| تبليغات | X |
Book Description
Paperback: 624 pages
Publisher: Wiley - April 15, 2005
Language: English
ISBN-10: 0764574817
ISBN-13: 978-0764574818
Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various
applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering. The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product.
* The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products
* Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware
* Offers a primer on advanced reverse-engineering, delving into "disassembly"-code-level reverse engineering-and explaining how to decipher assembly language
Download Description
Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering. The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product. * The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products * Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware * Offers a primer on advanced reverse-engineering, delving into ""disassembly""-code-level reverse engineering-and explaining how to decipher assembly language
[ Download ]
OR
[ Download ]
OR
[ Download ]
Photoshop User Magazine ?June 2007
PDF | English | 60.9 Mb
[ Download ]
OR
[ Download ]
OR
[ Download ]
Book Description
Paperback: 212 pages
Publisher: O'Reilly Media, Inc.; Lslf edition - April 29, 2008
Language: English
ISBN-10: 0596519982
ISBN-13: 978-0596519988
Now you can design rich Internet applications (RIAs) for the Web using Silverlight 2, the latest version of Microsoft's hot new runtime application -- without waiting for the official release. That's right. With Essential Silverlight 2 Up-to-Date, you not only get a concise, easy-to-understand introduction to Silverlight 2, but thorough coverage of the CTPs, betas, and RTM releases as they become available. Once you buy this Up-to-Date edition, you'll be able to download free PDFs of all the revisions to Silverlight -- pages that you can print and insert right into the book's unique binder format. Pre-printed updates will also be available for purchase. It combines the the speed of technology with convenience of a book. With Essential Silverlight 2 Up-to-Date, you learn to take advantage of Microsoft's cross-browser Silverlight plug-in with tools for animation, vector graphics, and video playback, as well as new .NET support for web services, networking and LINQ (language integrated query). This guide gives you complete step-by-step instructions for using everything Silverlight has to offer, along with: Clever ways to create interactive UIs that are more robust and easier to debug and test than what you can achieve on other platforms Scores of tested JavaScript and C# code examples that you can reuse in your own applications Expert guidance from an author who understands RIA technologies, including ASP.NET, Flash, PHP, and JavaScript Ready to deliver a more complete Web experience? Now there's no reason to wait. Essential Silverlight 2 Up to Date offers a whole new world of possibilities.
About the Author
Christian Wenz is an author, trainer, and consultant. His main focus of working and writing is on web technologies and security. Christian has written or co-written over 50 books for various publishers. He works with both open source and closed source web technologies. This leads to the unusual situation that he has both been awarded a Microsoft MVP for ASP/ASP.NET and is listed in Zend's Who is Who of PHP. He is also listed in Mozilla's credits (about:credits) and is considered an expert in browser-agnostic JavaScript.
Apart from writing and working on web projects, Christian also frequently speaks at developer conferences around the globe that cover web technologies. Among them are 2005's Microsoft Tech Ed Europe conference (BOF session) and the 2005 Zend Conference
[ Download ]
or
[ Download ]
or
[ Download ]
or
[ Download ]
Book Description
Paperback: 640 pages
Publisher: Addison-Wesley Professional; Pap/Cdr edition - April 3, 2004
Language: English
ISBN-10: 0321213343
ISBN-13: 978-0321213341
"Finally, a step-by-step VBScripting book to make you look like a programmer without the time and sweat! Don't waste your time searching the Internet for examples--this book does it for you!"
--Greg A. Marino, Senior Systems Engineer/Consultant, Westtown Consulting Group, Inc.
Visual Basic Scripting (VBScript) and Windows Management Instrumentation (WMI) are vital tools for systems administrators grappling with the increasing complexity of Windows technologies. However, busy admins have been without a straightforward guide to scripting...until now.
Managing Windows® with VBScript and WMI explains how Windows administrators can effectively use VBScript to automate common administrative tasks and simplify complex ones. Detailed coverage of security concerns provides admins with the means for safely using VBScript in Windows environments. The book is organized around the problems you face daily, with reusable examples and coverage of Windows NT, Windows 2000, Windows XP, and Windows 2003.
This user-friendly reference demystifies scripting and then shows you how to produce new scripts from scratch. You will be producing useful scripts right away as you study the VBScript language and learn how to control nearly every aspect of the Windows operating system with WMI and the Active Directory Services Interface (ASDI). You will be able to build your own administrative Web pages and use advanced scripting technologies such as script encryption, scripting components, and script security. The book closes with still more ready-made example scripts accompanied by complete line-by-line explanations. The CD includes all the code from the book and trial versions of PrimalScript 3.0 and VbsEdit. A companion Web site provides updates and errata.
Inside you will find answers to such questions as:
How do you write effective logon scripts? Chapter 11
How do you write scripts that query and modify user and group information? Chapter 16
How can you query the IP addresses from multiple network adapters in multiple remote computers? Chapter 19
How can you design, write, run, test, and debug your own administrative Web pages? Chapter 24
How can you reuse code between various scripts? Chapter 25
About the Author
Don Jones, MCSE, CTT+, is an independent consultant and founding partner of BrainCore.Net, the world leader in exam development and delivery technologies for the information technology industry. Don is the author of more than a dozen books and the creator and series editor of Sams Publishing's Delta Guide series, helping experienced administrators quickly get up to speed on Microsoft server technologies. Don is also a contributing editor and columnist for Microsoft® Certified Professional Magazine, the Microsoft technology columnist for CertCities.com, and a speaker at technology conferences.
[ Download ]
or
[ Download ]
or
[ Download ]
Product Description
This revised edition of the classic Core Java™, Volume I–Fundamentals, is the definitive guide to Java for serious programmers who want to put Java to work on real projects.
Fully updated for the new Java SE 6 platform, this no-nonsense tutorial and reliable reference illuminates the most important language and library features with thoroughly tested real-world examples. The example programs have been carefully crafted to be easy to understand as well as useful in practice, so you can rely on them as an outstanding starting point for your own code.
Volume I is designed to quickly bring you up to speed on what’s new in Java SE 6 and to help you make the transition as efficiently as possible, whether you’re upgrading from an earlier version of Java or migrating from another language. The authors concentrate on the fundamental concepts of the Java language, along with the basics of user-interface programming. You’ll find detailed, insightful coverage of
Paperback: 864 pages
Publisher: Prentice Hall PTR; 8 edition - September 21, 2007
Language: English
ISBN-10: 0132354764
ISBN-13: 978-0132354769
Java fundamentals
Object-oriented programming
Interfaces and inner classes
Reflection and proxies
The event listener model
GUI programming with Swing
Packaging applications
Exception handling
Logging and debugging
Generic programming
The collections framework
Concurrency
For detailed coverage of XML processing, networking, databases, internationalization, security, advanced AWT/Swing, and other advanced features, look for the forthcoming eighth edition of Core Java™, Volume II—Advanced Features (ISBN: 978-0-13-235479-0).
About the Author
Cay S. Horstmann is also coauthor of Core JavaServer Faces, Second Edition (Prentice Hall, 2007). Cay is a professor of computer science at San Jose State University, a Java Champion, and a frequent speaker at computer industry conferences.
Gary Cornell has been writing and teaching programming professionals for more than twenty years and is the cofounder of Apress. He has written numerous best-selling books for programming professionals, was a cofinalist for a Jolt Award, and won the Readers Choice award from Visual Basic Magazine.
[ Download ]
Paperback: 704 pages
Publisher: O'Reilly Media, Inc. - April 2003
Language: English
ISBN-10: 0596003617
ISBN-13: 978-0596003616
Written by experts on the Microsoft® .NET programming platform, ADO.NET in a Nutshell delivers everything .NET programmers will need to get a jump-start on ADO.NET technology or to sharpen their skills even further. In the tradition of O'Reilly's In a Nutshell Series, ADO.NET in a Nutshell is the most complete and concise source of ADO.NET information available. ADO.NET is the suite of data access technologies in the .NET Framework that developers use to build applications services accessing relational data and XML. Connecting to databases is a fundamental part of most applications, whether they are web, Windows®, distributed, client/server, XML Web Services, or something entirely different. But ADO.NET is substantially different from Microsoft's previous data access technologies--including the previous version of ADO--so even experienced developers need to understand the basics of the new disconnected model before they start programming with it. Current with the .NET Framework 1.1, ADO.NET in a Nutshell offers one place to look when you need help with anything related to this essential technology, including a reference to the ADO.NET namespaces and object model. In addition to being a valuable reference, this book provides a concise foundation for programming with ADO.NET and covers a variety of issues that programmers face when developing web applications or Web Services that rely on database access. Using C#, this book presents real world, practical examples that will help you put ADO.NET to work immediately. Topics covered in the book include:
An Introduction to ADO.NET
Connections, Commands and DataReaders
Disconnected Data
Advanced DataSets
Transactions
DataViews and Data Binding
XML and the DataSet
Included with the book is a Visual Studio .NET add-in that integrates the entire reference directly into your help files. When combining ADO.NET in a Nutshell with other books from O'Reilly's .NET In a Nutshell series, you'll have a comprehensive, detailed and independent reference collection that will help you become more productive.
About the Author
is President of ProseTech, a software documentation consultancy, and a project manager at VoiceIQ (http://www.voiceiq.com/), a provider of software for interactive voice-enabled applications and services. Matthew is a coauthor of the ASP.NET in a Nutshell (O'Reilly), and a contributor to the C# in a Nutshell (O'Reilly) API reference.
Bill Hamilton is a software architect specializing in designing, developing and implementing distributed applications using .NET and J2EE technologies. Over the last ten years, he has provided consulting services in B2B, B2C, B2E, data integration, and portal initiatives for banking, retail, accounting, manufacturing, and financial services. An early technology adopter, he frequently evaluates, recommends, and helps his clients use new technologies effectively. Bill has designed and helped build several award winning software packages. Bill is the co-author of O'Reilly's ADO.NET in a Nutshell and author of ADO.NET Cookbook.
[ Download ]
Product Description
Paperback: 552 pages
Publisher: Novell Press; 3 edition - September 24, 2005
Language: English
ISBN-10: 0672327716
ISBN-13: 978-0672327711
An Internet-connected Linux machine is in a high-risk situation. Linux Firewalls, Third Edition details security steps that any sized implementation--from home use to enterprise level--might take to protect itself from potential remote attackers. As with the first two editions, this book is especially useful for its explanations of iptables, packet filtering, and firewall optimization along with some advanced concepts including customizing the Linux kernel to enhance security.The third edition, while distribution neutral, has been updated for the current Linux Kernel and provides code examples for Red Hat, SUSE, and Debian implementations. Don't miss out on the third edition of the critically acclaimed Linux Firewalls
[ Download ]
pass: books_for_all
Product Description
Paperback: 911 pages
Publisher: O'Reilly Media, Inc.; 2 edition - March 25, 2008
Language: English
ISBN-10: 0596516681
ISBN-13: 978-0596516680
Looking to study up for the new J2EE 1.5 Sun Certified Web Component Developer (SCWCD) exam?
This book will get you way up to speed on the technology you'll know it so well, in fact, that you can pass the brand new J2EE 1.5 exam. If that's what you want to do, that is. Maybe you don't care about the exam, but need to use servlets and JSPs in your next project. You're working on a deadline. You're over the legal limit for caffeine. You can't waste your time with a book that makes sense only AFTER you're an expert (or worse, one that puts you to sleep).
Learn how to write servlets and JSPs, what makes a web container tick (and what ticks it off), how to use JSP's Expression Language (EL for short), and how to write deployment descriptors for your web applications. Master the c:out tag, and get a handle on exactly what's changed since the older J2EE 1.4 exam. You don't just pass the new J2EE 1.5 SCWCD exam, you'll understand this stuff and put it to work immediately.
Head First Servlets and JSP doesn't just give you a bunch of facts to memorize; it drives knowledge straight into your brain. You'll interact with servlets and JSPs in ways that help you learn quickly and deeply. And when you're through with the book, you can take a brand-new mock exam, created specifically to simulate the real test-taking experience.
About the Author
Bryan Basham is a Sun Certified Developer for Java 2 Platform and one of the key designers of the Sun Certified Web Component Developer exam. He is also a course developer for Sun Microsystems concentrating on Java technology and Object-Oriented design principles. Bryan has worked on a large range of Java courses, including Sun's core Java programming course, the JDBC course, a J2EE overview seminar, the Servlet/JSP course, and the OO Analysis and Design course.
Bert Bates is a 20-year software developer, a Java instructor, and a co-developer of Sun's upcoming EJB exam (Sun Certified Business Component Developer). His background features a long stint in artificial intelligence, with clients like the Weather Channel, A&E Network, Rockwell, and Timken
Product Description
Paperback: 489 pages
Publisher: Wiley - March 17, 2008
Language: English
ISBN-10: 0470223677
ISBN-13: 978-0470223673
The Photoshop CS3 Restoration and Retouching Bible is a full-color comprehensive reference to retouching and restoring photographs using Adobe Photoshop CS3. Written by an Adobe Certified Expert and Adobe Certified Instructor in Photoshop CS & CS2, Mark Fitzgerald, the Photoshop CS3 Restoration and Retouching Bible provides training, tips, and techniques for amateur to professional photographers who want to complete expert quality photo restorations and retouchings. The book begins by reviewing the fundamentals of working with digital images - covering adjusting image brightness and contrast, working with color, understanding RAW and high-bit files, working with layers, and getting organized. Fitzgerald guides readers through all of the relevant Photoshop tools and techniques including a full chapter on creating flexibility with layer masks. A robust four-chapter section on rescuing damaged photos enables readers to bring their damaged images back to life. The final section of the book focuses on adding the final touches to images - retouching, with hands-on examples of retouching portraits and architectural projects.
From the Back Cover
Restore, refresh, and fine-tune your favorite photos
Take years off your keepsake photos or enhance the current ones with Photoshop CS3's powerful tools and the expert techniques and tips you'll find in this comprehensive guide. Using step-by-step instructions and over 500 pages of full-color examples, this book shows you how to clone, blend layers, add contrast, reduce glare, and more. From portraits to landscapes to architectural masterpieces, fine-tune your favorites with this expert guide.
Harness the tools of the retouching trade: brushes, cloning, and others
Use layers and masks to build a non-destructive workflow
Rescue faded, torn, or stained photographs
Soften wrinkles, brighten eyes, tame hair, and smooth skin
Restore sepia-toned, black-and-white, and full-color photographs
Master resizing, resampling, resolution, and scanning
Companion Web Site
Visit www.wiley.com/go/restoration and download the practice files from the book. You can start with the original images and work through the author's step-by-step instructions in the book
[ Download ]
Product Description
Paperback: 4000 pages
Publisher: Microsoft Press; Pap/Cdr edition - April 6, 2008
Language: English
ISBN-10: 0735623619
ISBN-13: 978-0735623613
Get the essential reference for deploying, managing, automating, troubleshooting, and optimizing Windows Server 2008 with expert insights and best practices from Microsoft Most Valuable Professionals (MVPs) and the Windows Server team at Microsoft. This official Microsoft® RESOURCE KIT features six volumes of in-depth technical information that every Windows® administrator needs to understand to master Windows Server 2008 administration. You get detailed information about networking, network aspect projection, security features, Internet Information Services (IIS) 7.0, Active Directory®, and Windows PowerShellTM. You also get more than 200 time-saving tools, scripts for automation, job aids, eBook resources, plus a fully searchable eBook of each RESOURCE KIT volume on DVD.
Key Book Benefits:
Provides six volumes of in-depth technical information for administering, optimizing, troubleshooting, and automating Windows Server 2008
Delivers definitive product information with expert insights straight from the Windows Server team at Microsoft, Microsoft MVPs, and field consultants
Details information that every Windows administrator needs about Windows Server performance, troubleshooting, security services, group policy, Active Directory, IIS 7, and Windows PowerShell
Features a DVD with more than 200 essential tools and scripts, eBooks with additional technical information, tips, and best practices plus a fully searchable eBook of all six RESOURCE KIT volumes
From the Publisher
* Provides six volumes of in-depth technical information for administering, optimizing, troubleshooting, and automating Windows Server 2008 and IIS 7.0
* Delivers definitive product information with expert insights straight from the Windows Server team at Microsoft, Microsoft MVPs, and field consultants
* Details what every Windows Server administrator needs to know about performance, troubleshooting, security services, Group Policy, Active Directory, IIS 7, and Windows PowerShell
* Features a CD with more than 200 essential tools and scripts, eBooks with additional technical information, tips, and best practices--plus a fully searchable eBook of all six RESOURCE KIT volumes
Download In Three Part
[ Part 1 ]
[ Part 2 ]
[ Part 3 ]
Download From Torrent
[ Download ]
Book Description
Paperback: 650 pages
Publisher: Microsoft Press; Pap/Cdr edition - January 19, 2008
Language: English
ISBN-10: 073562447X
ISBN-13: 978-0735624474
This in-depth technical reference delivers must-know information on TCP/IP for any IT professional working with Windows Server 2008 and Windows Vista operating systems. This comprehensive guide starts with the fundamentals, delivering coverage of TCP/IP protocols layer by layer to help build mastery of protocols and their implementation. It focuses on Internet layer protocols such as IP, ICMP, IGMP, and includes a preview of IPv6; transport layer protocols such as TCP and UDP; and application layer protocols such as DNS, DHCP, and WINS. Written by a leading TCP/IP author, plus peer reviews from experts on the Windows® Networking Team, this is the definitive guide to TCP/IP for Windows Server 2008. Features a companion CD with a fully searchable eBook and other resources.
Key Book Benefits
Provides practical and in-depth information on important protocols in the TCP/IP protocol suite and services for Windows Server 2008
Delivers comprehensive coverage of TCP/IP protocols layer by layer for building mastery
Includes ample illustrations, tables, and example traces of TCP/IP packets
Features a companion CD with a fully searchable eBook and other resources
About the Author
Joseph G. Davies is an MCSE, MCT, and Master Certified Netware Engineer (MCNE). He works for Microsoft Corporation on the Windows Networking Team and has been a technical writer and instructor on TCP/IP and networking technology topics for 10 years. He has a bachelor s degree in Engineering Physics
[ Download ]
OR
[ Download ]
OR
[ Download ]
OR
[ Download ]
Book Description
Paperback: 700 pages
Publisher: Microsoft Press; Pap/Cdr edition - March 10, 2008
Language: English
ISBN-10: 0735624313
ISBN-13: 978-0735624313
Get the comprehensive, essential resource for improving Windows administrator productivity. This book delivers solutions to the common issues Windows administrators face every day. Unlike other administrator resources available that cover features and functionality of Windows Server® and the Windows client operating system, this unique guide provides the tools that help you do more with less and make the most of your time. Based on a popular talk that author Dan Holme gives at conferences throughout the world, this book walks you through the process of selecting your tools, configuring your work environment, and incorporating scripts and third-party utilities into your administrative toolkit. You ll even learn how to customize and automate solutions to meet the needs of your unique Windows-based environment. Covering Windows Server 2003, Windows Server 2008, Windows XP, and Windows VistaTM, this book helps you manage your environment from end to end. The companion CD includes a fully searchable eBook, tools, and other essential job resources.
Key Book Benefits
Brings together tools and practical advice providing solutions to a wide variety of administration problems
Provides comprehensive coverage focusing on manageability, security, provisioning, and role-based management
Delivers insights from a leading expert on Windows management and productivity
Features a CD with a fully searchable eBook, tools, and essential resources
About the Author
Dan Holme is director of consulting at Intelliem, which delivers solutions-focused training and consulting services supporting Microsoft SharePoint® Products and Technologies, Microsoft Office, Windows, and Active Directory® implementations.
[ Download ]
OR
[ Download ]
OR
[ Download ]
Book Description
Paperback: 820 pages
Publisher: Microsoft Press; Har/Cdr edition - April 19, 2008
Language: English
ISBN-10: 0735625107
ISBN-13: 978-0735625105
Announcing an all-new Self-Paced Training Kit designed to help maximize your performance on 70-646, a required exam for the new Microsoft Certified IT Professional (MCITP): Windows Server 2008 Administrator certification. This 2-in-1 kit includes the official Microsoft® study guide, plus practice tests on CD to help you assess your skills. It comes packed with the tools and features that exam candidates want most including in-depth, self-paced training based on final exam content; rigorous, objective-by-objective review; exam tips from expert, exam-certified authors; and customizable testing options. It also provides real-world case scenarios to help you build skills and expertise that you can apply to the job.
Work at your own pace through the lessons and lab exercises. Focusing on Windows Server 2008 administration, this official study guide covers planning server roles; maintaining server security; planning data storage, network load balancing, and server backups; managing software deployment and versioning; monitoring IPv6, server performance and capacity, and AD replication; scheduling server deployments; and designing a rollback contingency plan.
Then assess yourself using 300+ practice and review questions on the CD, featuring multiple, customizable testing options to meet your specific needs. Choose timed or untimed testing mode, generate random tests, or focus on discrete objectives. You get detailed explanations for right and wrong answers including pointers back to the book for further study. You also get an evaluation version of Windows Server 2008 and an exam discount voucher making this kit an exceptional value and a great career investment.
Key Book Benefits:
Comprehensive exam prep study guide
In-depth coverage of exam objectives and sub-objectives plus instructive case studies and troubleshooting scenarios to enhance your performance on the job
300+ practice and review questions
Test engine that enables customized testing, pre-assessment and post-assessment, and automated scoring and feedback
Handy exam-mapping grid
Evaluation version of Windows Server 2008
15 percent exam discount voucher from Microsoft (limited-time offer)
Entire study guide in searchable eBook format
About the Author
Ian McLean is coauthor of MCSA/MCSE Self-Paced Training Kit (Exam 70-291): Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, from Microsoft Press®.
Orin Thomas is a writer, teacher, and consultant whose books include the MCSA/MCSE Self-Paced Training Kit (Exam 70-290): Managing and Maintaining a Microsoft Windows Server 2003 Environment, from Microsoft Press
[ Download ]
OR
[ Download ]
OR
[ Download ]
OR
[ Download ]
Product Description
Perfect Paperback: 1200 pages
Publisher: Microsoft Press; Pap/Cdr edition - March 7, 2008
Language: English
ISBN-10: 0735625158
ISBN-13: 978-0735625150
Get the definitive, in-depth resource for designing, deploying, and maintaining Windows Server 2008 Active Directory in an enterprise environment. Written by experts on directory services and the Active Directory team at Microsoft, this technical resource is packed with concrete, real-world design and implementation guidance. You ll get in-depth guidance on installation, Active Directory components, replication, security, administration, and more. You also get answers to common questions from network architects, engineers, and administrators about Windows Server 2008 Active Directory plus scripts, utilities, job aids, and a fully searchable eBook on CD.
From the Publisher
- Offers definitive product information and expert insights straight from industry experts and the Active Directory team at Microsoft
- Provides comprehensive technical information that network architects, engineers, and administrators need to know about designing, deploying, and maintaining Active Directory for Windows Server 2008
- Includes in-depth coverage of Active Directory components, installation, replication, security, and administration in an enterprise environment
- Features a CD packed with scripts, utilities, job aids, and a fully searchable version of the entire RESOURCE KIT book
[ Download ]
or
[ Download ]
Product Description
Paperback: 750 pages
Publisher: Microsoft Press - March 10, 2008
Language: English
ISBN-10: 0735625042
ISBN-13: 978-0735625044
Get the definitive reference for planning and implementing security features in Windows Server 2008 with expert insights from Microsoft Most Valuable Professionals (MVPs) and the Windows Server Security Team at Microsoft. This official Microsoft RESOURCE KIT delivers the in-depth, technical information and tools you need to help protect your Windows® based clients, server roles, networks, and Internet services. Leading security experts explain how to plan and implement comprehensive security with special emphasis on new Windows security tools, security objects, security services, user authentication and access control, network security, application security, Windows Firewall, Active Directory® security, group policy, auditing, and patch management. The kit also provides best practices based on real-world implementations. You also get must-have tools, scripts, templates, and other key job aids, including an eBook of the entire RESOURCE KIT on CD.
Key Book Benefits
Definitive technical information and expert insights straight from the Windows Server Security Team and leading Microsoft MVPs
Provides in-depth information that every Windows administrator needs to know about helping protect Windows-based environments
Includes best practices from real-world implementations
CD includes additional job aids, including tools, scripts, and a fully searchable version of the entire RESOURCE KIT book
Q&A with Jesper M. Johansson, author of Windows Server 2008 Security Resource Kit
The credentials of the contributors to Windows Server 2008 Security Resource Kit are quite impressive. How important was it to assemble such a group for this title?
In my opinion, it was necessary. Server products are necessarily complex, and security, by its very nature, requires a very broad understanding of the product. Developing that understanding in a single person is possible, but very time consuming and still does not lead to the breadth of perspective that you find in a group of people. No single person can truly understand both what it is like to implement Active Directory in a 50,000 seat organization, and how to run a 50-seat small business network long-term, and neither of them is probably going to also be one of the world's foremost experts on implementing public key cryptography infrastructures. By putting together this world-wide team of experts (representing four countries on three continents) we were able to produce a resource that had far more depth and breadth of knowledge than would otherwise have been possible, and you get the expertise of 12 of the foremost experts on Windows Security in a single package.
What extras are available on the Resource Kit CD?
First, you get a bonus chapter on Rights Management Services, as well as an electronic copy of the entire book. I am very excited about the electronic copy because it provides a searchable way to read the book. These types of books are always used as references and being able to search it is very valuable.
You also get some tools that may come in handy for managing servers. Scripting Guru Ed Wilson wrote some custom PowerShell scripts specifically for this book to manage user accounts and other security related aspects of your deployment. In addition, I wrote a couple of tools for the book. One is my password generator, which I first made available several years ago. It enables you to manage unique administrator account passwords and service account passwords on hundreds or thousands of servers on a network. I also included my elevation tools, which allow you to launch an elevated instance of Windows Explorer, as well as elevating any command you want from the command line. Having worked with User Account Control (UAC) daily for about two years I find that one of the biggest impediments to running under UAC is the multiple prompts you get when you perform many file operations. As an administrator, that is a very common task. Elevating Windows Explorer lets you do those operations with a single elevation prompt, and still leave UAC turned on.
Comparing the two programs, what are some of the fundamental differences between Windows Server 2008 and Windows Server 2003?
To me, the biggest difference is the fact that while Windows Server 2003 was built under the security best practices of 2002, Windows Server 2008 incorporates all the secure development practices Microsoft learned in the five years since. The field of secure software development has progressed immensely between 2002 and 2007, and incorporating them will make Windows Server 2008 much more able to stand up to the threats we will see in the next five years. By the way, it is with a heavy heart that I say that, as I worked hard on security in Windows Server 2003, but it is true.
Apart from the engineering process, the first thing people will notice is the completely new management model in Windows Server 2008. Instead of installing a lot of separate components, you now deploy roles to the server. This makes a lot of sense because the roles are what you bought the server to fill. By implementing that metaphor in the management tools the risk for misconfiguration is greatly reduced.
The new kernel features are also very important and will make a big difference for many. First, the new virtualization features are fundamentally going to change how we build and run data centers. The improvements in security, reliability, and performance in the kernel features, such as thread scheduling, and in the networking features, such as the new network file system, also are going to be valuable to many.
What do you feel is the biggest security oversight made by network admins?
Put a slightly different way, the area where I see the most room for improvement is in security posture management. Administrators are far too focused on vulnerabilities and on the types of "hardening" tweaks that were useful in the 1990s, when software shipped wide open by default. Today, those things are not nearly as important as it is to manage the security posture of your servers. Far too many administrators still believe in the perimeter and fail to recognize that just about every organizational network today is semi-hostile, at best. The biggest security oversight is not to analyze and manage the threats posed to servers by other actors on the network. The Security Resource Kit goes into depth in discussing what I refer to as Network Threat Modeling, as the analysis phase of Server and Domain Isolation – probably the most powerful security tool in the arsenal today. Yet, the proportion of networks that use these tools is infinitesimal.
What are your thoughts on the constant hype surrounding potential security flaws in Vista?
As I have written elsewhere (http://msinfluentials.com/blogs/jesper/archive/2008/01/24/do-vista-users-need-fewer-patches-than-xp-users.aspx) I fail to see any data backing up the argument. Certainly, there have been flaws in Vista – and anyone who expected it to be flawless was unrealistic – but the improvements are tremendous over Windows XP. Windows Vista has about half as many critical problems as Windows XP in the same time-frame. I'm not sure that it would have been reasonable to expect it to perform much better than that given how large and complex modern software is and how fast the security landscape is moving.
Therefore, I have to think that the reasons for the hype are something other than data. The popular press seems to operate on the assumption that complaining about Microsoft generates advertising revenue, and they are probably correct. The fact of the matter today is that a significant portion of the software industry, specifically the security portion, has built its business almost exclusively on selling software that purports to protect Microsoft's customers from Microsoft's screw-ups. It is simply terrifying to it, and a grave threat to its business model, that Microsoft should actually manage to produce software, and particularly operating systems, that are so secure they do not need most of the products that portion of the industry sells.
The popular press, being a largely advertising funded business, has happily latched on to this perception and boosted the unsubstantiated claims of Windows Vista's vulnerability to the benefit of their major advertisers. It is truly a sick eco-system that harms the customer in both the short and long term. The threats today, as I mentioned above, are trending toward the types of things that the security software industry cannot protect against. The new threats are against people, and the focus needs to shift to helping people make better security decisions and take responsibility for their own actions. Unfortunately, the current unsubstantiated hype about Windows Vista is not about protecting customers, it is about selling unnecessary security software and inculcating users and IT managers alike in the belief that they must buy third party software to run Windows safely; a belief that, with a few notable exceptions, such as anti-virus software, is falsified by the data. In fact, the hype has even lead to a huge growth industry in malicious, fake, security software. I have seen a lot of people lured by the hype into buying security software that is not security software at all, but simply malware in disguise. The average consumer, inundated with hype, is unable to make out what to really believe. This sick ecosystem is harmful and the press and the pundits are not helping, but only increasing the hype.
In your opinion, which network faces the biggest security risk today: the small office with multiple power users or large corporation with a large LUA base?
The unmanaged networks. I have seen very well managed and very secure networks in both small and large organizations, and I have seen poorly managed and very insecure networks in both as well. It is not really a matter of size but of how much time and effort is put into the security aspects of it. One of the largest weaknesses seems to be training. Security today is about end-points. The attacks are against people far more prevalent than those against technology and vulnerabilities. We need to, as an industry, understand how to push the security out to the assets that we are trying to protect. In the past we have centralized security because it was a way to centralize management of security. The challenge now is to de-centralize security, while still permitting centralized management. This is a non-trivial task, but it must be done. As a starting point, I dare every IT manager to start analyzing the risks to his or her network, and specifically, what it is they want the network to be used for. Once you understand what it is you want the network to provide you have a chance to work on making it provide that and nothing else. To me, that is the most important thing we can do. A properly staffed IT group, with adequate training and resources to train its users, an organizational mandate to protect the organization's assets, and a keen understanding of the business they serve will build a network that is adequately secured regardless of the size of the network. Windows Server 2008 certainly provides some very powerful technologies to help you manage security in your network, but while that is a necessary component, it is insufficient by itself. At a very base level, it is about the people and the processes you have, more than about the technology. Technology will help, but it is just a tool that your people will implement using a process that helps or hurts.
Product Description
Get the definitive reference for planning and implementing security features in Windows Server 2008 with expert insights from Microsoft Most Valuable Professionals (MVPs) and the Windows Server Security Team at Microsoft. This official Microsoft RESOURCE KIT delivers the in-depth, technical information and tools you need to help protect your Windows® based clients, server roles, networks, and Internet services. Leading security experts explain how to plan and implement comprehensive security with special emphasis on new Windows security tools, security objects, security services, user authentication and access control, network security, application security, Windows Firewall, Active Directory® security, group policy, auditing, and patch management. The kit also provides best practices based on real-world implementations. You also get must-have tools, scripts, templates, and other key job aids, including an eBook of the entire RESOURCE KIT on CD.
Key Book Benefits
Definitive technical information and expert insights straight from the Windows Server Security Team and leading Microsoft MVPs
Provides in-depth information that every Windows administrator needs to know about helping protect Windows-based environments
Includes best practices from real-world implementations
CD includes additional job aids, including tools, scripts, and a fully searchable version of the entire RESOURCE KIT book
[ Download ]
or
[ Download ]
or
[ Download ]
or
[ Download ]
|
