BN.com Gift Guide

Windows 2012 Server Network Security: Securing Your Windows Network Systems and Infrastructure

Overview

Windows 2012 Server Network Security provides the most in-depth guide to deploying and maintaining a secure Windows network. The book drills down into all the new ...

See more details below
Paperback
$45.06
BN.com price
(Save 9%)$49.95 List Price

Pick Up In Store

Reserve and pick up in 60 minutes at your local store

Other sellers (Paperback)
  • All (12) from $38.21   
  • New (10) from $38.21   
  • Used (2) from $44.61   
Windows 2012 Server Network Security: Securing Your Windows Network Systems and Infrastructure

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$28.49
BN.com price
(Save 42%)$49.95 List Price

Overview

Windows 2012 Server Network Security provides the most in-depth guide to deploying and maintaining a secure Windows network. The book drills down into all the new features of Windows 2012 and provides practical, hands-on methods for securing your Windows systems networks, including:

  • Secure remote access
  • Network vulnerabilities and mitigations
  • DHCP installations configuration
  • MAC filtering
  • DNS server security
  • WINS installation configuration
  • Securing wired and wireless connections
  • Windows personal firewall
  • Remote desktop services
  • Internet connection sharing
  • Network diagnostics and troubleshooting

Windows network security is of primary importance due to the sheer volume of data residing on Windows networks. Windows 2012 Server Network Security provides network administrators with the most focused and in-depth coverage of Windows network security threats along with methods and techniques for securing important mission-critical networks and assets. The book also covers Windows 8.

  • Provides practical examples of how to secure your Windows network.
  • Focuses specifically on Windows network security rather than general concepts.
  • One of the first books to cover WindowsServer 2012network security.
Read More Show Less

Editorial Reviews

From the Publisher
"Rountree and technical editor Hicks, both experienced Windows network security professionals, intend this seven chapter reference for anyone who must secure a Windows 2012 Server system. It presumes a good knowledge of networking and Windows administration. The first chapter is an introduction to Windows 8 and Server 2012. It covers PowerShell and Server Manager and also provides an introduction to the new IPv6 networking protocol."—Reference & Research Book News, December 2013 "‘This book provides the most in-depth guide to deploying and maintaining a secure Windows network. The book drills down into all the new features of Windows 2012 and provides practical, hands-on methods for securing your Windows systems networks…"—ComputerWeekly.com, September 2, 2013
Read More Show Less

Product Details

  • ISBN-13: 9781597499583
  • Publisher: Elsevier Science
  • Publication date: 4/24/2013
  • Pages: 260
  • Sales rank: 1,439,690
  • Product dimensions: 7.40 (w) x 9.10 (h) x 0.70 (d)

Meet the Author

Derrick Rountree (CISSP, CASP, MCSE) has been in the IT field for almost 20 years. He has a Bachelors of Science in Electrical Engineering. Derrick has held positions as a network administrator, IT consultant, a QA engineer, and an Enterprise Architect. He has experience in network security, operating system security, application security, and secure software development. Derrick has contributed to several other Syngress and Elsevier publications on Citrix, Microsoft, and Cisco technologies.

Read More Show Less

Read an Excerpt

Windows 2012 Server Network Security

Securing Your Windows Network Systems and Infrastructure


By Derrick Rountree

Elsevier Science

Copyright © 2013 Elsevier Inc.
All rights reserved.
ISBN: 978-1-59749-965-1


Excerpt

CHAPTER 1

Introduction


CONTENTS

Intro to Windows 8
and Windows
Server 20121
Server Manager 1
Dashboard 2
Local Server 2
Add Roles and Features 2
Notifications 4
Manage 6
Tools 6
Powershell 6

Intro to IPv66
IPv6 Architecture 7
IPv6Addressing 7
IPv6AddressTypes 8
IPv6 Special Addresses 8
IPv6 Addressing 9

Summary 10


INFORMATION IN THIS CHAPTER

* Intro to Windows 8 and Windows Server 2012

* Intro to IPv6


Networking is a key component of any environment. Windows 8 and Windows Server 2012 offer a wide range of networking features and functionality. It's important that you understand these features and functionality so that you can properly secure them. But, before we get into those, we will start with some more general information. In this chapter, we will start with an overview of some of the key components of Windows 8 and Windows Server 2012 that will help you as we go through the rest of the chapters. Then we will move into a discussion of IPv6, and how it's implemented in Windows 8 and Windows Server 2012.


INTRO TO WINDOWS 8 AND WINDOWS SERVER 2012

When you look at Windows 8 and Windows Server 2012, the first thing you will notice is a big difference in the UI. But, that's not the only difference. There are some important differences in the management of the operating systems. There is a new Server Manager console that offers new management functionality and there has been increased functionality built into Powershell.


Server Manager

In Windows Server 2012, Server Manager has been enhanced to provide greater management and monitoring functionality. It's your starting point for a lot of general administrative functions you will need to perform. You can access event and performance information. You can also install new roles and services from here.


Dashboard

When you log into Windows Server 2012, Server Manager will open. You will be presented with the Dashboard view, as seen in Figure 1.1. The Dashboard view allows you to access information about different roles and services that have been installed on the system. You can view information on manageability, events, performance, and BPA results.


Local Server

The Local Server section, as seen in Figure 1.2, will give you detailed information about the server to which you are currently connected. You can view server properties, events, services, Best Practices Analyzer information, performance information, and roles and features information.


Add Roles and Features

Server Manager is where you go to Add Roles and Features to your server. In upcoming chapters, we will be installing different roles and features. Most of these installs will be launched from Server Manager. The first few steps of all the installs will be the same. So, instead of repeating these steps multiple times, we will go through these steps now:

1. In the Server Manager Dashboard, select Add Roles and Features. This will launch the Add Roles and Features Wizard. First, you will be presented with the Before You Begin screen, as seen in Figure 1.3. This screen describes what can be done using the wizard. It also gives configuration suggestions to follow before you continue with the wizard. Click Next.

2. Next, you will see the Installation Type screen, as seen in Figure 1.4. You have two options. You can install roles or features on the system; or you can install VDI (Virtual Disk Infrastructure) services on the system. Select Role-based or feature-based installation, and click Next.

3. Next you will see the Server Selection screen, as seen in Figure 1.5. Here, you can choose to install to a server or to a VHD (virtual hard disk). If you choose a VHD, you have the option to install to a VHD attached to an online server, or to install to an offline VHD. Select Select a server from the server pool. Then choose the server you want to install onto, and click Next.


Config Export

One useful feature of the Roles and Features Wizard is the ability to export an installation configuration. After you have finished configuring the settings for an installation, you have the option to save the configuration to an XML file. You can then use Powershell to script an install with the same settings on a different server. This not only makes it easier to install multiple servers, but it also helps to ensure consistent installations. The command you would use to perform the install is as follows:

Install-WindowsFeature-ConfigurationPathFile <exportedconfig.xml>.


Notifications

The Notifications section of Server Manager, as seen in Figure 1.6, will provide notification and alert messages. For example, after you install a role, a notification will be posted letting you know that the install was successful. You will also get a notification after an install, if there is post-install configuration that needs to be done.


Manage

The Manage menu provides you the ability to add and remove roles and features. You can add servers to be managed by Server Manager. You can also create server groups.


Tools

The Tools menu brings up a list of various tools that you can use to manage your server. There are entries for Local Security Policy, Performance Monitor, Resource Monitor, the Security Configuration Wizard, and many other options. Some of these security-related tools will be covered later in this book.


Powershell

Powershell is a very powerful management language used with Windows system. Windows Powershell is a combination command-line shell and scripting language. Powershell allows access to COM and WMI management components. This greatly expands the potential of the Powershell language.

Powershell is one of the main tools used for managing Windows systems. In fact, many Windows management consoles are actually built on top of Powershell. Powershell includes a hosting API that can be used by GUI applications to access Powershell functionality. Powershell commands can be executed as cmdlets, Powershell scripts, Powershell functions, and standalone executables. The Powershell process will launch cmdlets within the Powershell process. Standalone executables will be launched as a different process. As Windows moves forward, there will be an increasing reliance on Powershell. It's important that you understand how to use it to manage and administer your systems. As we go through this book we will periodically reference different Powershell commands than may be useful to you.


INTRO TO IPv6

IPv6 is the newest version of the IP protocol. It was designed to replace IPv4, which is the version used throughout most of the Internet. The problem was that there weren't enough IPv4 addresses to satisfy the needs of the growing Internet. IPv6 has been long talked about, but it is just now picking up steam. More and more Internet Service Providers are supporting the protocol. World IPv6 Launch Day was June 6, 2012. This was the day many ISPs and vendors permanently enabled IPv6 on for their products and services.


IPv6 Architecture

The IPv6 architecture is very different from the IPv4 architecture. These architecture differences are what make IPv6 the choice for the future. IPv6 is scalable, secure, and relatively easy to set up.


IPv6 Addressing

IPv6 addresses are 128 bits long. Compare that to IPv4 addresses which are 32 bits. This means there are 3.4 × 1038 addresses. That's approximately 4.8 × 1028 addresses for each person on earth. There is almost no way we will ever use anywhere near that many addresses. The main benefit of having that many addresses available is that you can waste addresses. With IPv4 addresses, there was no room for waste. You had to make sure you made the most efficient use of addresses possible. With IPv6, that's no longer a concern. You should make sure you come up with a scheme that is best for your organization, but it's ok if you waste addresses.


IPv6 Notation

IPv6 addresses consist of eight groups of 16-bit numbers, separated by colons. The 16-bit numbers are represented as hex digits:

abcd:1234:1234:abcd:0230:0bcd:1234:a0cd

As you can see IPv6 addresses can be quite long and very hard to remember. To make things a little bit easier, IPv6 addresses can be abbreviated. There are two ways IPv6 addresses which can be abbreviated. The abbreviations are based on the existence of zeros. First of all you can remove one or more leading zeros from a group of 4 hex digits:

abcd:1234:0000:abcd:0230:0bcd:1234:a0cd

becomes

abcd:1234:0:abcd:230:bcd:1234:a0cd

Also, you can remove an entire section of zeros and replace with a double colon (::). The double colon can only be used once in an address:

0000:0000:abcd:1234: abcd:1234:abcd:1234

becomes

::abcd:1234: abcd:1234:abcd:1234

or

abcd:1234:0000:0000:0000:abcd:1234:abcd

becomes

abcd:1234::abcd:1234:abcd

In IPv4 you had the network portion of the address and the host portion of the address. The subnet mask is used to tell you which portion of the address is which. There are two ways to write IPv4 subnet masks. You can use the traditional form, 255.255.255.0, for example. Or you can use the CIDR format, /24. In IPv6, the network portion of the address is called the prefix. The prefix is also denoted by the subnet mask. But, IPv6 subnet masks are only written using the CIDR format.


IPv6 Address Types

There are three types of addresses used with IPv6: unicast, multicast, and anycast. Unicast addresses are what you would call regular addresses. They are the addresses usually bound to your network card. Unicast addresses should be unique on a network, meaning a single unicast address should only represent a single system. Multicast addresses are used to make a one-to-many connection. Multiple systems can listen on the same multicast address. So, when a system sends out a message using a multicast address, multiple systems may respond. Multicast addresses will start with FF0 or FF1. FF02::2 is the multicast address used by routers. IPv6 uses multicast addresses to accomplish a lot of the functionality performed by broadcast addresses in IPv4. Anycast addresses are addresses that are shared by multiple system. Anycast addresses are generally used to find network devices like routers. When a message is sent out via an anycast address, any system using that address may respond.

Unicast addresses come in four flavors: global, site-local, link-local, and unique local. Global addresses are routable throughout the Internet. Global IPv6 addresses start with 001. Site-local addresses are only routable within a specified site within an organization. Link-local and unique local addresses will be covered in the next section on special addresses.

Note: The concept of sites has been deprecated in IPv6, so site-local addresses are no longer used.


IPv6 Special Addresses

There are several special addresses in IPv6. These addresses or groups of addresses serve very specific function. We will cover the loopback address, link-local addresses, and unique local addresses.


Loopback Address

The loopback address, also called localhost, is probably familiar to you. It is an internal address that routes back to the local system. The loopback address in IPv4 is 127.0.01. In IPv6, the loopback address is 0:0:0:0:0:0:0:1 or ::1.


Link-Local Addresses

Link-local addresses are intended to only be used on a single network segment or subnet. Routers will not route link-local addresses. Link-local addresses also existed in IPv4. They existed in the address block 169.254.0.0/16. These addresses were used by the DHCP autoconfiguration service on a system when a DHCP address could not be obtained. Link-local addresses allow you to have network connectivity until another more suitable address can be obtained. In IPv6, the address block fe80::/64 has been reserved for link-local addresses. The bottom 64 bits used for the address are random. In IPv6 link-local addresses may be assigned by the stateless address autoconfiguration process. IPv6 system must have a link-local address in order for some of internal protocol functions to work properly. So, during a normal startup process, an IPv6 system will obtain a link-local address before it receives a regular, routable IP address.


Unique Local Address

Unique local addresses are a set of addresses that are intended for use in internal networks. They are similar to "private" IPv4 addresses. These addresses can only be used within a specified organization. They are not routable on the global Internet. Using unique local addresses can help prevent external systems from having direct access to your internal systems. The address block fc00::/7 has been reserved to use for unique local addresses.
(Continues...)


Excerpted from Windows 2012 Server Network Security by Derrick Rountree. Copyright © 2013 by Elsevier Inc.. Excerpted by permission of Elsevier Science.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Chapter 1. Introduction

Chapter 2. Network Infrastructure

Chapter 3. Secure Network Access

Chapter 4. Secure Remote Access

Chapter 5. Network Tools and Applications

Chapter 6. Network Vulnerabilities and Mitigations

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)