Credit where it's due, John Howard's post about the Windows Server 2003 Resource Kit inspired me to make this one.
The brand new "Microsoft Windows Security Resource Kit Second Edition" has just been released. It's a really good book. I was sad enough to carry it with me(and read much of it!) on a long commute earlier in the week - the book's rather hefty.
The new book (second edition) was written by Ben Smith and Brian Komar with the Microsoft Security Team just like the first one. This edition includes details of Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1.
The book's ISBN is 0-7356-2174-8, it's on Microsoft Press though I haven't been able to find it our the website yet.
I particularly liked the sections covering IPSEC, 802.1x and the Security Configuration Wizard.
Here's a little of the blurb from the cover:
"Definitive resources and tools - now updated for the Windows Server 2003 and Windows XP service packs.
Now fully updated and revised, this official Microsoft Resource Kit delivers the in-depth information and tools you need to help protect your Windows-based clients, servers, networks and Internet services. Security experts Ben Smith and Brian Komar, working in conjunction with the Microsoft Security Team, explain how core Windows security internals work and how to assess security threats and vulnerabilities, configure security features, monitor and respond to security events, and effectively apply security technologies and best practises. You'll find new information on Microsoft Windows Server 2003 Service Pack 1, Windows XP Service Pack 2, and Microsoft Office 2003 Editions. And you'll get essential tools, scripts and templates, and other key resources on the CD.
Get in-depth guidance on how to:
>build security considerations into the design of Active Directory objects, domains, and forests; manage user accounts and passwords; apply Group Policy
>NEW - Utilize the Security Configuration Wizard and Windows Update Services
> Configure TCP/IP and the Windows Firewall, and address the unique security risks of mobile computing and wireless networking
> Define security settings for domain controllers, IIS 5.0 and 6.0, Windows Terminal Services, and DNS, DHCP, WINS, RAS, and certificate servers
> NEW - Design an 802.1x authentication infrastructure
> NEW - Implement the security advances in Microsoft Office 2003 Editions, IIS 6.0, and the latest service packs
> Perform security assessments and respond to security incidents
> Manage Security and privacy settings for Microsoft Office and Internet Explorer"