Windows Server 2012 Security from End to Edge and Beyond
Architecting, Designing, Planning, and Deploying Windows Server 2012 Security Solutions
- 1st Edition - April 18, 2013
- Imprint: Syngress
- Authors: Yuri Diogenes, Debra Littlejohn Shinder, Thomas W Shinder
- Language: English
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 9 8 1 - 1
Windows Server 2012 Security from End to Edge and Beyond shows you how to architect, design, plan, and deploy Microsoft security technologies for Windows 8/Server 2012 in the enter… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteWindows Server 2012 Security from End to Edge and Beyond shows you how to architect, design, plan, and deploy Microsoft security technologies for Windows 8/Server 2012 in the enterprise. The book covers security technologies that apply to both client and server and enables you to identify and deploy Windows 8 security features in your systems based on different business and deployment scenarios. The book is a single source for learning how to secure Windows 8 in many systems, including core, endpoint, and anywhere access.
Authors Tom Shinder and Yuri Diogenes, both Microsoft employees, bring you insider knowledge of the Windows 8 platform, discussing how to deploy Windows security technologies effectively in both the traditional datacenter and in new cloud-based solutions. With this book, you will understand the conceptual underpinnings of Windows 8 security and how to deploy these features in a test lab and in pilot and production environments.
The book's revolutionary "Test Lab Guide" approach lets you test every subject in a predefined test lab environment. This, combined with conceptual and deployment guidance, enables you to understand the technologies and move from lab to production faster than ever before. Critical material is also presented in key concepts and scenario-based approaches to evaluation, planning, deployment, and management. Videos illustrating the functionality in the Test Lab can be downloaded from the authors’ blog http://blogs.technet.com.b.security_talk/. Each chapter wraps up with a bullet list summary of key concepts discussed in the chapter.
- Provides practical examples of how to design and deploy a world-class security infrastructure to protect both Windows 8 and non-Microsoft assets on your system
- Written by two Microsoft employees who provide an inside look at the security features of Windows 8
- Test Lab Guides enable you to test everything before deploying live to your system
Information Security professionals, Windows systems architects and administrators, technical decision makers, network administrators and other IT professionals who use are responsible for architecting, designing, planning, and deploying security solutions for systems using Microsoft Windows.
Acknowledgments
About the Authors
About the Technical Editor
Foreword
Chapter 1. Planning Platform Security
Chapter Points
Reviewing the Core Security Principles
Planning a Secure Platform from End to Edge and Beyond
From End to Edge and Beyond Chapter Previews
Summary
Chapter 2. Planning Server Role in Windows Server 2012
Chapter Points
Server Role and Security Considerations
Using Server Manager to Add a New Role or Feature
Using Security Compliance Manager to Hardening Servers
Administrator’s Punch List
Summary
Chapter 3. Deploying Directory Services and Certificate Services
Chapter Points
Evolving Threats Against Certificates
Implementing Directory Services on Windows Server 2012
Implementing Certificate Services on Windows Server 2012
Installing AD CS Role
Site-Aware Certificate Enrollment
Renew with the Same Key
Validate Your Knowledge in AD CS
Administrator’s Punch List
Summary
Chapter 4. Deploying AD FS and AD RMS in Windows Server 2012
Chapter Points
Planning for Active Directory Federation Services
Deploying Active Directory Federation Services
Troubleshooting Active Directory Federation Services
Active Directory Rights Management Services
Summary
Chapter 5. Patch Management with Windows Server 2012
Chapter Points
Why Should You Have a Patch Management Strategy in Place?
Planning WSUS Deployment on Windows Server 2012
Deploying WSUS
Managing Updates with WSUS
Using Group Policy to Configure WSUS
Administrator’s Punch List
Summary
Chapter 6. Virtualization Security
Chapter Points
Considerations Regarding Virtualization Security in Microsoft Platform
Understanding and Deploying Windows Server 2012 Hyper-V Security Capabilities
High Availability for Virtualization Security
Beyond the Hypervisor
Scenario: Virtualization Security Considerations for a Cloud Infrastructure
Administrator’s Punch List
Summary
Chapter 7. Controlling Access to Your Environment with Authentication and Authorization
Chapter Points
Planning Authentication, Authorization, and Access Control
Understanding Dynamic Access Control
Planning Authentication
Configuring Dynamic Access Control
Summary
Chapter 8. Endpoint Security
Chapter Points
Considerations Regarding Endpoint Security
Windows 8 Security Enhancements
Administrator’s Punch List
Summary
Chapter 9. Secure Client Deployment with Trusted Boot and BitLocker
Chapter Points
Security Considerations for Mobile Users
Understanding the Trusted Boot Process
Understanding BitLocker Full Volume Encryption
Summary
Chapter 10. Mitigating Application’s Vulnerabilities
Chapter Points
Living in the World of Apps
Browser Protection
The Old Friends Are Still Here: UAC and AppLocker
Extra Tools
Summary
Chapter 11. Mitigating Network Vulnerabilities
Chapter Points
Understanding Windows Firewall with Advanced Security
Deploying and Managing the Windows Firewall with Advanced Security
Protecting the Windows Endpoint with IPsec Rules
Common Deployment Scenarios
Using SMB Encryption to Protect Data Traversing the Network
Summary
Chapter 12. Unified Remote Access and BranchCache
Chapter Points
The Evolving Remote Access Landscape
New Capabilities in DirectAccess
DirectAccess Requirements and Planning
What is BranchCache?
Overview of BranchCache Deployment
Administrator’s Punch List
Summary
Chapter 13. DirectAccess Deployment Scenarios
The Simplified DirectAccess Server Test Lab
Create a Security Group for DirectAccess Clients on DC1
Install the Unified Remote Access Server Role on EDGE1
Run the Getting Started Wizard on EDGE1
Setup and Test CLIENT1 for DirectAccess Connectivity
Overview of Traditional DirectAccess Single Server Deployment
Administrator’s Punch List
Summary
Chapter 14. Protecting Legacy Remote Clients
Chapter Points
Virtual Private Networking with Windows Server 2012
Deploying Network Access Protection (NAP) Through Network Policy and Access Services
Summary
Chapter 15. Cloud Security
Chapter Points
General Considerations for Cloud Security (SaaS)
General Considerations for Cloud Security (IaaS)
Building a Private Cloud with Windows Server 2012
Summary
Index
- Edition: 1
- Published: April 18, 2013
- Imprint: Syngress
- No. of pages: 542
- Language: English
- eBook ISBN: 9781597499811
YD
Yuri Diogenes
Yuri Diogenes started working on IT field as computer operator back in 1993 using MS-DOS 5.5 and Windows 3.1. In 1998 moved to a Microsoft Partner where he was instructor for computer classes and also wrote internal training materials such as Windows NT 4 and Networking Essentials. His initial experience with security started in 1998 when he had to setup the Internet security connectivity using Microsoft Proxy 2.0 and Cisco routers. In 2001 Yuri released his first book (in Portuguese) about Cisco CCNA Certification. In 2003 Yuri accepted the offer to be a Professor in a University in Brazil where he taught operating system and computer networks classes. In December 2003 he moved to United States to work for Microsoft as a contractor in the Customer Service and Support for Latin America messaging division. In 2004 he moved to Dell Computers in Round Rock, Texas to work as Server Advisor in the Network Operating System (NOS) Team, dealing primarily with Windows, Exchange and ISA (2000/2004).
Yuri returned to MS as a full time employee in 2006 to work again on the Customer Service and Support for Latin America, but at this time to be dedicated to the platform division. There I was responsible to primarily support Windows Networking and ISA Server (200/2004/2006) for enterprise customers from Latin America. In 2007 he joined the Customer Services and Support Security Team as a Security Support Engineer where he was dedicated to work with Edge protection (ISA Server and then TMG). In 2010 Yuri co-wrote the Forefront Administrator’s Companion book and also three other Forefront books in partnership with Tom Shinder. During this time Yuri also wrote articles for his own blog (blogs.technet.com/yuridiogenes), TechNet Magazine, ISSA Journal and other Security magazines in Brazil. Nowadays Yuri Diogenes works as a Senior Technical Writer for the Server and Cloud division Information Experience Team where he writes articles about Cloud Infrastructure with security functionalities baked in. On his currently role he also deliver presentations at public events such as TechED US, Europe, Brazil and internal Microsoft conferences such as TechReady. Currently Yuri is also working on his Master degree in Cybersecurity Intelligence & Forensics at UTICA while also writing the second edition of his Security+ book (in Portuguese).
Yuri holds several industry certifications, including CISSP, E|CEH, E|CSA, CompTIA, Security+, CompTIA Cloud Essentials Certified, CompTIA Network+, CASP, MCSE, MCTS, MCT and many other Microsoft certifications. You can follow Yuri Diogenes on Twitter @yuridiogenes
DL
Debra Littlejohn Shinder
Debra Littlejohn Shinder is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and client and server security over the last fourteen years. These include Scene of the Cybercrime: Computer Forensics Handbook, published by Syngress, and Computer Networking Essentials, published by Cisco Press. She is co-author, with her husband, Dr. Thomas Shinder, of the best-selling Configuring ISA Server 2000, Configuring ISA Server 2004, and ISA Server and Beyond.
Deb has been a tech editor, developmental editor and contributor on over 20 additional books on networking and security subjects, as well as study guides for Microsoft's MCSE exams, CompTIA's Security+ exam and TruSecure’s ICSA certification. She formerly edited the Element K Inside Windows Server Security journal. She authored a weekly column for TechRepublic’s Windows blog, called Microsoft Insights and a monthly column on Cybercrime, and is a regular contributor to their Security blog, Smart Phones blog and other TR blogs. She is the lead author on Windowsecurity.com and ISAServer.org, and her articles have appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine. She has authored training material, corporate whitepapers, marketing material, webinars and product documentation for Microsoft Corporation, Intel, Hewlett-Packard, DigitalThink, GFI Software, Sunbelt Software, CNET and other technology companies.
Deb specializes in security issues, cybercrime/computer forensics and Microsoft server products; she has been awarded Microsoft’s Most Valuable Professional (MVP) status in Enterprise Security for eight years in a row. A former police officer and police academy instructor, she has taught many courses at Eastfield College in Mesquite, TX and sits on the board of the Criminal Justice Training Center there. She is a fourth generation Texan and lives and works in the Dallas-Fort Worth area.
Affiliations and expertise
MCSE, Technology consultant, trainer, and writerTS
Thomas W Shinder
Dr. Tom Shinder is a 17 year veteran of the IT industry. Prior to entering IT, Dr. Tom graduated from the University of Illinois College of Medicine with a Doctor of Medicine and was a practicing neurologist with special interests in epilepsy and multiple sclerosis. Dr. Tom began his career in IT as a consultant, and has worked with many large companies, including Fina Oil, Microsoft, IBM, HP, Dell and many others. He started his writing career toward the end of the 1990s and has published over 30 books on Windows, Windows Networking, Windows Security and ISA Server/TMG, UAG and Microsoft DirectAccess. For over a decade, ISA Server and TMG were Tom’s passions, and he ran the popular web site www.isaserver.org, in addition to writing 8 books on ISA/TMG. Tom joined Microsoft in December of 2009 as a member of the UAG DirectAccess team and started the popular “Edge Man” blog that covered UAG DirectAccess. He is currently a Principal Knowledge Engineer in the Server and Cloud Division Information Experience Group Solution’s Team and his primary focus now is private cloud – with special interests in private cloud infrastructure and security.
Affiliations and expertise
Member of Microsoft’s ISA Server Beta Team and Microsoft MVP for ISA Server, Dallas, TX, U.S.A.Read Windows Server 2012 Security from End to Edge and Beyond on ScienceDirect