Get the definitive reference for planning and implementing security features in Windows Server 2008 with expert insights from Microsoft Most Valuable Professionals (MVPs) and Windows Server Security Team at Microsoft. This official Microsoft RESOURCE KIT provides information, technical depth and the tools you need to help protect your Windows-based clients, server roles, networking, and Internet services. security experts explain how to plan and implement comprehensive security with special emphasis on the security of Windows new tools, security objects, security services, user authentication and access control, network security, application security, Windows Firewall, Active Directory security, group policy, auditing, and patch management. You also get must-have tools, scripts, templates, and other key job aids, including e-book from the entire RESOURCE KIT on CD. Key Book Benefits Definitive technical information and expert insights straight from the Windows Server Security Team and leading Microsoft MVPs Providing in-depth information that every Windows administrator needs to know about helping protect Windows-based environment Includes best practices from real world implementations The CD contains additional job aids, including tools, scripts, and fully searchable version of the entire RESOURCE KIT book Q & A with Jesper M. Johansson, author of Windows Server 2008 Security Resource Kit The belief of the contributors to Windows Server 2008 Security Resource Kit are quite impressive. Server products are always complex, and security, its nature, requires a very broad understanding of the product. By putting together this team in the entire world of experts (representing four countries on three continents) we were able to generate resources that much more depth and breadth of knowledge than that will probably happen, and you get the expertise of 12 of the mainly experts on Windows Security in one package . What's available in the Resource Kit CD? First, you get a bonus chapter on Rights Management Services, as well as electronic copies of entire books. You also get some tools that may be useful for managing the server. Comparing the two programs, what are some fundamental differences between Windows Server 2008 and Windows Server 2003? For me, the biggest difference is the fact that while Windows Server 2003 was built under the security best practices in 2002, Windows Server 2008 incorporates all development practices Microsoft learned in the safe five years since. The field of secure software development has evolved so between 2002 and 2007, and combining them will make Windows Server 2008 much more able to stand up to threats we will see in the next five years. By the way, so with a heavy heart that I say that, like I worked hard on security in Windows Server 2003, but it's true. Apart from the engineering process, the first thing people will see is a new model of management is really in Windows Server 2008. Improvements in security, reliability, and performance in the kernel features, such as thread scheduling, and the network features, such as a new network file system, will also be valuable for many people. What you feel is the biggest security oversight made by network admins? Put in slightly different ways, the area where I see room for improvement is the attitude of most security management. Today, things are not as important as it is to manage your server's security posture. The biggest security oversight is not to analyze and manage the threats posed to servers by other actors in the network. Security Resource Kit go into depth in discussing what I refer to as Network Threat Modeling, as the analysis phase Server and Domain Isolation? What are your thoughts on the constant hype surrounding potential security flaws in Vista? As I have written elsewhere (http://msinfluentials.com/blogs/jesper/archive/2008/01/24/do-vista-users-need-fewer-patches-than-xp-users.aspx) I do not see the backup data argument. Therefore, I should think that the reason for the hype are something other than the data. The fact today is that most of the software industry, especially the security, has built a business almost exclusively on selling software that is intended to protect Microsoft's customers from Microsoft's screw-ups. That's just scary for it, and is a major threat to the business model, that Microsoft really need to manage to produce software, and particularly operating systems, which are very safe branda is not necessary most of the products that some industry sells. Th e press and popular, a largely advertising funded business, has happily latched on to this perception and encourage the true vulnerability of Windows Vista to the interests of their major advertisers. Today the threat, as I mentioned above, is a trend towards the type things that the security software industry can not protect against. Unfortunately, reasoned hype about Windows Vista today is not about protecting customers, it is about selling security software that does not need and instill the same users and IT managers in the belief that they must buy third party software to run Windows safely; belief that , with some exceptions, such as anti-virus software, is to falsify data. I've seen a lot of people lured by the hype buy security software that is not security software at all, but simply malware in disguise. In your opinion, which network faces the biggest security risk today: a small office with multiple power users or large companies with a large LUA base? The unmanaged networks. I have seen a network that is very well managed and very secure in both small and large organizations, and I have seen poorly managed and highly secure networks in both as well. In the past we have centralized security because it is a way to centralize management of security. A group of true IT staff, with sufficient training and resources to train its users, the organization's mandate to protect the assets of the organization, and a keen understanding of business they serve will build a network that is guaranteed regardless of network size. Windows Server 2008 certainly provides some very sophisticated technology to help you manage security in your network, but while it is an important component, it is not enough by itself.