Customer Reviews

Securing Windows Server 2003

5 star:		(7)
4 star:		(2)
3 star:		(3)
2 star:		(0)
1 star:		(0)

 

 

When I bought this book, I didn't expect much. Another treatment of Windows security. A boring rehash of the same old stuff with a few new tidbits that I could use.

I was wrong. This book is excellent! It shows you exactly how to do things the right way. There's no ambiguous lectures or hints here. It says "Do this and you're safe; do that and you're vulnerable." I love that kind of directness. The book also breaks things down so a beginner can learn while they do. I didn't find these sections too valuable myself, but they were easily skipped and are there for the people still ramping up. And it covered pretty much all the security topics I was looking for, including DHCP and PKI. While a couple of important topics were a little light such as IIS, I've already got books specifically on those that I can use.

If you have to deal with Windows 2003 security and you want a direct, no-nonsense approach, buy this book. I wouldn't want it to be the only book on my shelf, but I find it valuable to have it there.

In "Securing Windows Server 2003" the author does a superb job of providing a blueprint on how to secure a Windows 2003 system that is accessible by the world. Similar to a checklist, you will find yourself going through this book using it as a guideline as you rollout your Server 2003 installations and double-checking existing ones already live.

The author does a great job of focusing on the task at hand, security, and does not try to do what so many others have -- make this an entire book about implementing 2003. By keeping to the point, the book itself becomes a desk reference instead of another bookshelf weight. Many of the tasks focused on in the book can be bookmarked and refered to for case scenarios during any 2003 implementation.

From understanding the basic security of a Server 2003 system, implementing Group Policy Objects, all the way up to understanding Kerbos and PKI cryptography, this book covers each topic in enough detail to give the reader a firm ground on which to check and implement procedures.

One of the strong features of the book is the author actually walks you through many of the steps you need to take -- with screenshots where appropriate. He does not leave you stranded in the middle of a procedure with only a vague mention of what task to perform next. Experienced administrators will appreciate the fact that he goes into detail to cover all the bases while newer administrators will appreciate the hands-on approach and step-by-step instructions.

Overall, a great security book that should become a standard on any System Administrators bookshelf. Server 2003 has introduced a new era into the Microsoft Server family, one which not all the old tricks and practices of Windows 2000 apply -- this book will help you learn the new ropes and get up to speed quickly.

I find this book overall well written and a lot of the advice practical. This book tends to be more wordy on the discussion, but does have some excellent nuts-n-bolts practical side. Overall, I think this is a useful guide to most people, but I found that much of the information to be too general, at least those familiar with practical experience or those studying MSCE certification material: GPOs, security templates, MSBSA, SUS, IPSec, IAS, VPN, etc. So at least for me, or others going through books for certification studies, a lot of the material is redundant and offers little in the way of new insights.

One thing that I found most shocking in a book on "Securing Windows" is that is no coverage of a firewall, either ICF or Windows Firewall. I wanted to know about those and how I could use the firewall in conjunction with routing and IPSec, but this essential topic is omitted. I would have also liked some more hands on material covering removing malware (viruses, spyware, etc.) from startup (registry keys) or configuring DACLs for services like DHCP, Telnet, etc. But this book doesn't delve in these depths beyond the basics.

Of interest was Chapter 9 "Certificates and PKI Infrastructure". I found that this chapter was more on philosphy and business aspects, rather than practical implementation. The later I found was sorely incomplete. In particular, the instructions for creating an offline rootCA will be problematic and maybe fail, as there is no mention having empty configuration with CDP and AIA sections using CAPolicy.inf.

Bottom line, good general overvew of security for novice administrators, but for more advanced folks might find the material to be a rehash of the basics.

I agree with what all the other reviewers said about this book! It is an excellent resource for security enthusiasts and experts alike!

I have the MSPress book for Exam 70-299, Implementing and Administering Security in a Windows Server 2003 Network. And yet, Mike's treatment of IPSEC, cryptography and other 'serious' stuff makes more sense to me now than when i read the MS Press book.

Mike also throws in generous portions of the book devoted to step by step 'how tos' to actually implement certain security scenarios.

Mike! When is your next book coming out??

With the increasing problems of attacks against computers, sysadmins who run Microsoft's Windows Server 2003 need to keep their guard up. The strong market share of servers using this operating system makes them attractive targets. So Donseglio offers timely and prudent actions you can easily understand and implement.

The book goes into various aspects for you to check. Like safely implementing a public key infrastructure, and receiving and issuing certificates. Plus it talks about the perils of a system thread running insecure code. He recommends that you only run third party code that is signed by a reputable authority. Specifically, you should take every precaution if you get a new device driver. On this OS, and indeed on any OS, device drivers have an intimate and low level relationship with it and with the hardware. A rogue device driver might be able to cause physical damage. So beware!

This book is mediocre. It covers all security related topics with regard to Windows Server 2003. I wish some sections had more details. It seems like the author was thumbing through Microsoft technical reference materials and paraphrasing with "Ok so do step 1, then do step 2, then step 3." To this I ask, Well Ok but what is the purpose of step 2? Are there alternatives? What are the pros and cons of step 2? So I guess you could say many areas of this book left we wanting additional details. It did NOT seem like the author had worked through all of these scenarios in a realworld environment (like Mark Minasai).

I used to say "If you buy an O'Reilly book you can't go wrong." I will now modify that to "If you buy an O'Reilly book you USUALLY can't go wrong." This is too bad, since I love O'Reilly books. This is the weakest of all the O'Reilly books I have read.

With that said, the author DOES cover good topics and good explanations. I could not do better. I'm not saying it sucks or anything but I feel a little let down and would recommend to potential book buyers to look around for a better resource.

Actually it is true, a lot of the book is a rehash of common Windows security practices that is way overdocumented, e.g. how many times must we redocument the simple tool Microsoft Baseline Security Analyzer. However, interspersed between the rehashed material are useful insights.

I only wish there was coverage of topics like Windows Firewall or ICF within a Windows security book. I thought that topic would be of import for any security book.

Are you savvy about security in the Windows Server 2003 operating system? If not, this book is for you! Author Mike Danseglio, has done an outstanding job of writing a great book that shows you how to put security to work on behalf of your organization and your users.

Danseglio begins by setting the stage for the rest of the book by providing an introduction to Windows Server 2003. Next, the author covers basic computer security concepts, including cryptography and fundamental practices for security administrators. Then, he covers various aspects of physical security, which is essential for any data security to succeed. The author continues by dealing with securing files with Encrypting File System and other file oriented technologies. In addition, the author next focuses on using Group Policy as a security tool and utilizing Security Templates. He also discusses ways you can protect against running bad applications. Next, the author covers the various authentication protocols supported by Windows Server 2003, including Kerberos. Then, he examines IP Security and its proper deployment to secure network communication. The author continues by conducting an exhaustive examination of PKI and certificate-based cryptography. In addition, the author covers smart card technologies and their proper deployment. He also focuses on the grotesque lack of security in DHCP and DNS technologies and how you can try to shore them up. Next, the author covers Internet Information Services security, or the lack thereof. Then, he examines Active Directory design and operation from a security standpoint, including proper planning and deployment; as well as, securing data between domain controllers. The author continues by covering the security features of Remote Access, including dial-up and VPN connectivity. Finally, he covers additional topics such as administrative security, patch management, and auditing.

With the preceding in mind, the author has also done an excellent job of writing a book that covers Windows Server 2003 and some amount of Windows XP security. But, in order to understand Windows based security, the author has also made sure that non-Windows security topics like physical security, security policy and risk management were covered.

What I don't understand is -- why Microsoft Press didn't publish this book? Mike Danseglio works within Microsoft, so it stands to reason that the information is about as close to the source as humanly possible.

Mike shines in this new text, describing pretty much every security function built in to Windows Server 2003. It's pretty tough to find it all under one roof, but Mike manages to pull it off. In short, if you're looking for a great reference to help you get a grip on what you can actually DO with Windows, be sure to pick up Mike's book.

Securing Windows Server 2003 by Mike Danseglio.
O'Reilly Press
ISBN 0596006853
Reviewed by Steven Mullins-HuNTUG Member

Hands-on Advice for securing and implementing Windows Server 2003.

Being a Security Person this was a book I had been waiting to review. This was a well thought and executed for informing the reader and was on top of the game with the step-by-step instruction on how to plan and implement the new and improved features in Windows Server 2003. If you have been waiting to get your Certificate Services and Public Key Infrastructure (PKI) implemented this is a very good resource to help you walk through the process of configuring your server(s) and what options and features are available to you. If you have been looking for reasons to justify upgrading to your senior staff members (or yourself) this will help you justify why the investment is needed. There are quite a few revised features of Windows Server 2003 that make it worth the time and investment.

This book was formatted so that you could read through it and start installing on the fly with the book, but always remember to check your Hardware Compatibility List. The very first chapter gives you what you need to know about the new improvements and features. The other chapters go from the security features to configuring your server. There are quite a few detailed items such as running secure code to authentication to Smart Cards. The chapter on Certificates and Public Key Infrastructure (Chapter 9) was one of the most informed and well written of any of the books that I have read or studied on securing a specific operating system and was above par for any system manual. Active Directory Security (Chapter 13) was also well planned and laid out for even the lowest user in the forest. The detail that was described in any of the chapters on the subject at hand was very well done and explained for any user level. I really appreciated the detail in which the author went to breaking things down for anyone to understand.

Overall this was well worth the time invested in reading. I received my copy of Windows Server 2003 about the same time so I used it as I installed it on my server at home. If you have not used some of the features in this book, like Encrypted Files Systems or Certificate Authorities then this book would be to your benefit. This book even covered Security tools like Honey pots, SUS (Software Update Services) and the MBSA (Microsoft Baseline Security Analyzer) and secure email. This may be just the start of your venture into security but this is a great resource to start with.