Geeks With Blogs

News View David Douglass's profile on LinkedIn

My Presentations
David Douglass .NET on My Mind

Windows Server 2003 Security

Roberta Bragg

4 stars (out of 5)

 

This book covers a wide range of security topics:

 

  • authentication & authorization
  • application security
  • NTFS security and EFS (encrypting file system)
  • active directory
  • public key infrastructure
  • remote access, IPSec, & SSL
  • patching and support
  • backups
  • auditing & monitoring

 

Three types of information are covered: background on how security technologies work, how to implement security, and management processes.

 

The book works best in the first two areas.  Good background information and detailed instructions are given on how to configure Windows Server 2003, often for obscure and difficult topics such as creating a root certificate authority.  Other highlights include:

 

  • discussion of lesser known tools, often from the resource or deployment kit
  • coverage of authorization manager
  • coverage of software restriction policies
  • discussion of all the ins and outs of backups (you might be surprised how complicated this can get)

 

One missing item is .NET code access security, which isn't covered at all.  The section on IIS security is lacking.

 

The biggest problem with the book is the excessive lecturing about best practices and process.  For example:

 

"A backup policy provides the information detailing the what, who, when, and where of information systems backups. Standards designate the current approved backup programs and methodologies that will be used. Procedures detail the steps that must be taken to fulfill the policies and meet the standards."

 

And on and on.  A lot of ink is spilt to say in a thousand different ways 'do things in an organized fashion'.  You'd never get around to implementing security if you took all the process and best practice material literally.

Posted on Sunday, March 19, 2006 2:29 PM | Back to top


Comments on this post: Book Review – Windows Server 2003 Security

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © David Douglass | Powered by: GeeksWithBlogs.net