Marktplatzangebote
Ein Angebot für € 9,99 €
  • Broschiertes Buch

A revolutionary, soups-to-nuts approach to network security from two of Microsoft's leading security experts
The authors are the two most widely known security experts at Microsoft, and will be promoting this book extensively Provides a unique approach to network security, covering all seven layers of the Defense in Depth model Contains information on topics not covered in other books, such as Network Threat Modeling, the Defense in Depth Model, and security dependencies
Product Description While there are a lot of books available on network security, most of them take the approach of
…mehr

Produktbeschreibung
A revolutionary, soups-to-nuts approach to network security from two of Microsoft's leading security experts

The authors are the two most widely known security experts at Microsoft, and will be promoting this book extensively
Provides a unique approach to network security, covering all seven layers of the Defense in Depth model
Contains information on topics not covered in other books, such as Network Threat Modeling, the Defense in Depth Model, and security dependencies

Product Description
While there are a lot of books available on network security, most of them take
the approach of focusing on the attacks, on the hacks, and responding to those
on a one-by-one basis. This book does just the opposite, focusing on a holistic
approach to protecting your entire network. It covers all seven layers of the
Defense in Depth (DID) Model, as well as other material not covered in any
other books. DID refers to a system of combining defenses to provide added
protection. Since there are then multiple barriers between the attacker and the
attacked, this increases the level of security, and increases the cost of the attack
to the attacker. The authors are two senior members of Microsoft's Security
and Business Technology Unit (SBTU), and are among the most sought-after
speakers for security conferences. With security being such a strong focus at
Microsoft, this book is destined to become the standard guide for all network
administrators and architects who want to have the most secure Windows
network possible. Features + Benefits
A revolutionary, soups-to-nuts approach to network security from two of Microsoft's leading security experts

° The authors are the two most widely known security experts at Microsoft, and will be promoting this book extensively

° Provides a unique approach to network security, covering all seven layers of the Defense in Depth model

° Contains information on topics not covered in other books, such as Network Threat Modeling, the Defense in Depth Model, and security dependencies

Backcover
Praise for Protect Your Windows Network

Jesper and Steve have done an outstanding job of covering the myriad of issues you must deal with to implement an effective network security policy. If you care about security this book is a must have.
-Mark Russinovich, Chief Software Architect, Winternals Software

Johansson and Riley's new book presents complex issues in straightforward language, examining both the technical and business aspects of network security. As a result, this book is an important tutorial for those responsible for network security; and even non-technical business leaders would learn a lot about how to manage the business risk inherent in their dependence on information technology.
-Scott Charney, Vice President of Trustworthy Computing, Microsoft

These guys have a profound understanding of what it takes to implement secure solutions in the real world! Jesper and Steve have been doing security related work (pen testing, consulting, program management, etc.) internally at Microsoft and for Microsoft's customers for many years. As a result of their real-world experience, they understand that security threats don't confine themselves to the network or the operating system and that to deliver secure solutions, these issues must be tackled at all levels after all of the threats to the environment have been identified. This book distinguishes itself from others in this field in that it does a great job of explaining the threats at many levels (network, operating system, data, and application) and how to counter these threats. A must read for security practitioners!
-Robert Hensing, CISSP, Security Software Engineer-Security Business and Technology Unit, Microsoft Corporation, rhensing@microsoft.com

A good book should make you think. A good computer book should make you change how you are doing things in your network. I was fortunate enough to be setting up a new server as I read the book and incorporated many of the items discussed. The lessons in these chapters have relevance to networks large and small and blow through many of the myths surrounding computer security and guide you in making smarter security decisions. Too many times people focus in on just one aspect or part of a network's security and don't look at the bigger picture. These days I'm doing my very best to keep in mind the bigger picture of the forest (active directory notwithstanding), and not just looking at those trees.
-Susan Bradley, CPA, GSEC, MCP, Small Business Server MVP, http://www.msmvps.com/Bradley , sbradcpa@pacbell.net

Jesper Johansson and Steve Riley's Protect Your Windows Network is a must read for all organizations to gain practical insight and best practices to improve their overall security posture.
-Jon R. Wall, CISSP

Jesper and Steve are two excellent communicators who really know their stuff! If you want to learn more about how to protect yourself and your network, read this book and learn from these two guys!
-Richard Waymire

In order to protect your particular Windows network you need to understand how Windows security mechanisms really work. Protect Your Windows Network gives you an in-depth understanding of Windows security so that you use the security techniques that best map to your needs.
-Chris Wysopal, Director, Development, Symantec Corporation, http://www.symantec.com

Nowadays, a computer that is not connected to a network is fairly limited in its usefulness. At the same time, however, a networked computer is a prime target for criminals looking to take advantage of you and your systems. In this book, Jesper and Steve masterfully demonstrate the whys and hows of protecting and defending your network and its resources, providing invaluable insight and guidance that will help you to ensure your assets are more secure.
-Stephen Toub, Technical Editor, MSDN Magazine, stoub@microsoft.com

Security is more than knobs and switches. It is a mind set. Jesper Johansson and Steve Riley clearly understand this. Protect Your Windows Network is a great book on how you can apply this mind set to people, process, and technology to build and maintain more secure networks. This book is a must read for anyone responsible for protecting their organization's network.
-Ben Smith, Senior Security Strategist, Microsoft Corporation, Author of Microsoft Windows Security Resource Kit 2 and Assessing Network Security

Security is finally getting the mainstream exposure that it has always deserved; Johansson and Riley's book is a fine guide that can complement Microsoft's recent focus on security in the Windows-family operating systems.
-Kenneth Wehr, President, ColumbusFreenet.org

If you have not been able to attend one of the many security conferences around the world that Jesper and Steve presented, this book is the next best thing. They are two of the most popular speakers at Microsoft on Windows security. This is an informative book on how to make your Windows network more secure. Understanding the trade-offs between high security and functionality is a key concept that all Windows users should understand. If you're responsible for network security or an application developer, this book is a must.
-Kevin McDonnell, Microsoft

In this book, two senior members of Microsoft's Security Business and Technology Unit present a complete Defense in Depth model for protecting any Windows network-no matter how large or complex. Drawing on their work with hundreds of enterprise customers, they systematically address all three elements of a successful security program: people, processes, and technology.

Unlike security books that focus on individual attacks and countermeasures, this book shows how to address the problem holistically and in its entirety. Through hands-on examples and practical case studies, you will learn how to integrate multiple defenses-deterring attacks, delaying them, and increasing the cost to the attacker. Coverage includes

Improving security from the top of the network stack to the bottom

Understanding what you need to do right away and what can wait

Avoiding pseudo-solutions that offer a false sense of security

Developing effective security policies-and educating those pesky users

Beefing up your first line of defense: physical and perimeter security

Modeling threats and identifying security dependencies

Preventing rogue access from inside the network

Systematically hardening Windows servers and clients

Protecting client applications, server applications, and Web services

Addressing the unique challenges of small business network security

Authoritative and thorough, Protect Your Windows Network will be the standard Microsoft security guide for sysadmins, netadmins, security professionals, architects, and technical decision-makers alike.

© Copyright Pearson Education. All rights reserved.

Acknowledgments.

About the Authors.

Preface.

I. INTRODUCTION AND FUNDAMENTALS.

1. Introduction to Network Protection.

Why Would Someone Attack Me?

Nobody Will Ever Call You to Tell You How Well the Network Is Working

Introduction to the Defense-in-Depth Model

The Defender's Dilemma

Summary

What You Should Do Today

2. Anatomy of a Hack-The Rise and Fall of Your Network.

What a Penetration Test Will Not Tell You

Why You Need To Understand Hacking

Target Network

Network Footprinting

Initial Compromise

Elevating Privileges

Hacking Other Machines

Taking Over the Domain

Post-mortem

How to Get an Attacker Out of Your Network

Summary

What You Should Do Today

3. Rule Number 1: Patch Your Systems.

Patches Are a Fact of Life

Exercise Good Judgment

What Is a Patch?

Patch Management Is Risk Management

Tools to Manage Security Updates

Advanced Tips and Tricks

Slipstreaming

Summary

What You Should Do Today

II. POLICIES, PROCEDURES, AND USER AWARENESS.

4. Developing Security Policies.

Who Owns Developing Security Policy

What a Security Policy Looks Like

Why a Security Policy Is Necessary

Why So Many Security Policies Fail

Analyzing Your Security Needs to Develop _Appropriate Policies

How to Make Users Aware of Security Policies

Procedures to Enforce Policies

Dealing with Breaches of Policy

More Information

Summary

What You Should Do Today

5. Educating Those Pesky Users.

System Administration ? Security Administration

Securing People

The Problem

Protecting People

Plausibility + Dread + Novelty = Compromise

Things You Should Do Today

III. PHYSICAL AND PERIMETER SECURITY: THE FIRST LINE OF DEFENSE.

6. If You Do Not Have Physical Security, You Do Not Have Security.

But First, a Story

It's a Fundamental Law of Computer Security

The Importance of Physical Access Controls

Protecting Client PCs

The Case of the Stolen Laptop

The Family PC

No Security, Physical or Otherwise, Is Completely Foolproof

Things You Should Do Today

7. Protecting Your Perimeter.

The Objectives of Information Security

The Role of the Network

Start with (What's Left of) Your Border

Next, Use the Right Firewall

Then, Consider Your Remote Access Needs

Finally, Start Thinking About Deperimeterization

Things You Should Do Today

IV. PROTECTING YOUR NETWORK INSIDE THE PERIMETER.

8. Security Dependencies.

Introduction to Security Dependencies

Administrative Security Dependencies

Service Account Dependencies

Mitigating Service and Administrative Dependencies

Other Security Dependencies

Summary

What You Should Do Today

9. Network Threat Modeling.

Network Threat Modeling Process

Document Your Network

Segment Your Network

Restrict Access to Your Network

Summary

What You Should Do Today

10. Preventing Rogue Access Inside the Network.

The Myth of Network Sniffing

Network Protection at Layers 2 and 3

Using 802.1X for Network Protection

Using IPsec for Network Protection

Network Quarantine Systems

Summary

What You Should Do Today

11. Passwords and Other Authentication Mechanisms-The Last Line of Defense.

Introduction

Password Basics

Password History

What Administrators Need to Know About Passwords

Password Best Practices

Recommended Password Policy

Better Than Best Practices-Multifactor Authentication

Summary

What You Should Do Today

V. PROTECTING HOSTS.

12. Server and Client Hardening.

Security Configuration Myths

On to the Tweaks

Top 10 (or so) Server Security Tweaks

Top 10 (or so) Client Security Tweaks

The Caution List-Changes You Should Not Make

Security Configuration Tools

Summary

What You Should Do Today

VI. PROTECTING APPLICATIONS.

13. Protecting User Applications.

Patch Them!

Make Them Run As a Nonadmin

Turn Off Functionality

Restrict Browser Functionality

Attachment Manager

Spyware

Security Between Chair and Keyboard (SeBCAK)

Summary

What You Should Do Today

14. Protecting Services and Server Applications.

You Need a Healthy Disrespect for Your Computer

Rule 1: All Samples Are Evil

Three Steps to Lowering the Attack Surface

What About Service Accounts?

Privileges Your Services Do Not Need

Hardening SQL Server 2000

Hardening IIS 5.0 and 6.0

Summary

What You Should Do Today

15. Security for Small Businesses.

Protect Your Desktops and Laptops

Protect Your Servers

Protect Your Network

Keep Your Data Safe

Use the Internet Safely

Small Business Security Is No Different, Really

What You Should Do Today

16. Evaluating Application Security.

Caution: More Software May Be Hazardous to Your Network Health

Baseline the System

Things to Watch Out For

Summary

What You Should Do Today

VII. PROTECTING DATA.

17. Data-Protection Mechanisms.

Security Group Review

Access Control L
While there are a lot of books available on network security, most of them take

the approach of focusing on the attacks, on the hacks, and responding to those

on a one-by-one basis. This book does just the opposite, focusing on a holistic

approach to protecting your entire network. It covers all seven layers of the

Defense in Depth (DID) Model, as well as other material not covered in any

other books. DID refers to a system of combining defenses to provide added

protection. Since there are then multiple barriers between the attacker and the

attacked, this increases the level of security, and increases the cost of the attack

to the attacker. The authors are two senior members of Microsoft's Security

and Business Technology Unit (SBTU), and are among the most sought-after

speakers for security conferences. With security being such a strong focus at

Microsoft, this book is destined to become the standard guide for all network

administrators and architects who want to have the most secure Windows

network possible.