BKWS2K3S.RVW 20060815 "Windows Server 2003 Security", Blair Rampling, 2003, 0-7645-4912-X, U$49.99/C$74.99/UK#34.95 %A Blair Rampling %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2003 %G 0-7645-4912-X %I John Wiley & Sons, Inc. %O U$49.99/C$74.99/UK#34.95 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/076454912X/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/076454912X/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/076454912X/robsladesin03-20 %O Audience i Tech 1 Writing 1 (see revfaq.htm for explanation) %P 577 p. %T "Windows Server 2003 Security" Part one addresses security fundamentals. Chapter one looks at security threats, drawing a distinction between insider and outsider activities, and listing a few attack types. (Interestingly, the piece starts out with the statement that the job of the security administrator is to apply patches and to monitor for intrusions.) The network and system security overview, in chapter two, enumerates the security components, but provides very little in the way of explanation. Security architecture planning, in chapter three, seems to be restricted to standardization and documentation. Documentation is always good, but standardization may not be: it increases the risk of a universal failure. (We also get the usual advice to disable "unnecessary" services, without any discussion of "necessary.") Chapter four covers the installation of various auditing tools, but without any examination of analysis requirements. Various security related components of Windows 2003 are listed in chapter five. Part two contains an overview of system security. Chapter six deals with the installation of some of the services mentioned in five. Security applications, in chapter seven, provides installation instructions, but limited details for security features of the IIS (Internet Information Services) Web server, ftp server, SMTP mail, and DNS. Part three moves to authentication and encryption. Chapter eight gives an introduction to random topics in security, and then deals with installation of EFS (Encrypting File System) and PGP (Pretty Good Privacy). How to turn on SSL (Secure Sockets Layer) for IIS and SMTP Server is outlined in chapter nine. "Windows Server 2003 Authentication" tells you how to initiate the use of smartcards and IIS certificates in chapter ten. Chapter eleven provides some setting information for Kerberos, but the fact that Rampling insists that Kerberos is based on asymmetric encryption makes the conceptual information rather suspect. Chapter twelve gives a terse overview of public key infrastructure. Screenshots of the dialogs for installing and configuring certificate services are in chapter thirteen. Chapter fourteen presents more pictures of starting Point-to-Point Tunnelling Protocol (PPTP) and Layer 2 Tunnelling Protocol (L2TP), but manages to leave the impression that these technologies give you encryption protection. IPSec, in chapter fifteen, gets more figures and little explanation. Part four looks at the Microsoft Internet Security and Acceleration (ISA) Server firewall. Chapter sixteen lists various firewall and cache functions. Installation, in chapter seventeen, is the usual series of screenshots. Caching is covered in eighteen. This is the usual "documentation replacement" type of text. In regard to security, it does bring together the major functions from Windows 2003 into one volume, but provides no additional help (and numerous errors). copyright Robert M. Slade, 2006 BKWS2K3S.RVW 20060815