earlybirdhw2015 Hier klicken mrp_family lagercrantz Cloud Drive Photos WHDsFly Learn More praktisch HI_PROJECT Fire HD 6 Shop Kindle Sparpaket Autorip SummerSale
  • Alle Preisangaben inkl. MwSt.
Nur noch 1 auf Lager (mehr ist unterwegs).
Verkauf und Versand durch Amazon.
Geschenkverpackung verfügbar.
Protect Your Windows Netw... ist in Ihrem Einkaufwagen hinzugefügt worden
+ EUR 3,00 Versandkosten
Gebraucht: Sehr gut | Details
Verkauft von worldofbooksde
Zustand: Gebraucht: Sehr gut
Kommentar: The book has been read, but is in excellent condition. Pages are intact and not marred by notes or highlighting. The spine remains undamaged.
Möchten Sie verkaufen?
Zur Rückseite klappen Zur Vorderseite klappen
Hörprobe Wird gespielt... Angehalten   Sie hören eine Hörprobe des Audible Hörbuch-Downloads.
Mehr erfahren
Dieses Bild anzeigen

Protect Your Windows Network: From Perimeter to Data (Microsoft Technology) (Englisch) Taschenbuch – 20. Mai 2005

1 Kundenrezension

Alle Formate und Ausgaben anzeigen Andere Formate und Ausgaben ausblenden
Amazon-Preis Neu ab Gebraucht ab
"Bitte wiederholen"
EUR 62,60
EUR 33,21 EUR 6,52
6 neu ab EUR 33,21 9 gebraucht ab EUR 6,52
Jeder kann Kindle Bücher lesen — selbst ohne ein Kindle-Gerät — mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.


  • Taschenbuch: 578 Seiten
  • Verlag: Addison Wesley; Auflage: Pap/Cdr (20. Mai 2005)
  • Sprache: Englisch
  • ISBN-10: 0321336437
  • ISBN-13: 978-0321336439
  • Größe und/oder Gewicht: 16,5 x 3,6 x 23,1 cm
  • Durchschnittliche Kundenbewertung: 5.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)
  • Amazon Bestseller-Rang: Nr. 466.479 in Fremdsprachige Bücher (Siehe Top 100 in Fremdsprachige Bücher)
  • Komplettes Inhaltsverzeichnis ansehen

Mehr über den Autor

Entdecken Sie Bücher, lesen Sie über Autoren und mehr



While there are a lot of books available on network security, most of them take the approach of focusing on the attacks, on the hacks, and responding to those on a one-by-one basis. This book does just the opposite, focusing on a holistic approach to protecting your entire network. It covers all seven layers of the Defense in Depth (DID) Model, as well as other material not covered in any other books. DID refers to a system of combining defenses to provide added protection. Since there are then multiple barriers between the attacker and the attacked, this increases the level of security, and increases the cost of the attack to the attacker. The authors are two senior members of Microsoft's Security and Business Technology Unit (SBTU), and are among the most sought-after speakers for security conferences. With security being such a strong focus at Microsoft, this book is destined to become the standard guide for all network administrators and architects who want to have the most secure Windows network possible.


Praise for Protect Your Windows Network

"Jesper and Steve have done an outstanding job of covering the myriad of issues you must deal with to implement an effective network security policy. If you care about security this book is a must have."
—Mark Russinovich, Chief Software Architect, Winternals Software

"Johansson and Riley's new book presents complex issues in straightforward language, examining both the technical and business aspects of network security. As a result, this book is an important tutorial for those responsible for network security; and even non-technical business leaders would learn a lot about how to manage the business risk inherent in their dependence on information technology.
—Scott Charney, Vice President of Trustworthy Computing, Microsoft

"These guys have a profound understanding of what it takes to implement secure solutions in the real world! Jesper and Steve have been doing security related work (pen testing, consulting, program management, etc.) internally at Microsoft and for Microsoft's customers for many years. As a result of their real-world experience, they understand that security threats don't confine themselves to "the network" or "the operating system" and that to deliver secure solutions, these issues must be tackled at all levels after all of the threats to the environment have been identified. This book distinguishes itself from others in this field in that it does a great job of explaining the threats at many levels (network, operating system, data, and application) and how to counter these threats. A must read for security practitioners!"
—Robert Hensing, CISSP, Security Software Engineer—Security Business and Technology Unit, Microsoft Corporation, rhensing@microsoft.com

"A good book should make you think. A good computer book should make you change how you are doing things in your network. I was fortunate enough to be setting up a new server as I read the book and incorporated many of the items discussed. The lessons in these chapters have relevance to networks large and small and blow through many of the myths surrounding computer security and guide you in making smarter security decisions. Too many times people focus in on just one aspect or part of a network's security and don't look at the bigger picture. These days I'm doing my very best to keep in mind the bigger picture of the forest (active directory notwithstanding), and not just looking at those trees."
—Susan Bradley, CPA, GSEC, MCP, Small Business Server MVP, http://www.msmvps.com/Bradley, sbradcpa@pacbell.net

"Jesper Johansson and Steve Riley's Protect Your Windows Network is a must read for all organizations to gain practical insight and best practices to improve their overall security posture."
—Jon R. Wall, CISSP

"Jesper and Steve are two excellent communicators who really know their stuff! If you want to learn more about how to protect yourself and your network, read this book and learn from these two guys!"
—Richard Waymire

"In order to protect your particular Windows network you need to understand how Windows security mechanisms really work. Protect Your Windows Network gives you an in-depth understanding of Windows security so that you use the security techniques that best map to your needs."
—Chris Wysopal, Director, Development, Symantec Corporation, http://www.symantec.com

"Nowadays, a computer that is not connected to a network is fairly limited in its usefulness. At the same time, however, a networked computer is a prime target for criminals looking to take advantage of you and your systems. In this book, Jesper and Steve masterfully demonstrate the whys and hows of protecting and defending your network and its resources, providing invaluable insight and guidance that will help you to ensure your assets are more secure."
—Stephen Toub, Technical Editor, MSDN Magazine, stoub@microsoft.com

"Security is more than knobs and switches. It is a mind set. Jesper Johansson and Steve Riley clearly understand this. Protect Your Windows Network is a great book on how you can apply this mind set to people, process, and technology to build and maintain more secure networks. This book is a must read for anyone responsible for protecting their organization's network."
—Ben Smith, Senior Security Strategist, Microsoft Corporation, Author of Microsoft Windows Security Resource Kit 2 and Assessing Network Security

"Security is finally getting the mainstream exposure that it has always deserved; Johansson and Riley's book is a fine guide that can complement Microsoft's recent focus on security in the Windows-family operating systems."
—Kenneth Wehr, President, ColumbusFreenet.org

"If you have not been able to attend one of the many security conferences around the world that Jesper and Steve presented, this book is the next best thing. They are two of the most popular speakers at Microsoft on Windows security. This is an informative book on how to make your Windows network more secure. Understanding the trade-offs between high security and functionality is a key concept that all Windows users should understand. If you're responsible for network security or an application developer, this book is a must."
—Kevin McDonnell, Microsoft

In this book, two senior members of Microsoft's Security Business and Technology Unit present a complete "Defense in Depth" model for protecting any Windows network—no matter how large or complex. Drawing on their work with hundreds of enterprise customers, they systematically address all three elements of a successful security program: people, processes, and technology.

Unlike security books that focus on individual attacks and countermeasures, this book shows how to address the problem holistically and in its entirety. Through hands-on examples and practical case studies, you will learn how to integrate multiple defenses—deterring attacks, delaying them, and increasing the cost to the attacker. Coverage includes

  • Improving security from the top of the network stack to the bottom

  • Understanding what you need to do right away and what can wait

  • Avoiding "pseudo-solutions" that offer a false sense of security

  • Developing effective security policies—and educating those pesky users

  • Beefing up your first line of defense: physical and perimeter security

  • Modeling threats and identifying security dependencies

  • Preventing rogue access from inside the network

  • Systematically hardening Windows servers and clients

  • Protecting client applications, server applications, and Web services

  • Addressing the unique challenges of small business network security

Authoritative and thorough, Protect Your Windows Network will be the standard Microsoft security guide for sysadmins, netadmins, security professionals, architects, and technical decision-makers alike.

© Copyright Pearson Education. All rights reserved.

Alle Produktbeschreibungen


5.0 von 5 Sternen
5 Sterne
4 Sterne
3 Sterne
2 Sterne
1 Sterne
Siehe die Kundenrezension
Sagen Sie Ihre Meinung zu diesem Artikel

Die hilfreichsten Kundenrezensionen

3 von 3 Kunden fanden die folgende Rezension hilfreich Von Nicole Jörgens am 24. November 2005
Format: Taschenbuch
Eigentlich muss man Jesper und Steve live erlebt haben. Da sie aber nur selten in der Nähe weilen, geht ersatzweise auch das Buch. ;-)
Unsinn - dieses Buch ist ein absolutes Muss für jeden, der sich mit IT-Sicherheit befasst. Und erst recht für jeden, der sich bislang noch nicht damit befasst. Obwohl das Buch sich im Titel auf Windows-Netzwerke bezieht, ist der größte Teil des Inhalts betriebssystemübergreifend. Der Grund dafür ist der ganzheitliche Ansatz, den Jesper und Steve verfolgen: IT-Sicherheit ist keine Frage von Firewalls, Virenscannern oder anderen Produkten. Es ist eine Frage der Grundhaltung zum System, und buchstäblich jeder Nutzer muss an der Sicherheit teilhaben. Warum das so ist und wie man (insbesondere) als IT-Profi damit umgeht, steht in diesem Buch.
Schön dabei: Jesper und Steve wenden ihre (selbst-)ironische Art auch in dem Buch an. Das schmälert nicht den Gewinn, sondern erhöht ihn.
Und: Die Buch-CD liefert nicht irgendwelchen Kram, sondern einige coole Tools aus der Feder der Autoren.
Kaufen. Lesen. Anwenden!
Kommentar War diese Rezension für Sie hilfreich? Ja Nein Feedback senden...
Vielen Dank für Ihr Feedback. Wenn diese Rezension unangemessen ist, informieren Sie uns bitte darüber.
Wir konnten Ihre Stimmabgabe leider nicht speichern. Bitte erneut versuchen

Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)

Amazon.com: 17 Rezensionen
23 von 24 Kunden fanden die folgende Rezension hilfreich
Remarkable book for all security people, not just Windows users 26. März 2006
Von Richard Bejtlich - Veröffentlicht auf Amazon.com
Format: Taschenbuch
I received a copy of Protect Your Windows Network (PYWN) almost one year ago, and I immediately put it aside. I figured it was another "security configuration guide," with lots of descriptions of settings and other tweaks that makes for boring reading. Recently I decided to give PYWN another look, and I am exceedingly glad I did. PYWN is one of the best security books I have ever read, and that includes nearly 200 titles over the last six years. Incredibly, even non-Windows users will find plenty of sound advice for their enterprise. Although the book is highly opinionated (and at times perhaps not on my side of the issues) I strongly recommend reading PYWN.

When I read and review books, I underline sections of interest and take notes in the margins and on separate sheets of paper. I dried out a pen underlining text and took three pages of notes while reading PYWN. The amount of good advice in the book is staggering. PYWN is incredibly engaging and clear. It is superbly organized, taking a layered approach to enterprise security. The book's strength derives from the authors' consulting experience, and they deliver many stories based on their interactions with customers.

PYWN is not a Microsoft marketing person's dream, either. In many places the book is very frank. For example, p 19 says IPsec in Windows "is the poster child for user unfriendliness." The authors correctly recognize the goal of a "protected" network by explicitly telling customers "no, your network is not secure" (p 15). They are critical of "Return on Security Investment": "following the [security] policy does not increase revenue, it does not increase productivity" (p 116).

This book is definitely not afraid to offend the reader. I do not mean the use of foul language; rather, the book takes very strong stances on certain subjects. Some of these directly contradict guidance given by others. Ch 12 even features 10 Security Myths. In many cases, I believe the authors take the right position, and they adequately defend their assertions. In other cases, I must disagree. The authors are not fans of detecting intrusions, and their monitoring advice in Ch 4 is particularly shaky. They also tend to use an example of compromising a host-based IDS deployment as an excuse to attack all detection mechanisms.

The authors are sticklers for accurate language, which I believe is required in our field. They are keen to point out that "IPSec tunnels" don't exist per se; there is, however "IPSec transport mode" or "IPsec tunnel mode." They repeatedly state that L2TP+IPsec is the only "IETF-approved" remote access solution. This stems from their requirement that such a solution authenticate the user and give his/her machine an IP address. Obviously IPSec alone doesn't fulfill those requirements, hence their promotion of an alternative.

In some cases this desire to use the right word doesn't work so well. I disagree with some of the terms used in the threat modeling discussion in Ch 9. I wonder why the authors (and other Microsofties) call this "threat modeling," instead of using Bruce Schneier's older term -- "attack trees." Sometimes the authors confuse threats with vulnerabilities. For example, p 237 says "Although a threat to an application many times can be eliminated with a patch..." That should read "Although a vulnerability in an application many times can be eliminated with a patch..." Threats can only be eliminated by incarceration; vulnerabilities are flaws which can be patched. On p 254 we read "the config.sys file poses no threat." That's right, but it's not what the authors meant. They should have said "the config.sys file poses no vulnerability," or perhaps "exposure." Finally, p 236 says "you use the model to communicate the current structure of the network and the threats created because of it." That is wrong; building a network doesn't create threats -- it creates vulnerabilities and exposures. Threats are independent of the network.

Similarly, the STRIDE model on pp 242-3 is mostly about attacks, not threats. Read any government report about threats to learn about organized crime, foreign intel services, script kiddies, corporate spies, and so on -- those are real threats. "Denial of service" is an attack; "information disclosure" is a security incident, or a consequence of an attack.

I should note that sometimes the Windows focus of the book blinds the authors to other, better security approaches -- some of which Microsoft is adopting. For example, Ch 14 recommends users "uninstall unnecessary components." This is obviously true, but it's a limitation of Windows. It's much better to start with a bare system and "add necessary components." On p 422 the authors say the Windows Backup Operators group are unsafe for backup. If that is the case, why do they exist, at least as currently configured? The advice in Ch 14 also results in an "unsupported configuration" for SQL server. The authors admit this is for "high security" needs, but this indicates a problem with Microsoft's approach. PYWN pulls no punches in some places regarding Windows, but in others it holds back.

PYWN is definitely not a security configuration guide, of which the authors are highly critical. In some places they do list ways to accomplish certain goals, but most everywhere else they refer readers to previously published books or documents on the Web. Bravo. The book contains numerous footnotes which I appreciated.

I found only a few errors in the text. On p 38, the text implies the three way handshake starts with SYN, ACK instead of SYN, SYN-ACK. On p 84; ISO is not "International Standards Organization." On p 121, the text implies SOX doesn't apply to all publicly traded companies. Since I read every word very closely, I am really impressed by PYWN.

This review is long enough. Let me conclude by saying you will absolutely not waste your time reading this book. It took me a week to finish it because I tried to make the best use of the authors' recommendations and insights. Keep my earlier comments in mind, then enjoy PYWN. I hope the authors produce a sequel or at least a second edition. They are exceptional writers, and this book could easily be called "Protect Your Computing Enterprise." Windows is an example implementation, not necessarily the core focus of the book.
8 von 8 Kunden fanden die folgende Rezension hilfreich
The best Windows security book out there 8. Dezember 2005
Von Devin L. Ganger - Veröffentlicht auf Amazon.com
Format: Taschenbuch
Let me cut to the chase: if you're a Windows admin and you are at all worried about security, get this book. Now.

Okay, having said that, let me tell you about the book. I've been doing a lot of professional security work over the years, much of it with Windows. I tend to treat new security books with a big grain of salt, because there are a lot of well-meaning people out there giving advice ranging from mildly wrong to actively harmful. Now that I've written a book of my own, I have a fair idea of what is involved and how easy it is to slip technical howlers past hard-working editors (who aren't usually experts in the topic). Just because something is written down in a book doesn't mean I automatically trust it; unfortunately, too many people do place their faith in the Holy Grail of the printed word. On the other hand, I've not only seen Jesper and Steve speak before, I've had the opportunity to work with them on past projects, so I have a reasonable amount of faith that they actually know what they're talking about. (If you haven't had the pleasure of hearing them speak, go find the events they're at and sign up. Trust me.) As a result, I was pretty sure this book was going to rock on toast and give me a few good hard nuggets to think about.

It didn't.

This book completely threw many of my security assumptions out the window. More than once, I was reading the book shaking my head, saying "No, no, that's not right!" as the authors made hamburgers out of yet another security sacred cow. After giving myself time to think about it from a real-world point of view, though, I almost always came away agreeing with them. At other times, I'd be pumping my fist in the air, ecstatic that somebody else Got It and was able to put it as eloquently as I'd just read. I don't normally read technical books cover to cover; not only did I read this one straight through, I went back for a second pass with a bunch of sticky flags. My copy now looks like it was in a Twister factory explosion. The book also comes with a CD; it's not got a lot on it, but the scripts that are there are very useful indeed. There's also an accompanying website, [...] which contains errata and downloadable copies of the scripts and files on the CD.

Some of the best content of the book isn't contained in the book -- it's on the website in the Listening Room. Here, you can find recorded versions of talks by Jesper and Steve. You'll find their talks cover a lot of the same ground the book does, but they are both dynamic speakers and hearing the material reinforces what you're reading.

So, is this book for you? Let me answer that with another question: Are you tired of being a prisoner to security bulletins, patches, conflicting (and confusing) security guidance, and vendor claims?

If you want to learn how to actually analyze your systems and network, asses the threats you face, and do more than follow step-by-step "hardening guides" that inevitably break the CEO's favorite applications, then you need to get this book. It won't give you false warm fuzzies; it won't hold your hand and do your thinking for you, because the reality of security is that everybody's system is different. You can't produce cookie-cutter protection for a moving target; there is no substitute for digging in and learning the techniques Jesper and Steve show you here. If you put the work in, though, I can promise you will have a much better understanding of what it takes to keep your systems and network secure, and how to adapt as the threat landscape changes.

If you want to keep plodidng on, performing security by rote, following checklists, then don't read this book. It will make you question your assumptions and might even lead to thinking. And the bad guys in your network don't want that.

To see a slightly more detailed verson of this review (with hyperlinks), head to my blog (e)Mail Insecurity at:

9 von 10 Kunden fanden die folgende Rezension hilfreich
Impressive in it's detail 21. Juni 2005
Von Jack D. Herrington - Veröffentlicht auf Amazon.com
Format: Taschenbuch
The authors here have done an excellent job discussion not only effective security techniques, but also the reasoning behind them. Most of the security in the book is at the user layer. How you can set up your system, and the network around you to secure your systems. I particularly appreciated the information on SQL Server, which is all too often not covered in security books.

There are some downsides, the book is fairly text intensive (which is something I don't usually cite). There could have illustrations to make the points more clearly. But the images that are there are effective and used well.
5 von 5 Kunden fanden die folgende Rezension hilfreich
Reeeally good! 14. September 2005
Von Dr Anton Chuvakin - Veröffentlicht auf Amazon.com
Format: Taschenbuch
It looks like this book will further an alarming ƒº trend by being yet another great security book, written by Microsoft people. ¡§Protect Your Windows Network from Perimeter to Data¡¨ dives into an esoteric world of Windows security in an unusual and novel way. It is clear that this book belongs in 2005 due to its focus on things beyond Windows hardening tips and obscure registry tweaks for security. For example, I found a nice coverage of Windows emerging DRM (called RMS) as well as amazingly in-depth coverage of using ACLs for granular file security (it might sound simple, but its really not).

I will not go through the table of contents since you can look it up. Briefly, I most enjoyed chapter 2 with a hacking case study, chapter 3 on patches (I really did!), chapter 10 on rogue insiders, chapter 12 on hardening which contained some uncommon wisdom, and later chapters on application and data security.

I liked many things about this book! Right away, the authors establish that while fighting ¡§stock¡¨ worms and viruses, there are skilled attackers out there and simply ¡§keeping up to date with patches¡¨ will not save you. I also liked a harmonious mix of technical (lower level) and business (higher level) issues related to security.

In addition, I liked the style and authors¡¦ humor a lot! The book is very easy and even fun to read and is peppered with humorous stories from their experience. The book is full of amusing and educational gems, such as a triangle of ¡¥cheap-usable-secure - pick any two¡¨, and vendors and customers role is changing the above tradeoff.

The book is focused mostly on the defense side and display obvious and acknowledged bias towards protecting Windows servers, just like the name of the book indicates. The book contains a minor amount of Unix-bashing, which is more funny than malignant though.

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior¡¨ and a contributor to ¡§Know Your Enemy II¡¨. In his spare time, he maintains his security portal info-secure.org
3 von 3 Kunden fanden die folgende Rezension hilfreich
Must Read For Any Windows Administrator ... 8. Februar 2006
Von D. B. Curtis - Veröffentlicht auf Amazon.com
Format: Taschenbuch
...Or anyone who wants to harden and secure their windows network

This is a well written and thought out book that contains many tips and techniques not found anywhere else. It covers security from PCs to hardening servers, password vulnerabilities, how to create better password security, IP tables and their complexity, firewalls, perimeter security and why if you have no physical security then all other security is irrelevant. Despite its overall length and number of pages this book flows well and keeps the reader informed and entertained without being to witty or dry. I found it easy to read in just a few hours during a couple of evenings.

The author starts out with the basics of attacks and leads the reader thru different stages of security from social engineering thru hardware and software vulnerabilities. It shows how hacking takes place; the procedures, practices and techniques hackers use to attack a network and how an attacker takes control of a network. The author then guides the reader thru the process of keeping the attacker off the network and how to "hide" your system as well as processes from the attacker. He also shows the reader why outside attacks are becoming less relevant and how inside attacks are becoming more frequent.

The author provides practical, common sense solutions in an easy to understand forms that are useful to any reader. Included are many great up to date examples designed to help IT personnel understand, design, and manage their own unique security needs and vulnerabilities. Also included are numerous quality links and Urls that would take anyone extensive time and effort to piece together on their own.

Also covered are why written policies and procedures are important and the fact that you actually have no security with out written guidelines. The author then helps direct you in ways that will allow you to assess your companies' goals and apply practical security policies to your own specific situation. He also points out why mapping your network is important and how to assess your vulnerabilities based on you network topologies.

The concepts of the confidentiality, integrity and availability model as it applies to day-to-day security policies, procedures and practices are covered in a very comprehensive and easy to understand details. Anyone considering taking the CISSP certification or looking for CPEs will find this book helpful in understanding the concepts necessary to pass their exam or continue their professional education and will find it well worth his or her time.

One of the best features in this book is the CD and appendices, which are loaded with scripts and tools to help automate and simplify the very complex and sometimes tedious job of security administration.

Overall, you cannot find a better book on windows security than this; it is more than well worth the price many times over.
Waren diese Rezensionen hilfreich? Wir wollen von Ihnen hören.