Preface

Preface

As the title implies, this book is about security in the Windows Server 2003 operating system and how to put it to work on behalf of your organization and your users.

Windows Server 2003 has quite a number of uses. It can serve in a network support role, supplying services such as DHCP and DNS. It can take a more active part in object management, such as when used as an Active Directory domain controller. It can also serve as a personal operating system, since it is so closely tied with its brother, Windows XP. In this role, it might provide security of local data and host-based network communications.

I've broken down the book by technology. Each chapter covers one or more of the technologies that Windows Server 2003 provides. Most of these?such as IPSec?are primarily security-focused. However, some?such as DHCP?are not.

Each chapter answers three questions about the technology it covers:

What the technology is and how it's used

Each chapter begins with a brief introduction to the technology. If you have no idea what this technology does, this is a quick way to learn about it. I don't bore you with marketing spin or polished terms. I just tell you what the technology does and what a few of the most likely uses might be.

How the technology works

To understand a technology's security implications, you usually need to know how it works. This section is kept deliberately brief and sometimes excludes details that you don't need to know. I do this, not to keep you in the dark, but to make sure that you're focused on how the thing works and that you don't bog down in minutia that, in your job and scope, would be useless and distracting.

How to use the technology properly to serve your system

Through lots of research and direct interaction, the book's contributors and I have come up with a set of common uses for the technologies detailed in this book. All of these are based on real experience, not theoretical environments or marketing-based blue sky scenarios. I take you through these examples and show you exactly how to get the desired results. In most cases, I provide a keystroke level of detail to ensure you don't miss a thing.

Of course, all possible scenarios can't be covered in this book. Because the different Windows components can be configured so many ways, it would be impossible to present all approaches to all possible scenarios. But the content of this book should provide more than enough information for you to make decisions on the technologies as well as test and understand them.

One thing you'll see in this book that you may not have seen before is Security Showdown sections. This is a point-counterpoint debate between myself and a semifictional coworker, Don. I use it several times throughout the book to show that some debates about security methodologies and techniques are not easily answered. Some of them are so contentious that they seem like religious debates at times. You should understand that security-focused individuals tend to have opinions about security and that they like to argue with people who hold different values. These are good-natured and often help explain both positions. So please read these sections as I've intended, as an open discussion of the merits and hazards of multiple tactics to achieve the same goal.