Windows .Net Server Security Handbook (With CD-ROM) - Softcover

About the Author

DR. CYRUS PEIKARI, Chief Technology Officer of VirusMD Corporation, has won numerous awards for his security software and holds several pending patents in the anti-virus field. He has spoken at Defcon and is frequently interviewed on television for breaking Internet security news.

SETH FOGIE, Senior Security Consultant at VirusMD Corporation, hosts a weekly Internet Security radio segment on CBS affiliate KRLD Radio in Dallas, TX. He is an MCSE and former US Navy Nuclear Engineer. Peikari and Fogie co-authored Windows Internet Security: Protecting Your Critical Data (Prentice Hall PTR).

Chief technical reviewer: Dr. Warwick Ford, Vice President of Research and Chief Technology Officer, VeriSign, Inc., and world-renowned expert on Internet security and cryptography.

From the Back Cover

Windows .NET Security: step-by-step techniques and fast answers.

• The practical, start-to-finish guide to Windows .NET security
• New Windows .NET security features: Location-Aware Firewalling, Offline File Encryption, and more
• Locking down .NET servers and XP clients-step by step
• Securing new Windows .NET features: Raw Sockets, Remote Desktop, Remote Assistance, and more
• Anticipating future threats-including threats to 802.1x wireless networks

Windows .NET Server Security Handbook is your practical, step-by-step guide to maximizing Windows .NET security. Two leading experts show you how to take advantage of every important new Windows .NET and XP security feature, from .NET's new firewall to its updated Encrypting File System. You'll discover the critical security implications of new features such as Remote Desktop and Remote Assistance, then learn how to use Microsoft(r)'s latest tools to configure security in a wide range of scenarios. By the time you're finished, you'll know how to lock down any Windows .NET system-from the largest enterprise to the smallest home network.

• The Internet Connection Firewall: configuration, adding programs, logging, ICMP, and more
• Windows .NET raw sockets: the reality-and what you should do about it
• Anticipating emerging threats, including wireless 802.11 hacking and "War Driving"
• Windows .NET Security Toolset: using the Security Configuration and Analysis snap-in, Secedit.exe, Security Templates, and more
• Configuring Windows .NET VPNs, PKI, and Smart Cards
• Kerberos: server authentication, policies, security environments, and interoperability issues
• Securing Microsoft IIS Web services in Windows .NET environments
• Understanding the core security architecture Microsoft's .NET platform is built upon
• Discovering new security holes fast: how you can beat BugTraq by seven days!

About the CD-ROM

Powerful library of Windows .NET security tools!

• VirusMD Personal Firewall 3.0: diagnose and treat Trojan horse infections
• eEye RetinaTM network security scanner (demo): scan your network for vulnerabilities
• eEye SecureIIS application firewall (demo): Maximize app-layer security
• eEye IrisTM sniffer (demo): Perform advanced protocol analysis
• LC3 password testing: Audit NT/Win2K user passwords
• MIRC, MultiProxy, and Socks2HTTP: perform anonymous counterintelligence against hackers
• NetStumbler wireless security tester: scan wireless networks for security flaws

Excerpt. © Reprinted by permission. All rights reserved.

Preface

Security is the one issue that will either make or break Microsoft Corporation. Microsoft has "bet the company" on their .NET strategy, yet hackers threaten to topple the delicate structure at every turn. Microsoft itself has admitted that it has a long way to go to build public confidence in its security.

Unfortunately, it seems that every time Microsoft security takes a step upward, hackers knock it right back down. In fact, the threat to .NET became so critical that Bill Gates himself felt compelled to realign the entire company with security at the forefront. In January 2002 Gates delivered an epochal memo announcing that Microsoft must henceforth make security its highest priority. This "Trustworthy Computing" memo reflected Gates' anguish over years of stinging criticism. His ultimatum echoed what hackers have been saying for years: Microsoft must get secure, or fail.

The .NET vision is built upon three pillars. One pillar that has come under fire from critics is the .NET Framework. This distributed programming technology has pushed software on to the Internet as a service. Even before its official release, independent experts found security flaws in the .NET Framework. Moreover, future vulnerabilities are likely to be worse. At its heart the .NET Framework is distributed programming, which in theory could magnify threats from distributed hacking, viruses, and denial-of-service attacks.

The second pillar of .NET is the enhanced user experience. With .NET, Microsoft is attempting to maximize functionality while minimizing hassles. Largely, this is a public relations challenge. .NET does provide an enhanced user experience, but it will be difficult to market this advantage while security concerns overshadow the technology.

The book you are holding deals with the third pillar of the .NET vision, namely, the base operating system forming the cynosure of the .NET vision. .NET Server is not only a pillar, but it is also the impressive foundation upon which the entire .NET Framework rests. This book covers the security architecture of .NET Server and shows you how protect your enterprise from hackers.

.NET Server is often used as a generic term that encompasses all of Microsoft's enterprise management tools, including Exchange Server, SQL Server, Biz Talk Server, and more. However, the real Windows .NET Server is the base OS with which we are familiar. It is the next generation of its mighty predecessor, Windows 2000 Server.

Since vulnerable clients are the Achilles' heel of secure servers, this book also covers Windows XP Professional, the preferred client for .NET Server. Ironically, the increasing use of IPSec-encrypted "tunnels" (Virtual Private Networks) means a vulnerable remote client opens a back door through which hackers can reach the very heart of your corporate network. Why attack the castle's ramparts when you can easily slip in through the open postern? Thus, this book also addresses security concerns specific to the Windows XP Pro clients that interface with .NET Server.

Windows .NET Server is Microsoft's contender to beat Linux in the server market. Security may be the deciding factor in determining which of these two platforms achieves ascendancy. With the impressive security architecture of .NET Server, Microsoft now has a fighting chance.