Customer Reviews

Windows .Net Server Security Handbook (With CD-ROM)

5 star:		(4)
4 star:		(1)
3 star:		(1)
2 star:		(0)
1 star:		(1)

 

 

This book does a surprisingly good job of reviewing the final release code of .NET Server, and showing its complete security architecture. It had good coverage of .NET PKI, VPNs, IPSec, and Kerberos security, etc, with emphasis on what is new in .NET Server. I wish it had more wireless security, but at least there was one chapter on it. The best chapter was by far the "Securing IIS 6.0" chapter. The book shows enough key differences between Windows 2000 Server Security that are upgraded in .NET Server, that you will probably be convinced to upgrade yourself sometime very soon. Security is treated from both a white-hat and a black-hat (underground hacker) perspective, which gives it some color.

One of the first titles in the .NET security field. I must confess I haven't been particularly pleased with the titles I've looked at so far in this area; rest assured this is the exception. A lot of the chapters read more like a tutorial than documentation, with lots of screen shots and tables of settings that explain more than you would probably learn by sitting through another teacher-reads-book Microsoft course.

When I went through the book in detail I found some very useful nuggets. For example one chapter covers the "security configuration tool set", a complex and confusing aspect of Windows 2000. What's useful here are the series of examples that demonstrate some aspects of how to use these tools. Additionally, the book is full of definitions of security-related terms, insight to new WiFi-based applications and extensive coverage of Windows XP security features. XP's security is much of what is used within the .NET framework, so don't pass it by.

Most of the book is like the above--detailed passages of useful information with more-than occasional implementation tips thrown in. This book is a must-have and sure to be the de-facto standard of .NET security references. If .NET is only on the horizon and you have the money to spare, buy the book and skim through it and flag the interesting sections with Post-it notes for later study.

Why wait for the definitive .NET security book to come out? If this isn't it, maybe I'll write one!

I was impressed with this book. I was a little nervous getting it as it was .NET security, not 2003 - so I knew it may have been dated to RC1. Regardless, I liked the book and it gave me some great security info related to Windows Server 2003. Hope this helps.

This is a very technical book, and goes into a lot of detail on security configuration, examples, etc. Also includes wireless security, VPNs, etc. The best chapter was "locking down IIS 6.0" -- you should buy the book for this chapter, if for no other reason.

It is easy to understand and the author has a wry sense of humor; I'm looking forward to reading his other books.

I found a few inconsistencies with information published by Micro$soft. Additionally the presentation of facts was sporadic & not the easiest to follow. Not unbarable; but I would recommend users get the EXAM CRAM for Security+ and 70-299 Implementing and Administering Security in a Windows 2003 Network. Much more effecient presentation of data, and much broader coverage.

Additionally, if you are serious about securing your network, you MUST go beyond simply securing the Windows environment [or what I've been calling 'Application Layer Security.' Pick up a book or 2 on Intrusion Detection, Firewalls, and Honey Pots [i.e. 'Network Layer Security']. I wouldn't really bother w/ VPN's. They are nice in theory, but they will slow a T3 down to 5MB/sec; completely unrealistic for the enterprise.

If you have time, check out my "How To Be A REAL Hacker" Listmania.

[...] The flow is poor, the language and grammar are simply bad. The text often contains erroneous information. This may be as much a function of the publisher's resources as the authors' capabilities.

If network and server security is your goal you would be much better served with a copy of Stephen Northcutt's Inside Network Perimeter Security.

First, understand the guidelines for network security. Then, the mechanics of setup develop in an almost self evident manner.

Obvious that much hard work went into the book, it is truly an excellent choice for any level of security needs.