reference Manual, December 21, 2004

By 

Robert L. Stinnett (Boonville, MO) - See all my reviews
(VINE VOICE)    (TOP 1000 REVIEWER)    (REAL NAME)   

This review is from: Securing Windows Server 2003 (Paperback)

In "Securing Windows Server 2003" the author does a superb job of providing a blueprint on how to secure a Windows 2003 system that is accessible by the world. Similar to a checklist, you will find yourself going through this book using it as a guideline as you rollout your Server 2003 installations and double-checking existing ones already live.

The author does a great job of focusing on the task at hand, security, and does not try to do what so many others have -- make this an entire book about implementing 2003. By keeping to the point, the book itself becomes a desk reference instead of another bookshelf weight. Many of the tasks focused on in the book can be bookmarked and refered to for case scenarios during any 2003 implementation.

From understanding the basic security of a Server 2003 system, implementing Group Policy Objects, all the way up to understanding Kerbos and PKI cryptography, this book covers each topic in enough detail to give the reader a firm ground on which to check and implement procedures.

One of the strong features of the book is the author actually walks you through many of the steps you need to take -- with screenshots where appropriate. He does not leave you stranded in the middle of a procedure with only a vague mention of what task to perform next. Experienced administrators will appreciate the fact that he goes into detail to cover all the bases while newer administrators will appreciate the hands-on approach and step-by-step instructions.

Overall, a great security book that should become a standard on any System Administrators bookshelf. Server 2003 has introduced a new era into the Microsoft Server family, one which not all the old tricks and practices of Windows 2000 apply -- this book will help you learn the new ropes and get up to speed quickly.

1 of 1 people found the following review helpful:

3.0 out of 5 stars Good General Guide, January 27, 2006

By 

Joaquin Menchaca (San José, CA USA) - See all my reviews
(REAL NAME)   

This review is from: Securing Windows Server 2003 (Paperback)

I find this book overall well written and a lot of the advice practical. This book tends to be more wordy on the discussion, but does have some excellent nuts-n-bolts practical side. Overall, I think this is a useful guide to most people, but I found that much of the information to be too general, at least those familiar with practical experience or those studying MSCE certification material: GPOs, security templates, MSBSA, SUS, IPSec, IAS, VPN, etc. So at least for me, or others going through books for certification studies, a lot of the material is redundant and offers little in the way of new insights.

One thing that I found most shocking in a book on "Securing Windows" is that is no coverage of a firewall, either ICF or Windows Firewall. I wanted to know about those and how I could use the firewall in conjunction with routing and IPSec, but this essential topic is omitted. I would have also liked some more hands on material covering removing malware (viruses, spyware, etc.) from startup (registry keys) or configuring DACLs for services like DHCP, Telnet, etc. But this book doesn't delve in these depths beyond the basics.

Of interest was Chapter 9 "Certificates and PKI Infrastructure". I found that this chapter was more on philosphy and business aspects, rather than practical implementation. The later I found was sorely incomplete. In particular, the instructions for creating an offline rootCA will be problematic and maybe fail, as there is no mention having empty configuration with CDP and AIA sections using CAPolicy.inf.

Bottom line, good general overvew of security for novice administrators, but for more advanced folks might find the material to be a rehash of the basics.