Windows Server 2003 Security: A Technical Reference [Paperback]

Roberta Bragg (Author)

Book Description

ISBN-10: 0321305019 | ISBN-13: 978-0321305015 | Publication Date: June 5, 2005 | Edition: 1

Security is one of the biggest issues facing Windows administrators. Until now admins have had to gather information from various online and print sources. This is the first book to gather into one place in an easy to follow format all the information available about security on the Windows Server 2003 platform. While it is written in the form of a reference, the author doesn't just list the features, however, but gives a plethora of practical implementation tips. It extends security from single server based best practices to those that can produce an entire security framework for Windows domains. Roberta Bragg is one of the best known writers and speakers on the subject, and she uses her knowledge of what problems professional administrators face every day to fine tune the content to their needs. She will be promoting this book heavily in her many articles and speaking engagements.

Editorial Reviews

From the Back Cover

"Once again, Roberta Bragg proves why she is a leading authority in the security field! It's clear that Roberta has had a great deal of experience in real-world security design and implementation. I'm grateful that this book provides clarity on what is often a baffling subject!"

James I. Conrad, MCSE 2003, Server+, Certified Ethical Hacker
James@accusource.net

"Full of relevant and insightful information. Certain to be a staple reference book for anyone dealing with Windows Server 2003 security. Roberta Bragg's Windows Server 2003 Security is a MUST read for anyone administering Windows Server 2003."

Philip Cox, Consultant, SystemExperts Corporation
phil.cox@systemexperts.com

"Few people in the security world understand and appreciate every aspect of network security like Roberta Bragg. She is as formidable a security mind as I have ever met, and this is augmented by her ability to communicate the concepts clearly, concisely, and with a rapier wit. I have enjoyed working with Roberta more than I have on any of the other 20 some odd books to which I have contributed. She is a giant in the field of network security."

Bob Reinsch
bob.reinsch@fosstraining.com

"Windows Server 2003 Security explains why you should do things and then tells you how to do it! It is a comprehensive guide to Windows security that provides the information you need to secure your systems. Read it and apply the information."

Richard Siddaway, MCSE
rsiddaw@hotmail.com

"Ms. Bragg's latest book is both easy to read and technically accurate. It will be a valuable resource for network administrators and anyone else dealing with Windows Server 2003 security."

Michael VonTungeln, MCSE, CTT
mvontung@yahoo.com

"I subscribe to a number of newsletters that Roberta Bragg writes and I have 'always' found her writing to be perfectly focused on issues I 'need' to know in my workplace when dealing with my users. Her concise writing style and simple solutions bring me back to her columns time after time. When I heard she had written a guide on Windows 2003 security, I 'had' to have it.

Following her guidance on deployment, her advice on avoiding common pitfalls, and her easy to follow guidelines on how to lock down my network and user environments (those darned users!) has me (and my clients) much more comfortable with our Win2k3 Server deployments. From AD to GPO's to EFS, this book covers it all."

Robert Laposta, MCP, MCSA, MCSE, Io Network Services, Sierra Vista
AZrob.laposta@cox.net

"Roberta Bragg has developed a 'must have' manual for administrators who manage Microsoft Windows 2003 servers in their organizations. The best practices for strengthening security controls are well organized with practical examples shared throughout the book. If you work with Windows 2003, you need this great resource."

Harry L. Waldron, CPCU, CCP, AAI, Microsoft MVP - Windows Security Information Technology Consultant
harrywaldronmvp@yahoo.com

"Roberta Bragg's Windows Server 2003 Security offers more than just lucid coverage of how things work, but also offers sound advice on how to make them work better."

Chris Quirk; MVP Windows shell/user
cquirke@mvps.org

"This book is an invaluable resource for anyone concerned about the security of Windows Server 2003. Despite the amount and complexity of the material presented, Roberta delivers very readable and clear coverage on most of the security-related aspects of Microsoft's flagship operative system. Highly recommended reading!"

Valery Pryamikov, Security MVP, Harper Security Consulting
valery.pryamikov@harper.no

"As long as you have something to do with Windows 2003, I have four words for you: 'Order your copy now.'"

Bernard Cheah, Microsoft IIS MVP, Infra Architect, Intel Corp.
bernard@mvps.org

If you're a working Windows administrator, security is your #1 challenge. Now there's a single-source reference you can rely on for authoritative, independent help with every Windows Server security feature, tool, and option: Windows Server 2003 Security

Renowned Windows security expert Roberta Bragg has brought together information that was formerly scattered through dozens of books and hundreds of online sources. She goes beyond facts and procedures, sharing powerful insights drawn from decades in IT administration and security. You'll find expert implementation tips and realistic best practices for every Windows environment, from workgroup servers to global domain architectures. Learn how to:

• Reflect the core principles of information security throughout your plans and processes

• Establish effective authentication and passwords

• Restrict access to servers, application software, and data

• Make the most of the Encrypting File System (EFS)

• Use Active Directory's security features and secure Active Directory itself

• Develop, implement, and troubleshoot group policies

• Deploy a secure Public Key Infrastructure (PKI)

• Secure remote access using VPNs via IPSec, SSL, SMB signing,

• LDAP signing, and more

• Audit and monitor your systems, detect intrusions, and respond appropriately

• Maintain security and protect business continuity on an ongoing basis

"Roberta Bragg has developed a 'must have' manual for administrators who manage Microsoft Windows 2003 servers in their organizations. The best practices for strengthening security controls are well organized, with practical examples shared throughout the book. If you work with Windows 2003, you need this great resource."

Harry L. Waldron
CPCU, CCP, AAI Microsoft MVP—Windows Security Information Technology Consultant

© Copyright Pearson Education. All rights reserved.

About the Author

Roberta Bragg, MCSE, CISSP, and Microsoft MVP, is one of the world's most respected Windows security consultants, columnists, and speakers. She has served as the security advisor for Redmond Magazine (formerly MCP Magazine), and as a feature columnist for the weekly Security Watch e-newsletter. Her books include Hardening Windows Systems (McGraw-Hill Osborne Media, 2004); MCSE Training Guide (70-220): Windows 2000 Network Security Design, Second Edition (Que, 2002); and Windows 2000 Security (New Riders Publishing, 2000). Bragg runs her own company, Have Computer Will Travel. She lives in Kansas City, MO.

© Copyright Pearson Education. All rights reserved.

See all Editorial Reviews

Product Details

• Paperback: 1176 pages
• Publisher: Addison-Wesley Professional; 1 edition (June 5, 2005)
• Language: English
• ISBN-10: 0321305019
• ISBN-13: 978-0321305015
• Product Dimensions: 10.3 x 5.8 x 2.3 inches
• Shipping Weight: 3.6 pounds (View shipping rates and policies)
• Average Customer Review: 4.3 out of 5 stars  See all reviews (7 customer reviews)
• Amazon Best Sellers Rank: #1,086,586 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

5 of 5 people found the following review helpful:

4.0 out of 5 stars Good background information and how to details, March 19, 2006

By 

David Douglass (Bloomingdale, NJ) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Windows Server 2003 Security: A Technical Reference (Paperback)

This book covers a wide range of security topics:

* authentication & authorization
* application security
* NTFS security and EFS (encrypting file system)
* active directory
* public key infrastructure
* remote access, IPSec, & SSL
* patching and support
* backups
* auditing & monitoring

Three types of information are covered: background on how security technologies work, how to implement security, and management processes.

The book works best in the first two areas. Good background information and detailed instructions are given on how to configure Windows Server 2003, often for obscure and difficult topics such as creating a root certificate authority. Other highlights include:

* discussion of lesser known tools, often from the resource or deployment kit
* coverage of authorization manager
* coverage of software restriction policies
* discussion of all the ins and outs of backups (you might be surprised how complicated this can get)

One missing item is .NET code access security, which isn't covered at all. The section on IIS security is lacking.

The biggest problem with the book is the excessive lecturing about best practices and process. For example:

"A backup policy provides the information detailing the what, who, when, and where of information systems backups. Standards designate the current approved backup programs and methodologies that will be used. Procedures detail the steps that must be taken to fulfill the policies and meet the standards."

And on and on. A lot of ink is spilt to say in a thousand different ways 'do things in an organized fashion'. You'd never get around to implementing security if you took all the process and best practice material literally.

2 of 3 people found the following review helpful:

4.0 out of 5 stars Encrypted File System?!, July 3, 2005

By 

W Boudville (Terra, Sol 3) - See all my reviews
(VINE VOICE)    (TOP 1000 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Windows Server 2003 Security: A Technical Reference (Paperback)

In the computing press, and indeed in the general media, Microsoft has taken some flak for security bugs in its operating systems. But by now its Windows Server 2003 has grown into millions of lines of code. The sheer complexity of which can be appreciated by looking at this book. It addresses numerous cases where you, the sysadmin, can or should do certain things to protect your machines.

Possibly the most powerful tools described related to PKI. There is a full implementation of this. Plus, Microsoft lets each user easily encrypt [and of course decrypt] her files, using PKI. A very nice idea. Though, as the book explains, the problem is that currently few users or sysadmins actually avail themselves of this advanced feature. Of all the topics in the book, I found this to be the most interesting. Perhaps you will, also.

5.0 out of 5 stars Roberta is downright scary!, May 15, 2007

By 

M. Ladd (ABQ, NM) - See all my reviews
(REAL NAME)   

This review is from: Windows Server 2003 Security: A Technical Reference (Paperback)

She covers everything. We joke that she may need medication in my office to explain her attention to detail. All joking aside, this book is great. I need to get a copy for my personal library.