Microsoft® Windows® Security
Resource Kit, Second Edition by The
Microsoft Security Team
Terrific Update To Excellent Security Guide!
Fully updated and revised, this official Microsoft Resource Kit delivers the
in-depth information and tools you need to plan and implement a
comprehensive security-management strategy for Windows-based clients,
servers, and networks. Security experts Ben Smith and Brian Komar,
working in conjunction with the Microsoft Security Team, explain how to
plan and implement a comprehensive security management strategy,
assess security threats and vulnerabilities, configure system security
features, monitor and respond to security events, and effectively apply
security technologies and best practices. Updates for the Second Edition
include the latest information on Windows XP Service Pack 2, Windows
Server 2003 Service Pack 1, and security features for Microsoft Office. The
kit also provides must-have tools, scripts, templates, and other key
resources.

Personal Review: Microsoft® Windows® Security Resource Kit,
Second Edition by The Microsoft Security Team
I have previously done a review of the First Edition of the Microsoft
Windows Security Resource Kit which I was very impressed with. All what I
said for that book still applies. The first book applied to Windows 2000 and
XP Pro. Since then there has been a major upgrade for XP in SP2 and the
introduction of Windows 2003 which the Second Edition covers. As with
the first book this edition is great for anyone that wants to learn how to
secure their Windows 2000/2003/XP Pro operating systems/networks and
is geared mostly to administrator types though anyone with such interest
including power users will find it extremely helpful.
In just under 700 pages no book can be all inclusive about Windows
security. The Windows Security Resource Kit goes into detail on many
commonly implemented topics like password/account policy and on others
it shows you the basics of what is possible and then refers you to online
documantation/white papers if you are interested in a full implementaion
which keeps the book affordable, readable, and under 10,000 pages. For
example there is a full chapter 25 with detailed instruction on how to
implement 802.1X security for wired and wireless networks. For Software
Restriction Policies there are three pages but that is enough to make a
user aware of what SRP is, how it can help you prevent users from
installing and running unathorized applications, and the basics of how to
implement it. As a MCSE in Windows 2003:Security and a common
newsgroup participant I am often amazed at the number of admnistrators
that are not aware of many the security features of Windows
2000/2003/XP Pro such as SRP or in particular ipsec. They would benefit
tremendously from this book.
The two chapters on privacy were dropped and more room is devoted to
W2003/XP Pro. Though a lot of the content is the same as the previous
version much as been revised or added. Below are some that I considered
of note though my list is not all inclusive of changes.
CH3. A much better table with descriptions of well known sids.
CH8. Using EFS with Webdav to keep files encrypted on the network and
sharing of EFS files.
CH9. Full list AND description of all services for Windows 2000/2003/XP
Pro.
CH10. Windows firewall including how to configure for scope and
exceptions, using Group Policy or scripted intstallations using netfw.inf.
Improvements for ipsec in Windows 2003 including default exemption
handling.
CH.11 Group Policy for wireless networks and Software Restriction
Policies.
CH.12 Interet Explore securtiy and pop up blocker.
CH.15 One of my favorite chapters on auditing. Includes tables with listing
of more Event ID's for object access and policy change.

CH.17 Listed specific service recommendations for domain controllers for
both Windows 2000/2003 and also listed a recommended ipsec filter for
securing a domain controller.
CH.19 Much is changed in 2003 Terminal Servies. - Use of Software
Restriction Policies, smart card logon, and SSL for TS with SP1.
CH.22 For RRAS a big change is the cability of remote access quarantine
control. A step by step is given with a link to sample scripts to use or
modify.
CH.23 Implementation of role separation for certificate authorities.
CH.24 IIS 6.0 is disussed with it's security capabilities such as default
install state, Automatic Health Monitoring, and the all important Application
Isolation.
Ch.25 A whole step by step chapter on 802.1X for wired and wireless
networks including Remote Access Policies, IAS, and deploying user and
computer certificates. 802.1X can greatly increase security of WEP by
using dynamic wep and forcing key renewal if you still have to use WEP.
CH.27 Briefy discusses Windows Update Services and its advantages.
CH.29 How to install and use the Windows 2003 SP1 Security
Configuration Wizard to help select a computer profile for "hardening" to
disable uneeded servces, configure audit policy, and use ipsec filters to
block uneeded ports! In my opinion this is a tremendous tool that also has
a rollback capability. New features of netstat are shown [note that netstat -
b can be used to show executeable to port use though not covered in the
book]. Two extremely helpful new tools - portquery and port reporter.
CH.31 Great table on using built in and third party tools to capture state of
the computer for incident response investigation. I am surprised however
that msinfo32 was not mentioned as you can use it to generate a very
useful report to a .nfo file.
There is much discussion throughout the book on use of ipsec to protect
your network with either ESP/AH encryption/integrity or the use of an ipsec
"filter" policy to manage access to computer ports. Included are examples
of ipsec filters for domain controller, wins, and DHCP. As much as I like the
book I disagree with the recommendation on pages 375-376 on
implementing ipsec for the domain by implementing a client/respond policy
for the domain and then a server require ipsec policy for the domain
controller container. Refer to KB254949 for more details and be sure to
throughly test and ipsec policies on a test domain before implementing.
Poorly planned ipsec implementation can cause havoc on a domain. I
highly recommend that you read the white paper on Improving Security
with Domain Isolation to see ipsec can do to protect your domain with the
proper ipsec policies.
All in all I still believe that the Microsoft Windows Security Resource Book
is a top notch book for anyone to own who wants to learn how to maximize
security on their computer or network within their risk manangement
paramaters. The changes in Windows XP Pro SP2 and more so Windows
2003 are very significant. If you already own the First Edtition but have

upgraded to Windows 2003 or want to learn more about how Windows
2003 can improve your security then this book is for you.
For More 5 Star Customer Reviews and Lowest Price:
Microsoft® Windows® Security Resource Kit, Second Edition by The Microsoft
Security Team 5 Star Customer Reviews and Lowest Price!