Bryan Bechard reviews ‘Security Strategies in windows platforms and applications’ excusively for IT Governance Ltd….
Love it or hate it without Windows the security industry would not be the same today if the OS wars had not begun back in 1985. Chances are you have a few desktops or servers running Mr Softy’s pride and joy. Wouldn’t you like to know how to secure them? I have not been a Windows admin or had to lock down a system in almost 10 years… using Windows 2000…. so Security Strategies in windows platforms and applications was a good checkup for me to see how it has changed in that time.
If you are new to infosec the first section of this book describing basic concepts as the CIA triad or Windows vulnerabilities will be helpful to getting you started thinking information security. Those that are well versed in security concepts can skip to the good stuff starting in Chapter 2. The chapter gives a good overview of how windows manages authentication and authorization. If you are not sure of the difference between the two you will by the end of the chapter. The author also goes into describing defense in depth for windows and how to identify vulnerabilities within systems.
Windows offers a multitude of ways that connections, drives and files can be encrypted. Bitlocker, EFS and SSL are commonly used windows provided tools to secure those vectors. The pros and cons of each of these encryption schemes are reviewed and screen shot instructions of how to implement them are provided. It will be interesting when Windows 8 comes out if encryption will be optional as Apple ipads come encrypted by default.
Malware is the thing that keeps most infosec pros up at night since it is constantly evolving. The attack vectors seem to grow like weeds overnight, finding endless ways to get into networks where they propagate and cause countless amounts of damage. A whole book could have been written about keeping malware out but the author gives some starting steps for protecting desktops. At the enterprise level antivirus is not enough. You need a coordinated, comprehensive plan and system for addressing this kind of threat.
No IT system is “set it and forget it”. You may be 100% locked down today but tomorrow that could change. Auditing is always required on a periodic basis. Backup and recovery programs are essential for any IT environment as you never know when they will be needed but will be happy you have them. Again these topics could take entire books to do full justice. The built in windows tools are a good start for many smaller windows environments. The author details getting you started with them and how they can be used.
Finally the book goes into hardening windows system and applications. For those who are solid infosec pros this will be concepts we deal with every day with windows specific emphasis: install the minimum, disable unneeded services, filter network traffic, SDLC, and others. Most infosec pros will have an idea of how to do these things but the author does a good job of putting this into the context of windows and what should be done in that particular environment.
Overall the book is a good resource for those who are not infosec pros or looking at a Windows network for the first time or if you have not worked on a Windows network in a while. If you are able to execute everything in the book you can be confident that your Windows systems and networks have a good security foundation to work from.