Developers of Web-based applications get expert guidance for taking advantage of the sophisticated security features in Windows 2000 -- all in one comprehensive volume. This definitive guide provides a solid foundation in security theory and concepts, explains the key software design considerations for various categories and levels of security, and discusses ways to apply the appropriate security to mitigate risk. It also covers a range of security technologies, including NTLM authentication, Kerberos authentication, SSL/TLS, CryptoAPI, ACLs, Active Directory services, certificates, and COM+ security. |
Average Customer Review:
 ( 15 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
18 of 18 found the following review helpful:
 This is NOT a rehash of Microsoft whitepapers or help files.Sep 08, 2000
By Jason Fossen
This is the best IIS security book I've found yet, and I do Microsoft network security consulting for a living. Most IIS books simply rehash the IIS help files or Resource Kit-- this doesn't. Moreover, IIS 5.0 on Windows 2000 is substantially different than IIS 4.0 on NT, but nobody else I've read tackles the new heavy features like Kerberos authentication, digital certificate mapping to Active Directory, IPsec packet filtering for HTTP, distributed applications with COM+/DCOM, WMI, ADSI, etc.. The CD-ROM is also very useful; for example, it includes a Perl script which will search IIS logs for common attack signatures for intrusion detection. This book is written for security administrators and web-application developers. It has saved me MANY hours of trying to track down IIS 5.0 security internals that might not be documented anywhere else.
10 of 10 found the following review helpful:
Excellent broad coverage, an easy read.Nov 25, 2000
The book covers a great deal of ground very quickly. Importantly, the material is easy to read and useful. While the focus is on Windows 2000-based technology, much of the book (most notably, threat modelling, and practical authentication, authorization, privacy and non-repudiation) can be applied to other non-MS technologies. The really cool thing I like the most about the book is it is practical, rather then theoretical. The book gave me ammunition to convince management that they need to spend time/money/resources to insure a secure system, and then the book showed me how to choose appropriate technologies to solve security problems.
8 of 8 found the following review helpful:
Worth every PennyNov 06, 2000
By Aaron
A great source of wisdom if you build or deploy web-sites. Well written, greath depth and most of all - easy to read. There is lots of new information previously unpublished. It explains how to design, build, and deploy secure systems without resorting to scare-tactics.
7 of 7 found the following review helpful:
Superb!Oct 24, 2000
Simply put - I learned more about security from this book than any other book I have previously read. The authors describe web security very well and in an easy to understand manner. Best of all _EVERYTHING_ is by example. None of the book is pure theory and every comment is backed up with supporting facts. Also, unlike many books in vogue today, this is not a scare-mongering book. It treats security in a logical, matter-of-fact manner. You'll love it!
7 of 7 found the following review helpful:
EXCELLENT-Highly RecommendedOct 11, 2000
By MarkR
I've read many books about computer and network security, and this blows away all of them. It's easy to read, extremeley pragmatic and, as far as I know, it is the ONLY BOOK that discusses how to design, build and troubleshoot end-to-end security. The degree to which Michael discusses 'real-life' security issues is incredible, there is so much information in this book, and I thought I knew how to build secure solutions. You gotta buy this book, it'll save you time and consulting fees.
See all 15 customer reviews on Amazon.com
|
based on 15 reviews
