- Shopping Bag ( 0 items )
From Barnes & NobleThe Barnes & Noble Review
Securing Windows 2000 and Windows XP isn’t an “occasional” task: It requires a systematic approach, a strong understanding of the available tools, and ongoing attention. The most complete and useful Windows security blueprint we’ve found is the Microsoft Windows Security Resource Kit.
With the help of Microsoft’s own security team, this book’s authors cover every aspect of security and privacy: principles, securing the core operating system, securing common services, performing assessments and incident response, and managing security updates.
Ben Smith and Brian Komar start by outlining 20 immutable laws of security and security administration (for example, “Absolute anonymity isn’t practical,” “Security only works if the secure way also happens to be the easy way,” “There really is someone out there trying to guess your passwords,” and most important: “Technology is not a panacea”).
Next, following Sun Tzu’s classic directive “Know your enemy and know yourself,” they help you assess where you stand. What are your own skills? What kind of support will you receive for your security initiatives? How well is your network documented?
Then, it’s down to cases with Windows. The authors begin with securing Active Directory -- starting with user accounts and passwords. You know you’re not supposed to use administrative accounts for routine activities, but do you always pay attention? (Try RunAs, a.k.a. Secondary Logon, as an easy alternative.) Think you know all about passwords? So are you using Passfilt.dll to require harder-to-guess passwords?
There’s a full chapter on securing AD objects and attributes: configuring DACLs (including command line shortcuts); applying least privilege, and so forth. The authors cover group policies in depth, including object filtering and loopback mode processing. They also offer complete guidance on designing more secure AD forests and domains -- and as with every chapter in the book, they offer specific best practices. (“Use multiple forests if you require discrete isolation.” “Control membership in security groups with high security requirements.”)
One step at a time, you’ll walk through securing permissions and services; implementing TCP/IP security; IE6 (you have upgraded, right?), and Microsoft Office XP -- including Outlook 2002. There’s a chapter on applying security templates to individual computers and via group policies; another on auditing Windows security events; and one on securing mobile computers and wireless networks.
There’s detailed coverage of securing Windows’ key services: DNS, Terminal Services, DHCP, WINS, routing and remote access, certificate services, and IIS 5 (but not IIS 6 -- but then you probably haven’t finished qualifying Windows Server 2003 yet, have you?)
You’ll find a six-step plan for managing patches from notification through validation; as well as practical coverage of Microsoft’s Baseline Security Analyzer and Software Update Services. There’s an excellent section on privacy -- on both your corporate web site and within the enterprise. Last but not least, there’s a CD-ROM full of Microsoft security tools and resources you could probably track down on your own -- if you had days to do it. Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition.