S. Bradley said
Full Disclosure: I wrote the small business chapter.
To Peter who was disappointed because he wanted to see "real world templates for use in his firm". Once upon a time I was just like you and I went and volunteered in a standard setting body to find that magical elixar of a cookie cutter template that would secure me. I found that there isn't a magical button, nor is there a template that I can just magically deploy. No one knows my network but me. Therefore no one but me can secure it.
Remember Dorothy and how she had the power to go home all along but had to learn it? Same thing here. I can't give you the security template that fits my network because it's based on my needs, my risk, my business. It won't fit your needs, your business, your risk.
Each network is unique. So for those of you disappointed in the fact that this doesn't have a slam it down your network and magically it's secure template, be disappointed in yourself first.
You have to determine your own risk, and then you start tweaking and seeing what breaks. Notch the security back for that part, see if you are comfortable with that.
Peter Van Eeckhoutte said
The big yellow "Resource Kit" sign at the bottom of the front of this book convinced me to buy this book... Big mistake.
If you are looking for a book with a lot of theory, if you are looking for a book that does not contain anything useful to implement in real life, then this book is for you.
Part I talks about Security Fundamentals. Nice, but spending for instance 20 pages on UAC is just a little bit too much for a Server Security Book.
Part II addresses Identity and Access Control using AD. I thought it would become interesting now, but 40 pages later, Part II was over.
Luckily the third part contains more pages, but I would have expected a little bit more than some manual screenshots on how to run the Security Configuration Wizard. I was hoping on real-life tested recommendations/templates/... anything that could help me really securing servers.
Comments