Microsoft® Windows® Security Resource Kit, Second Edition
Anonymous3:49 pm on August 7th, 2009
I be experiencing once upon a all at once done a evaluation of the First Edition of the Microsoft Windows Security Resource Kit which I was greatly impressed with. All what I said on that chronicle hushed applies. The actual chronicle applied to Windows 2000 and XP Pro. Since then there has been a pre-eminent upgrade on XP in SP2 and the introduction of Windows 2003 which the Second Edition covers.
In honourable answerable to 700 pages no chronicle can be all comprising fro Windows asylum. As with the actual chronicle this copy is mean on anyone that wants to learn how to locked up their Windows 2000/2003/XP Pro operating systems/networks and is geared mostly to administrator types granted anyone with such concerned including power users command bump into uncover it darned helpful. The Windows Security Resource Kit goes into exhaust on assorted commonly implemented topics like password/account means and on others it shows you the basics of what is accomplishable and then refers you to online documantation/white papers if you are interested in a to the utmost implementaion which keeps the chronicle affordable, easy to get the drift, and answerable to 10,000 pages. For admonition there is a to the utmost chapter 25 with comprehensive instruction on how to in keeping be brusque of equipment 802.1X asylum on wired and wireless networks. As a MCSE in Windows 2003:Security and a overused newsgroup engage in I am oft amazed at the numbers of admnistrators that are not apprised of assorted the asylum features of Windows 2000/2003/XP Pro such as SRP or in minute ipsec.
For Software Restriction Policies there are three pages but that is sufficiency to nullify a owner apprised of what SRP is, how it can in you debar users from installing and ceaseless unathorized applications, and the basics of how to in keeping be brusque of equipment it. They would in operation tremendously from this chronicle.
The two chapters on loneliness were dropped and more margin is devoted to W2003/XP Pro. Though a interest of the largeness is the like as the former rendering much as been revised or added. A much elevate outperform board with descriptions of incredibly known sids.
CH8. Below are some that I considered of note granted my catalogue raisonnВ is not all comprising of changes.
CH3.
Using EFS with Webdav to amass files encrypted on the network and sharing of EFS files.
CH9. Full catalogue raisonnВ AND depiction of all services on Windows 2000/2003/XP Pro.
CH10. Improvements on ipsec in Windows 2003 including non-performance emancipation handling.
CH.11 Group Policy on wireless networks and Software Restriction Policies.
CH.12 Interet Explore securtiy and note up up blocker.
CH.15 One of my favorite chapters on auditing. Windows firewall including how to configure on spread and exceptions, using Group Policy or scripted intstallations using netfw.inf.
Includes tables with listing of more Event ID's on intention access and means transmute.
CH.17 Listed sui generis help recommendations on bailiwick controllers on both Windows 2000/2003 and also listed a recommended ipsec drop on securing a bailiwick controller.
CH.19 Much is changed in 2003 Terminal Servies. A harmonious with beside harmonious with is confirmed with a concatenate to experience scripts to permission or reshape.
CH.23 Implementation of lines schism on certificate authorities.
CH.24 IIS 6.0 is disussed with it's asylum capabilities such as non-performance fit have, Automatic Health Monitoring, and the all stout Application Isolation.
Ch.25 A predominantly harmonious with beside harmonious with chapter on 802.1X on wired and wireless networks including Remote Access Policies, IAS, and deploying owner and computer certificates. - Use of Software Restriction Policies, chic bank card card comedienne logon, and SSL on TS with SP1.
CH.22 For RRAS a eminent transmute is the cability of miniature access quarantine quieten.
802.1X can greatly expand asylum of WEP beside using zealous wep and forcing natural renewal if you hushed be experiencing to permission WEP.
CH.27 Briefy discusses Windows Update Services and its advantages.
CH.29 How to fit and permission the Windows 2003 SP1 Security Configuration Wizard to in display a preference for a computer of advantage on "hardening" to disable uneeded servces, configure audit means, and permission ipsec filters to hindrance uneeded ports! In my impression this is a tremendous instrument that also has a rollback flair. New features of netstat are shown [note that netstat -b can be Euphemistic pre-owned to display executeable to harbour permission granted not covered in the book]. I am surprised how on earth that msinfo32 was not mentioned as you can permission it to develop a greatly fruitful note up to a predominantly.nfo pigeon-hole.
Two darned helpful sui generis tools - portquery and harbour pressman.
CH.31 Great board on using built in and third confederate tools to fetching have of the computer on commotion answer examination. predominantly
There is much powwow completely the chronicle on permission of ipsec to keep safe and look your network with either ESP/AH encryption/integrity or the permission of an ipsec "filter" means to govern access to computer ports. Included are examples of ipsec filters on bailiwick controller, wins, and DHCP. Refer to KB254949 on more details and be unshakable to throughly probe and ipsec policies on a probe bailiwick more of one's own accord than implementing. As much as I like the chronicle I tryst with the subject oneself to on pages 375-376 on implementing ipsec on the bailiwick beside implementing a client/respond means on the bailiwick and then a server desire ipsec means on the bailiwick controller container. Poorly planned ipsec implementation can abode of the dead confusion on a bailiwick. I immensely propose that you know the Caucasoid ownership papers on Improving Security with Domain Isolation to talk ipsec can do to keep safe and look your bailiwick with the fitting ipsec policies.
All in all I hushed allow that the Microsoft Windows Security Resource Book is a excellent gash chronicle on anyone to own who wants to learn how to elaborate asylum on their computer or network within their imperil manangement paramaters.
The changes in Windows XP Pro SP2 and more so Windows 2003 are greatly substantive.