Press Release: December 21, 2004
"Securing Windows Server 2003": Hands-On Advice for Securing and Implementing Windows Server 2003
Sebastopol, CA--Microsoft Windows Server 2003 is more than just a thoroughly modern PC-based server operating system. The product arrives loaded with a host of user and network services used by customers whose installations range from departmental servers to global enterprise networks. Unfortunately, each service has its own vulnerabilities. It's no wonder that security is of foremost concern to most system administrators.
"Security is one of the primary functions of any server-based operating system," says security expert Mike Danseglio, author of Securing Windows Server 2003 (O'Reilly, US $39.95). "Without security, any user or program could do anything to your servers--and wreak havoc on your ability to effectively manage the environment." A security administrator wants to provide functionality and security to users without burdening them or restricting them in a way that hinders their work. "This is the mark of a great security administrator," says Danseglio. "The ability to successfully balance the security of proprietary and personal data and the usability of your system in a way that maximizes the productivity of your organization." An elusive goal to many, it is by no means unattainable; with Danseglio's book, system administrators learn how they can do exactly that.
"I saw a gap in the security knowledge available to the public," reflects Danseglio. "Microsoft tells people how things work at a very atomic level--this setting does this, that feature does that. They never really discuss how to make technology work in a real-world, scenario-based situation. I wanted to change that and give the reader the opportunity to apply these technologies to their problems."
The book provides readers with a concise overview of each service in Windows Server 2003, its most common patterns of use, and specific guidelines for making it secure. A unique feature of "Securing Windows Server 2003" is the Security Showdown technique the author uses to present different approaches to security questions. "This is a point-counterpoint debate between myself and a semi-fictional coworker, Don. I use it several times throughout the book to show that some debates about security methodologies and techniques are not easily answered. Some of them are so contentious that they seem like religious debates at times," explains Danseglio.
"You should understand that security-focused individuals tend to have opinions about security and that they like to argue with people who hold different values," he continues. "These are good-natured and often help explain both positions. So please read these sections as I've intended, as an open discussion of the merits and hazards of multiple tactics to achieve the same goal."
Throughout the book, Danseglio uses hands-on examples to illustrate methods of planning and implementing a secure operating environment. The book provides full coverage of the following topics:
The book can be read cover-to-cover to create and implement a security plan, or individual chapters can function as stand-alone lessons. Either way, Securing Windows Server 2003 will guide system administrators safely through the morass of today's security threats.
Early praise for Securing Windows Server 2003:
"A 'must read' for all Windows Server 2003 administrators who care about creating secured networks."
--Michael Howard, Security Engineering, Microsoft Corporation and coauthor of Writing Secure Code
"You'll find yourself referring back to Danseglio's easy-to-read advice so frequently, you'll wish the book had been printed on durable plastic sheets. Real-world, accurate, and definitely practical."
--Don Jones, author of Microsoft Windows Server 2003 Delta Guide, speaker, Microsoft MVP, and founder of Braincore.net
- Chapter 4, "File System Security"
- More information about the book, including table of contents, index, author bio, and samples
- A cover graphic in JPEG format
For almost 40 years, O’Reilly Media has provided technology and business training, knowledge, and insight to help companies succeed. Our unique network of experts and innovators share their knowledge and expertise through the company’s Safari training and learning platform and at O’Reilly conferences. As a SaaS learning platform, Safari delivers highly topical and comprehensive technology and business learning solutions to millions of users across enterprise, consumer, and university channels. For more information visit oreilly.com.
Return to: O'Reilly Press Room