Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Windows Server 2003 Security", Blair Rampling

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Windows Server 2003 Security", Blair Rampling
Date: Thu, 07 Sep 2006 09:14:08 -0800 
BKWS2K3S.RVW   20060815

"Windows Server 2003 Security", Blair Rampling, 2003, 0-7645-4912-X,
U$49.99/C$74.99/UK#34.95
%A   Blair Rampling
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2003
%G   0-7645-4912-X
%I   John Wiley & Sons, Inc.
%O   U$49.99/C$74.99/UK#34.95 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/076454912X/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/076454912X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/076454912X/robsladesin03-20
%O   Audience i Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   577 p.
%T   "Windows Server 2003 Security"

Part one addresses security fundamentals.  Chapter one looks at
security threats, drawing a distinction between insider and outsider
activities, and listing a few attack types.  (Interestingly, the piece
starts out with the statement that the job of the security
administrator is to apply patches and to monitor for intrusions.)  The
network and system security overview, in chapter two, enumerates the
security components, but provides very little in the way of
explanation.  Security architecture planning, in chapter three, seems
to be restricted to standardization and documentation.  Documentation
is always good, but standardization may not be: it increases the risk
of a universal failure.  (We also get the usual advice to disable
"unnecessary" services, without any discussion of "necessary.") 
Chapter four covers the installation of various auditing tools, but
without any examination of analysis requirements.  Various security
related components of Windows 2003 are listed in chapter five.

Part two contains an overview of system security.  Chapter six deals
with the installation of some of the services mentioned in five. 
Security applications, in chapter seven, provides installation
instructions, but limited details for security features of the IIS
(Internet Information Services) Web server, ftp server, SMTP mail, and
DNS.

Part three moves to authentication and encryption.  Chapter eight
gives an introduction to random topics in security, and then deals
with installation of EFS (Encrypting File System) and PGP (Pretty Good
Privacy).  How to turn on SSL (Secure Sockets Layer) for IIS and SMTP
Server is outlined in chapter nine.  "Windows Server 2003
Authentication" tells you how to initiate the use of smartcards and
IIS certificates in chapter ten.  Chapter eleven provides some setting
information for Kerberos, but the fact that Rampling insists that
Kerberos is based on asymmetric encryption makes the conceptual
information rather suspect.  Chapter twelve gives a terse overview of
public key infrastructure.  Screenshots of the dialogs for installing
and configuring certificate services are in chapter thirteen.  Chapter
fourteen presents more pictures of starting Point-to-Point Tunnelling
Protocol (PPTP) and Layer 2 Tunnelling Protocol (L2TP), but manages to
leave the impression that these technologies give you encryption
protection.  IPSec, in chapter fifteen, gets more figures and little
explanation.

Part four looks at the Microsoft Internet Security and Acceleration
(ISA) Server firewall.  Chapter sixteen lists various firewall and
cache functions.  Installation, in chapter seventeen, is the usual
series of screenshots.  Caching is covered in eighteen.

This is the usual "documentation replacement" type of text.  In regard
to security, it does bring together the major functions from Windows
2003 into one volume, but provides no additional help (and numerous
errors).

copyright Robert M. Slade, 2006   BKWS2K3S.RVW   20060815


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
               That thought got run over as it was crossing my mind.
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


------------------------ Yahoo! Groups Sponsor --------------------~--> 
See what's inside the new Yahoo! Groups email.
http://us.click.yahoo.com/3EuRwD/bOaOAA/yQLSAA/kgFolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Windows Server 2003 Security", Blair Rampling, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "Scene of the Cybercrime: Computer Forensics Handbook", Debra Littlejohn Shinder, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] CISSP tips to pass exam without wasting time, debbie christofferson
Previous by Thread:  [CISSP-D] REVIEW: "Scene of the Cybercrime: Computer Forensics Handbook", Debra Littlejohn Shinder, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] CISSP tips to pass exam without wasting time, debbie christofferson
Indexes:  [Date] [Thread] [Top] [All Lists]