Securing Windows Server 2003

Print $39.95

Safari Books Online

What is this?

Print £30.50

What is this?

Securing Windows Server 2003

By: Mike Danseglio
Publisher:: O'Reilly Media
Released:: November 2004
Pages:: 448

Description

If you use Windows 2003 Server at a small to medium-sized organization, or use Microsoft's Small Business Server, this thorough yet concise tutorial offers the hands-on advice you need for securing your network. Securing Windows Server 2003 not only shows you how to put Windows security tools to work, but guides you through ways to plan and implement a secure operating environment.

Full Description

With the success of computer viruses like Slammer, security issues are now a top priority for Windows system administrators, right alongside day-to-day tasks such as setting up accounts and managing performance. If you use Windows 2003 Server at a small to medium-sized organization, or use Microsoft's Small Business Server, this thorough yet concise tutorial offers the hands-on advice you need for securing your network. Modern network operating systems include bundled services that range from traditional file and print sharing and Internet services to authentication, directory and remote access services each a potential security vulnerability as well as a capability. Securing Windows Server 2003 shows you how to put Windows security tools to work, and how to run the server's subsystems to protect users and resources. But that's just the beginning. Network security needs to be well thought-out, not treated as a fire drill when a threat occurs. This book focuses primarily on ways to plan and implement a secure operating environment. Microsoft security veteran Mike Danseglio uses real-world examples to show you how various security concepts relate to your own system, including:

File System Security
Group Policy and security templates
Running secure code
Authentication
IP security
Public Key Certificates and Public Key Infrastructure
Smart Card technology
DHCP and DNS security
Internet Information Services security
Active Directory security
Remote access security
Security audits
Sending secure email, and more

Many chapters include a debate, in which fictional protagonists discuss the pros and cons of a particular strategy or solution. These debates provide an objective look at competing methodologies, so you can select the solutions that best fit your network. Read this book cover to cover to create and implement a security plan, or use individual chapters as stand-alone lessons. Either way, Securing Windows Server 2003 will guide you safely through the morass of security threats.

Table of Contents

Chapter 1 Introduction to Windows Server 2003 Security
1. What Is Security?
2. What Is Windows Server 2003?
3. Security Design in Windows Server 2003
4. Security Features in the Windows Server 2003 Family
5. Summary
Chapter 2 Basics of Computer Security
1. Why Computer Security Is Important
2. Security Enforcement Mechanisms
3. POLA: The Principle of Least Access
4. Key-Based Cryptography
5. Authorization and Authentication
6. Password Basics
7. Network Security
8. Keeping Your Eyes Open
9. Summary
Chapter 3 Physical Security
1. Identifying Physical Security Vulnerabilities
2. Protecting Physical Assets
3. Holistic Security: Best Practices
4. Summary
Chapter 4 File System Security
1. Protecting Files with NTFS File Permissions
2. Protecting Data with the Encrypting File System
3. Protecting System Information with Syskey
4. Summary
Chapter 5 Group Policy and Security Templates
1. What Is Group Policy?
2. How Group Policy Works
3. How Do Security Templates Work?
4. Using Group Policy to Enforce Security
5. Using Security Templates to Deploy Secure Configurations
6. Summary
Chapter 6 Running Secure Code
1. Identifying Secure Code
2. Driver Signing
3. Software Restriction Policies
4. Summary
Chapter 7 Authentication
1. LAN Manager and NTLM
2. Kerberos
3. Summary
Chapter 8 IP Security
1. What Is IP Security?
2. How Does IPSec Work?
3. Microsoft's Implementation of IPSec in Windows Server 2003
4. Using IPSec Correctly
5. Summary
Chapter 9 Certificates and Public Key Infrastructure
1. What Are Certificates?
2. What Do I Do with Certificates?
3. What Is a Certification Authority?
4. Deciding Between Public and Private Certification Authorities
5. Implementing a Public PKI
6. Planning Your Private Certification Hierarchy
7. Implementing a Private Certification Hierarchy
8. Maintaining Your Hierarchy
9. Summary
Chapter 10 Smart Card Technology
1. What Are Smart Cards?
2. Using Smart Cards
3. Summary
Chapter 11 DHCP and DNS Security
1. DHCP
2. DNS
3. DNS and DHCP Together
4. Summary
Chapter 12 Internet Information Services Security
1. What Is IIS?
2. How Does IIS Work?
3. Using IIS Securely
4. Summary
Chapter 13 Active Directory Security
1. What Is Active Directory?
2. Structural Components of Active Directory
3. Domain Controllers
4. Default Security Through GPOs
5. Providing Security for Domains
6. Providing Security for Forests
7. Providing Security for Active Directory Objects
8. Providing Security for Domain Controllers
9. Summary
Chapter 14 Remote Access Security
1. What Is Remote Access?
2. Controlling Access
3. Authentication and Encryption Protocols
4. Virtual Private Networks
5. Example Implementations for Remote Access
6. Summary
Chapter 15 Auditing and Ongoing Security
1. Security Policies and Procedures
2. Auditing
3. Operating System Updates
4. Summary

Appendix A Sending Secure Email
1. What Is Secure Email?
2. How Does Secure Email Work?
3. Considerations for Secure Email
4. Secure Email Implementation
5. Summary
Colophon

Product Details

Title:

Securing Windows Server 2003

By:

Mike Danseglio

Publisher:

O'Reilly Media

Formats:

Print
Safari Books Online

Print Release:

November 2004

Pages:

448

Print ISBN:

978-0-596-00685-3

| ISBN 10:

0-596-00685-3

Customer Reviews

About the Author

Mike Danseglio

Mike Danseglio is a Program Manager in the Security Solutions group at Microsoft Corporation. He has worked in the areas of security and technology for the last decade. He holds several technical certifications including MCSE and CISSP. His work includes developing and teaching extensive security training on topics including cryptography, security technology, and attacks and countermeasures. His recent projects include writing security documentation for Windows XP and the Windows Server 2003 family as well as working on a host of white papers and articles. He also works on security feature development for Microsoft Windows.

View Mike Danseglio's full profile page.

Colophon

Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The animal on the cover of Securing Windows Server 2003 is a wandering albatross (Diomedea exulans). Named for its unique flying ability, the wandering albatross covers the Southern hemisphere by wing, landing only to mate and scavenge. In nonbreeding years, it has been known to circumnavigate the globe.

The largest of the seabirds, the wandering albatross can achieve a wingspan of almost 3.5 meters and can reach up to 1.35 meters in length. (Females are somewhat smaller than males.) From a distance, the bird appears entirely white, except for its pinkish beak. Viewed up close, however, it has fine black lines on its neck, breast, tail, and wingtips.

The wandering albatross can live up to 60 years. It matures at around 12 years of age. The albatross socializes and courts during its adolescent years, then mates for life. During its lifetime, it will breed every two years. Its preferred food and drink include saltwater, cuttlefish, squid, and food scraps cast off from ships.

An endangered species, the wandering albatross is threatened by surface longline fishing for tuna. The albatross may ingest baited hooks used in such fishing. Tending to follow sailing ships, the wandering albatross has been the inspiration for much marine folklore and poetry. Claire Cloutier was the production editor for Securing Windows Server 2003. Brian MacDonald was the developmental editor; Norma Emory was the copyeditor; and Linley Dolby was the proofreader. Linley Dolby, Philip Dangler, and Darren Kelly provided quality control. Caitrin McCullough, Marlowe Shaeffer, and Mary Agner provided production assistance. Judy Hoer wrote the index.

Emma Colby designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from the Dover Pictorial Archive. Emma Colby produced the cover layout with QuarkXPress 4.1 using Adobe's ITC Garamond font.

Melanie Wang designed the interior layout, based on a series design by David Futato. This book was converted by Joe Wizda to FrameMaker 5.5.6 with a format conversion tool created by Erik Ray, Jason McIntosh, Neil Walls, and Mike Sierra that uses Perl and XML technologies. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSans Mono Condensed. The illustrations that appear in the book were produced by Robert Romano and Jessamyn Read using Macromedia FreeHand MX and Adobe Photoshop CS. The tip and warning icons were drawn by Christopher Bing. This colophon was written by Meghan Lydon.

Service and support by Satisfaction

O'Reilly Books & Videos

Securing Windows Server 2003

Chapter 1 Introduction to Windows Server 2003 Security

What Is Security?

What Is Windows Server 2003?

Security Design in Windows Server 2003

Security Features in the Windows Server 2003 Family

Summary

Chapter 2 Basics of Computer Security

Why Computer Security Is Important

Security Enforcement Mechanisms

POLA: The Principle of Least Access

Key-Based Cryptography

Authorization and Authentication

Password Basics

Network Security

Keeping Your Eyes Open

Summary

Chapter 3 Physical Security

Identifying Physical Security Vulnerabilities

Protecting Physical Assets

Holistic Security: Best Practices

Summary

Chapter 4 File System Security

Protecting Files with NTFS File Permissions

Protecting Data with the Encrypting File System

Protecting System Information with Syskey

Summary

Chapter 5 Group Policy and Security Templates

What Is Group Policy?

How Group Policy Works

How Do Security Templates Work?

Using Group Policy to Enforce Security

Using Security Templates to Deploy Secure Configurations

Summary

Chapter 6 Running Secure Code

Identifying Secure Code

Driver Signing

Software Restriction Policies

Summary

Chapter 7 Authentication

LAN Manager and NTLM

Kerberos

Summary

Chapter 8 IP Security

What Is IP Security?

How Does IPSec Work?

Microsoft's Implementation of IPSec in Windows Server 2003

Using IPSec Correctly

Summary

Chapter 9 Certificates and Public Key Infrastructure

What Are Certificates?

What Do I Do with Certificates?

What Is a Certification Authority?

Deciding Between Public and Private Certification Authorities

Implementing a Public PKI

Planning Your Private Certification Hierarchy

Implementing a Private Certification Hierarchy

Maintaining Your Hierarchy

Summary

Chapter 10 Smart Card Technology

What Are Smart Cards?

Using Smart Cards

Summary

Chapter 11 DHCP and DNS Security

DHCP

DNS

DNS and DHCP Together

Summary

Chapter 12 Internet Information Services Security

What Is IIS?

How Does IIS Work?

Using IIS Securely

Summary

Chapter 13 Active Directory Security

What Is Active Directory?

Structural Components of Active Directory

Domain Controllers

Default Security Through GPOs

Providing Security for Domains