Protect Your Windows Network: From Perimeter to Data (Microsoft Technology) - Softcover

Über die Autorin bzw. den Autor

Jesper M. Johansson, Microsoft's Senior Program Manager for Security Policy, is responsible for the tools Microsoft customers use to implement security policies, including the Security Configuration Wizard and Editor. A frequent speaker at leading security events, he holds a Ph.D. in MIS, as well as CISSP and ISSAP certification.

Steve Riley, Senior Program Manager in Microsoft's Security Business and Technology unit, specializes in network/host security, protocols, network design, and security policies and processes. He has conducted security assessments and risk analyses, deployed security technologies, and designed highly available network architectures for ISPs, ASPs, and major enterprises.

© Copyright Pearson Education. All rights reserved.

Von der hinteren Coverseite

Praise for Protect Your Windows Network

"Jesper and Steve have done an outstanding job of covering the myriad of issues you must deal with to implement an effective network security policy. If you care about security this book is a must have."
—Mark Russinovich, Chief Software Architect, Winternals Software

"Johansson and Riley's new book presents complex issues in straightforward language, examining both the technical and business aspects of network security. As a result, this book is an important tutorial for those responsible for network security; and even non-technical business leaders would learn a lot about how to manage the business risk inherent in their dependence on information technology.
—Scott Charney, Vice President of Trustworthy Computing, Microsoft

"These guys have a profound understanding of what it takes to implement secure solutions in the real world! Jesper and Steve have been doing security related work (pen testing, consulting, program management, etc.) internally at Microsoft and for Microsoft's customers for many years. As a result of their real-world experience, they understand that security threats don't confine themselves to "the network" or "the operating system" and that to deliver secure solutions, these issues must be tackled at all levels after all of the threats to the environment have been identified. This book distinguishes itself from others in this field in that it does a great job of explaining the threats at many levels (network, operating system, data, and application) and how to counter these threats. A must read for security practitioners!"
—Robert Hensing, CISSP, Security Software Engineer—Security Business and Technology Unit, Microsoft Corporation, rhensing@microsoft.com

"A good book should make you think. A good computer book should make you change how you are doing things in your network. I was fortunate enough to be setting up a new server as I read the book and incorporated many of the items discussed. The lessons in these chapters have relevance to networks large and small and blow through many of the myths surrounding computer security and guide you in making smarter security decisions. Too many times people focus in on just one aspect or part of a network's security and don't look at the bigger picture. These days I'm doing my very best to keep in mind the bigger picture of the forest (active directory notwithstanding), and not just looking at those trees."
—Susan Bradley, CPA, GSEC, MCP, Small Business Server MVP, http://www.msmvps.com/Bradley, sbradcpa@pacbell.net

"Jesper Johansson and Steve Riley's Protect Your Windows Network is a must read for all organizations to gain practical insight and best practices to improve their overall security posture."
—Jon R. Wall, CISSP

"Jesper and Steve are two excellent communicators who really know their stuff! If you want to learn more about how to protect yourself and your network, read this book and learn from these two guys!"
—Richard Waymire

"In order to protect your particular Windows network you need to understand how Windows security mechanisms really work. Protect Your Windows Network gives you an in-depth understanding of Windows security so that you use the security techniques that best map to your needs."
—Chris Wysopal, Director, Development, Symantec Corporation, http://www.symantec.com

"Nowadays, a computer that is not connected to a network is fairly limited in its usefulness. At the same time, however, a networked computer is a prime target for criminals looking to take advantage of you and your systems. In this book, Jesper and Steve masterfully demonstrate the whys and hows of protecting and defending your network and its resources, providing invaluable insight and guidance that will help you to ensure your assets are more secure."
—Stephen Toub, Technical Editor, MSDN Magazine, stoub@microsoft.com

"Security is more than knobs and switches. It is a mind set. Jesper Johansson and Steve Riley clearly understand this. Protect Your Windows Network is a great book on how you can apply this mind set to people, process, and technology to build and maintain more secure networks. This book is a must read for anyone responsible for protecting their organization's network."
—Ben Smith, Senior Security Strategist, Microsoft Corporation, Author of Microsoft Windows Security Resource Kit 2 and Assessing Network Security

"Security is finally getting the mainstream exposure that it has always deserved; Johansson and Riley's book is a fine guide that can complement Microsoft's recent focus on security in the Windows-family operating systems."
—Kenneth Wehr, President, ColumbusFreenet.org

"If you have not been able to attend one of the many security conferences around the world that Jesper and Steve presented, this book is the next best thing. They are two of the most popular speakers at Microsoft on Windows security. This is an informative book on how to make your Windows network more secure. Understanding the trade-offs between high security and functionality is a key concept that all Windows users should understand. If you're responsible for network security or an application developer, this book is a must."
—Kevin McDonnell, Microsoft

In this book, two senior members of Microsoft's Security Business and Technology Unit present a complete "Defense in Depth" model for protecting any Windows network—no matter how large or complex. Drawing on their work with hundreds of enterprise customers, they systematically address all three elements of a successful security program: people, processes, and technology.

Unlike security books that focus on individual attacks and countermeasures, this book shows how to address the problem holistically and in its entirety. Through hands-on examples and practical case studies, you will learn how to integrate multiple defenses—deterring attacks, delaying them, and increasing the cost to the attacker. Coverage includes

• Improving security from the top of the network stack to the bottom

• Understanding what you need to do right away and what can wait

• Avoiding "pseudo-solutions" that offer a false sense of security

• Developing effective security policies—and educating those pesky users

• Beefing up your first line of defense: physical and perimeter security

• Modeling threats and identifying security dependencies

• Preventing rogue access from inside the network

• Systematically hardening Windows servers and clients

• Protecting client applications, server applications, and Web services

• Addressing the unique challenges of small business network security

Authoritative and thorough, Protect Your Windows Network will be the standard Microsoft security guide for sysadmins, netadmins, security professionals, architects, and technical decision-makers alike.

© Copyright Pearson Education. All rights reserved.