O’Reilly news

"Securing Windows Server 2003": Hands-On Advice for Securing and Implementing Windows Server 2003

December 21, 2004

Sebastopol, CA--Microsoft Windows Server 2003 is more than just a thoroughly modern PC-based server operating system. The product arrives loaded with a host of user and network services used by customers whose installations range from departmental servers to global enterprise networks. Unfortunately, each service has its own vulnerabilities. It's no wonder that security is of foremost concern to most system administrators.

"Security is one of the primary functions of any server-based operating system," says security expert Mike Danseglio, author of Securing Windows Server 2003 (O'Reilly, US $39.95). "Without security, any user or program could do anything to your servers--and wreak havoc on your ability to effectively manage the environment." A security administrator wants to provide functionality and security to users without burdening them or restricting them in a way that hinders their work. "This is the mark of a great security administrator," says Danseglio. "The ability to successfully balance the security of proprietary and personal data and the usability of your system in a way that maximizes the productivity of your organization." An elusive goal to many, it is by no means unattainable; with Danseglio's book, system administrators learn how they can do exactly that.

"I saw a gap in the security knowledge available to the public," reflects Danseglio. "Microsoft tells people how things work at a very atomic level--this setting does this, that feature does that. They never really discuss how to make technology work in a real-world, scenario-based situation. I wanted to change that and give the reader the opportunity to apply these technologies to their problems."

The book provides readers with a concise overview of each service in Windows Server 2003, its most common patterns of use, and specific guidelines for making it secure. A unique feature of "Securing Windows Server 2003" is the Security Showdown technique the author uses to present different approaches to security questions. "This is a point-counterpoint debate between myself and a semi-fictional coworker, Don. I use it several times throughout the book to show that some debates about security methodologies and techniques are not easily answered. Some of them are so contentious that they seem like religious debates at times," explains Danseglio.

"You should understand that security-focused individuals tend to have opinions about security and that they like to argue with people who hold different values," he continues. "These are good-natured and often help explain both positions. So please read these sections as I've intended, as an open discussion of the merits and hazards of multiple tactics to achieve the same goal."

Throughout the book, Danseglio uses hands-on examples to illustrate methods of planning and implementing a secure operating environment. The book provides full coverage of the following topics:

  • Understanding the capabilities of the Windows Server 2003 system
  • Learning the basics of security, from encryption to account password protection
  • Derailing low-tech intrusions by making systems physically secure and by using smart cards
  • Securing Active Directory and using Group Policy and Security Templates as security tools
  • Securing the core Windows Server 2003 networking services, including DNS, DHCP, IIS, IPSec, and remote access
  • Using Windows Server 2003 authentication and authorization protocols, including Kerberos, PKI-based cryptography, and certification-based cryptography
  • Solving the knotty problems of patch and update management, and implementing administrative security and auditing
  • Stopping bad programs from running on your server
  • The book can be read cover-to-cover to create and implement a security plan, or individual chapters can function as stand-alone lessons. Either way, Securing Windows Server 2003 will guide system administrators safely through the morass of today's security threats.

    Early praise for Securing Windows Server 2003:

    "A 'must read' for all Windows Server 2003 administrators who care about creating secured networks."
    --Michael Howard, Security Engineering, Microsoft Corporation and coauthor of Writing Secure Code

    "You'll find yourself referring back to Danseglio's easy-to-read advice so frequently, you'll wish the book had been printed on durable plastic sheets. Real-world, accurate, and definitely practical."
    --Don Jones, author of Microsoft Windows Server 2003 Delta Guide, speaker, Microsoft MVP, and founder of Braincore.net

    Additional Resources:

    Securing Windows Server 2003
    Mike Danseglio
    ISBN: 0-596-00685-3, 426 pages, $39.95 US, $57.95 CA
    order@oreilly.com
    1-800-998-9938; 1-707-827-7000

    About O’Reilly

    O’Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O’Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying “faint signals” from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

    Email a link to this press release