REVIEW: "Windows Server 2003 Security", Blair Rampling
- BKWS2K3S.RVW 20060815
"Windows Server 2003 Security", Blair Rampling, 2003, 0-7645-4912-X,
%A Blair Rampling
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O U$49.99/C$74.99/UK#34.95 416-236-4433 fax: 416-236-4448
%O Audience i Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 577 p.
%T "Windows Server 2003 Security"
Part one addresses security fundamentals. Chapter one looks at
security threats, drawing a distinction between insider and outsider
activities, and listing a few attack types. (Interestingly, the piece
starts out with the statement that the job of the security
administrator is to apply patches and to monitor for intrusions.) The
network and system security overview, in chapter two, enumerates the
security components, but provides very little in the way of
explanation. Security architecture planning, in chapter three, seems
to be restricted to standardization and documentation. Documentation
is always good, but standardization may not be: it increases the risk
of a universal failure. (We also get the usual advice to disable
"unnecessary" services, without any discussion of "necessary.")
Chapter four covers the installation of various auditing tools, but
without any examination of analysis requirements. Various security
related components of Windows 2003 are listed in chapter five.
Part two contains an overview of system security. Chapter six deals
with the installation of some of the services mentioned in five.
Security applications, in chapter seven, provides installation
instructions, but limited details for security features of the IIS
(Internet Information Services) Web server, ftp server, SMTP mail, and
Part three moves to authentication and encryption. Chapter eight
gives an introduction to random topics in security, and then deals
with installation of EFS (Encrypting File System) and PGP (Pretty Good
Privacy). How to turn on SSL (Secure Sockets Layer) for IIS and SMTP
Server is outlined in chapter nine. "Windows Server 2003
Authentication" tells you how to initiate the use of smartcards and
IIS certificates in chapter ten. Chapter eleven provides some setting
information for Kerberos, but the fact that Rampling insists that
Kerberos is based on asymmetric encryption makes the conceptual
information rather suspect. Chapter twelve gives a terse overview of
public key infrastructure. Screenshots of the dialogs for installing
and configuring certificate services are in chapter thirteen. Chapter
fourteen presents more pictures of starting Point-to-Point Tunnelling
Protocol (PPTP) and Layer 2 Tunnelling Protocol (L2TP), but manages to
leave the impression that these technologies give you encryption
protection. IPSec, in chapter fifteen, gets more figures and little
Part four looks at the Microsoft Internet Security and Acceleration
(ISA) Server firewall. Chapter sixteen lists various firewall and
cache functions. Installation, in chapter seventeen, is the usual
series of screenshots. Caching is covered in eighteen.
This is the usual "documentation replacement" type of text. In regard
to security, it does bring together the major functions from Windows
2003 into one volume, but provides no additional help (and numerous
copyright Robert M. Slade, 2006 BKWS2K3S.RVW 20060815
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
That thought got run over as it was crossing my mind.
Dictionary of Information Security www.syngress.com/catalog/?pid=4150