کتاب الکترونیکی

کیت منابع امنیتی ویندوز سرور 2008

Windows Server 2008 Security Resource Kit

دانلود کتاب Windows Server 2008 Security Resource Kit (به فارسی: کیت منابع امنیتی ویندوز سرور 2008) نوشته شده توسط «Jesper M. Johansson»


اطلاعات کتاب کیت منابع امنیتی ویندوز سرور 2008

موضوع اصلی: مدیریت سیستم

نوع: کتاب الکترونیکی

ناشر: Microsoft Press

نویسنده: Jesper M. Johansson

زبان: English

فرمت کتاب: pdf (قابل تبدیل به سایر فرمت ها)

سال انتشار: 2008

تعداد صفحه: 510

حجم کتاب: 10 مگابایت

کد کتاب: 9780735625044 , 0735625042

نوبت چاپ: 1

توضیحات کتاب کیت منابع امنیتی ویندوز سرور 2008

مرجع قطعی برنامه ریزی و اجرای ویژگی های امنیتی در Windows Server 2008 را با بینش های متخصص از با ارزش ترین متخصصان مایکروسافت (MVP) و تیم امنیتی ویندوز سرور در مایکروسافت دریافت کنید. این کیت رسمی مایکروسافت RESOURCE اطلاعات و ابزارهای فنی و عمیقی را که برای کمک به محافظت از کلاینت‌های مبتنی بر Windows®، نقش‌های سرور، شبکه‌ها و خدمات اینترنتی نیاز دارید، ارائه می‌کند. کارشناسان برجسته امنیتی نحوه برنامه ریزی و پیاده سازی امنیت جامع را با تاکید ویژه بر ابزارهای امنیتی جدید ویندوز، اشیاء امنیتی، خدمات امنیتی، احراز هویت کاربر و کنترل دسترسی، امنیت شبکه، امنیت برنامه ها، فایروال ویندوز، امنیت Active Directory®، خط مشی گروه، حسابرسی توضیح می دهند. و مدیریت پچ این کیت همچنین بهترین شیوه ها را بر اساس پیاده سازی های دنیای واقعی ارائه می دهد. شما همچنین ابزارها، اسکریپت‌ها، الگوها، و سایر کمک‌های کلیدی شغلی، از جمله یک کتاب الکترونیکی از کل کیت منابع روی سی‌دی را دریافت می‌کنید.

مزایای کلیدی کتاب

اطلاعات فنی قطعی و بینش متخصص مستقیماً از تیم امنیتی Windows Server و MVPهای پیشرو مایکروسافت

اطلاعات عمیقی را ارائه می دهد که هر مدیر ویندوز باید درباره کمک بداند. محافظت از محیط‌های مبتنی بر ویندوز

شامل بهترین روش‌ها از پیاده‌سازی‌های واقعی است

CD شامل ابزارهای کمکی اضافی برای کار، از جمله ابزارها، اسکریپت‌ها و یک نسخه کاملاً قابل جستجو از کل کتاب RESOURCE KIT پرسش و پاسخ با Jesper M. Johansson، نویسنده Windows Server 2008 Security Resource Kit معتبرین مشارکت کنندگان در کیت منبع امنیتی Windows Server 2008 بسیار چشمگیر است. جمع آوری چنین گروهی برای این عنوان چقدر اهمیت داشت؟ به نظر من لازم بود. محصولات سرور لزوماً پیچیده هستند و امنیت به دلیل ماهیت خود مستلزم درک بسیار گسترده ای از محصول است. توسعه این درک در یک فرد ممکن است، اما بسیار زمان بر است و هنوز به وسعت دیدگاهی که در گروهی از افراد پیدا می کنید منجر نمی شود. هیچ فردی نمی تواند واقعاً درک کند که پیاده سازی اکتیو دایرکتوری در یک سازمان 50000 نفری چگونه است و اینکه چگونه یک شبکه کسب و کار کوچک 50 نفره را در درازمدت اداره کند، و احتمالاً هیچ یک از آنها یکی از آنها در جهان نخواهد بود. متخصصان اصلی در پیاده سازی زیرساخت های رمزنگاری کلید عمومی. با گرد هم آوردن این تیم متخصص در سراسر جهان (به نمایندگی از چهار کشور در سه قاره)، ما توانستیم منبعی را تولید کنیم که عمق و وسعت دانش بسیار بیشتر از آنچه در غیر این صورت ممکن بود، داشت و شما تخصص 12 مورد از متخصصان اصلی امنیت ویندوز در یک بسته واحد. چه موارد اضافی در CD Resource Kit موجود است؟ ابتدا، یک فصل جایزه در مورد خدمات مدیریت حقوق و همچنین یک نسخه الکترونیکی از کل کتاب دریافت می کنید. من در مورد نسخه الکترونیکی آن بسیار هیجان زده هستم زیرا روشی قابل جستجو برای خواندن کتاب فراهم می کند. این نوع کتاب ها همیشه به عنوان مرجع مورد استفاده قرار می گیرند و جستجو در آن بسیار ارزشمند است. شما همچنین ابزارهایی را دریافت می کنید که ممکن است برای مدیریت سرورها مفید باشند. اد ویلسون، گورو اسکریپت‌نویسی، برخی از اسکریپت‌های سفارشی PowerShell را به‌طور خاص برای این کتاب نوشت تا حساب‌های کاربری و دیگر جنبه‌های امنیتی مربوط به استقرار شما را مدیریت کند. علاوه بر این، من یکی دو ابزار برای کتاب نوشتم. یکی از آنها مولد رمز عبور من است که برای اولین بار چندین سال پیش آن را در دسترس قرار دادم. این به شما امکان می دهد تا رمزهای عبور حساب کاربری منحصر به فرد مدیر و رمزهای عبور حساب سرویس را در صدها یا هزاران سرور در یک شبکه مدیریت کنید. من ابزارهای elevation خود را نیز گنجانده ام، که به شما امکان می دهد یک نمونه از Windows Explorer را راه اندازی کنید، و همچنین هر دستوری را که می خواهید از خط فرمان بالا ببرید. پس از حدود دو سال کار روزانه با User Account Control (UAC) متوجه شدم که یکی از بزرگترین موانع اجرای تحت UAC، درخواست‌های متعددی است که هنگام انجام بسیاری از عملیات فایل دریافت می‌کنید. به عنوان یک مدیر، این یک کار بسیار رایج است. بالا بردن ویندوز اکسپلورر به شما امکان می دهد آن عملیات را با یک اعلان ارتفاع انجام دهید و همچنان UAC را روشن بگذارید. در مقایسه این دو برنامه، برخی از تفاوت های اساسی بین Windows Server 2008 و Windows Server 2003 چیست؟ از نظر من، بزرگترین تفاوت این واقعیت است که در حالی که Windows Server 2003 تحت بهترین شیوه های امنیتی سال 2002 ساخته شده است، Windows Server 2008 تمام شیوه های توسعه ایمن را که مایکروسافت طی پنج سال پس از آن آموخته است، در خود جای داده است. زمینه توسعه نرم‌افزار ایمن بین سال‌های 2002 تا 2007 بسیار پیشرفت کرده است و ترکیب آن‌ها باعث می‌شود ویندوز سرور 2008 بسیار بیشتر بتواند در برابر تهدیداتی که در پنج سال آینده شاهد خواهیم بود بایستد. به هر حال، با دلی سنگین می گویم که من در ویندوز سرور 2003 روی امنیت سخت کار کردم، اما واقعیت دارد. جدا از فرآیند مهندسی، اولین چیزی که مردم متوجه آن خواهند شد، مدل مدیریتی کاملاً جدید در ویندوز سرور 200 است.


Get the definitive reference for planning and implementing security features in Windows Server 2008 with expert insights from Microsoft Most Valuable Professionals (MVPs) and the Windows Server Security Team at Microsoft. This official Microsoft RESOURCE KIT delivers the in-depth, technical information and tools you need to help protect your Windows® based clients, server roles, networks, and Internet services. Leading security experts explain how to plan and implement comprehensive security with special emphasis on new Windows security tools, security objects, security services, user authentication and access control, network security, application security, Windows Firewall, Active Directory® security, group policy, auditing, and patch management. The kit also provides best practices based on real-world implementations. You also get must-have tools, scripts, templates, and other key job aids, including an eBook of the entire RESOURCE KIT on CD.

Key Book Benefits

Definitive technical information and expert insights straight from the Windows Server Security Team and leading Microsoft MVPs

Provides in-depth information that every Windows administrator needs to know about helping protect Windows-based environments

Includes best practices from real-world implementations

CD includes additional job aids, including tools, scripts, and a fully searchable version of the entire RESOURCE KIT book Q&A with Jesper M. Johansson, author of Windows Server 2008 Security Resource Kit The credentials of the contributors to Windows Server 2008 Security Resource Kit are quite impressive. How important was it to assemble such a group for this title? In my opinion, it was necessary. Server products are necessarily complex, and security, by its very nature, requires a very broad understanding of the product. Developing that understanding in a single person is possible, but very time consuming and still does not lead to the breadth of perspective that you find in a group of people. No single person can truly understand both what it is like to implement Active Directory in a 50,000 seat organization, and how to run a 50-seat small business network long-term, and neither of them is probably going to also be one of the world’s foremost experts on implementing public key cryptography infrastructures. By putting together this world-wide team of experts (representing four countries on three continents) we were able to produce a resource that had far more depth and breadth of knowledge than would otherwise have been possible, and you get the expertise of 12 of the foremost experts on Windows Security in a single package. What extras are available on the Resource Kit CD? First, you get a bonus chapter on Rights Management Services, as well as an electronic copy of the entire book. I am very excited about the electronic copy because it provides a searchable way to read the book. These types of books are always used as references and being able to search it is very valuable. You also get some tools that may come in handy for managing servers. Scripting Guru Ed Wilson wrote some custom PowerShell scripts specifically for this book to manage user accounts and other security related aspects of your deployment. In addition, I wrote a couple of tools for the book. One is my password generator, which I first made available several years ago. It enables you to manage unique administrator account passwords and service account passwords on hundreds or thousands of servers on a network. I also included my elevation tools, which allow you to launch an elevated instance of Windows Explorer, as well as elevating any command you want from the command line. Having worked with User Account Control (UAC) daily for about two years I find that one of the biggest impediments to running under UAC is the multiple prompts you get when you perform many file operations. As an administrator, that is a very common task. Elevating Windows Explorer lets you do those operations with a single elevation prompt, and still leave UAC turned on. Comparing the two programs, what are some of the fundamental differences between Windows Server 2008 and Windows Server 2003? To me, the biggest difference is the fact that while Windows Server 2003 was built under the security best practices of 2002, Windows Server 2008 incorporates all the secure development practices Microsoft learned in the five years since. The field of secure software development has progressed immensely between 2002 and 2007, and incorporating them will make Windows Server 2008 much more able to stand up to the threats we will see in the next five years. By the way, it is with a heavy heart that I say that, as I worked hard on security in Windows Server 2003, but it is true. Apart from the engineering process, the first thing people will notice is the completely new management model in Windows Server 2008. Instead of installing a lot of separate components, you now deploy roles to the server. This makes a lot of sense because the roles are what you bought the server to fill. By implementing that metaphor in the management tools the risk for misconfiguration is greatly reduced. The new kernel features are also very important and will make a big difference for many. First, the new virtualization features are fundamentally going to change how we build and run data centers. The improvements in security, reliability, and performance in the kernel features, such as thread scheduling, and in the networking features, such as the new network file system, also are going to be valuable to many. What do you feel is the biggest security oversight made by network admins? Put a slightly different way, the area where I see the most room for improvement is in security posture management. Administrators are far too focused on vulnerabilities and on the types of “hardening” tweaks that were useful in the 1990s, when software shipped wide open by default. Today, those things are not nearly as important as it is to manage the security posture of your servers. Far too many administrators still believe in the perimeter and fail to recognize that just about every organizational network today is semi-hostile, at best. The biggest security oversight is not to analyze and manage the threats posed to servers by other actors on the network. The Security Resource Kit goes into depth in discussing what I refer to as Network Threat Modeling, as the analysis phase of Server and Domain Isolation – probably the most powerful security tool in the arsenal today. Yet, the proportion of networks that use these tools is infinitesimal. What are your thoughts on the constant hype surrounding potential security flaws in Vista? As I have written elsewhere (http://msinfluentials.com/blogs/jesper/archive/2008/01/24/do-vista-users-need-fewer-patches-than-xp-users.aspx) I fail to see any data backing up the argument. Certainly, there have been flaws in Vista – and anyone who expected it to be flawless was unrealistic – but the improvements are tremendous over Windows XP. Windows Vista has about half as many critical problems as Windows XP in the same time-frame. I’m not sure that it would have been reasonable to expect it to perform much better than that given how large and complex modern software is and how fast the security landscape is moving. Therefore, I have to think that the reasons for the hype are something other than data. The popular press seems to operate on the assumption that complaining about Microsoft generates advertising revenue, and they are probably correct. The fact of the matter today is that a significant portion of the software industry, specifically the security portion, has built its business almost exclusively on selling software that purports to protect Microsoft’s customers from Microsoft’s screw-ups. It is simply terrifying to it, and a grave threat to its business model, that Microsoft should actually manage to produce software, and particularly operating systems, that are so secure they do not need most of the products that portion of the industry sells. The popular press, being a largely advertising funded business, has happily latched on to this perception and boosted the unsubstantiated claims of Windows Vista’s vulnerability to the benefit of their major advertisers. It is truly a sick eco-system that harms the customer in both the short and long term. The threats today, as I mentioned above, are trending toward the types of things that the security software industry cannot protect against. The new threats are against people, and the focus needs to shift to helping people make better security decisions and take responsibility for their own actions. Unfortunately, the current unsubstantiated hype about Windows Vista is not about protecting customers, it is about selling unnecessary security software and inculcating users and IT managers alike in the belief that they must buy third party software to run Windows safely; a belief that, with a few notable exceptions, such as anti-virus software, is falsified by the data. In fact, the hype has even lead to a huge growth industry in malicious, fake, security software. I have seen a lot of people lured by the hype into buying security software that is not security software at all, but simply malware in disguise. The average consumer, inundated with hype, is unable to make out what to really believe. This sick ecosystem is harmful and the press and the pundits are not helping, but only increasing the hype. In your opinion, which network faces the biggest security risk today: the small office with multiple power users or large corporation with a large LUA base? The unmanaged networks. I have seen very well managed and very secure networks in both small and large organizations, and I have seen poorly managed and very insecure networks in both as well. It is not really a matter of size but of how much time and effort is put into the security aspects of it. One of the largest weaknesses seems to be training. Security today is about end-points. The attacks are against people far more prevalent than those against technology and vulnerabilities. We need to, as an industry, understand how to push the security out to the assets that we are trying to protect. In the past we have centralized security because it was a way to centralize management of security. The challenge now is to de-centralize security, while still permitting centralized management. This is a non-trivial task, but it must be done. As a starting point, I dare every IT manager to start analyzing the risks to his or her network, and specifically, what it is they want the network to be used for. Once you understand what it is you want the network to provide you have a chance to work on making it provide that and nothing else. To me, that is the most important thing we can do. A properly staffed IT group, with adequate training and resources to train its users, an organizational mandate to protect the organization’s assets, and a keen understanding of the business they serve will build a network that is adequately secured regardless of the size of the network. Windows Server 2008 certainly provides some very powerful technologies to help you manage security in your network, but while that is a necessary component, it is insufficient by itself. At a very base level, it is about the people and the processes you have, more than about the technology. Technology will help, but it is just a tool that your people will implement using a process that helps or hurts.

دانلود کتاب «کیت منابع امنیتی ویندوز سرور 2008»

مبلغی که بابت خرید کتاب می‌پردازیم به مراتب پایین‌تر از هزینه‌هایی است که در آینده بابت نخواندن آن خواهیم پرداخت.

برای دریافت کد تخفیف ۲۰ درصدی این کتاب، ابتدا صفحه اینستاگرام کازرون آنلاین (@kazerun.online ) را دنبال کنید. سپس، کلمه «بلیان» را در دایرکت ارسال کنید تا کد تخفیف به شما ارسال شود.