Overview
In June 2006, I was sitting in a session on Windows Vista security at Microsoft's TechEd, and heard some things that made my head explode. (But in a good way. Kind of. I'll explain more in a minute.) What I learned impelled me to write this book, because on the one hand I believe that these new technologies will ultimately make your job as an administrator easier, and that's good, but on the other hand, some of them are so new that it may cause some techies to shy away from rolling out Vista, and that'd be a shame, as Vista seems to me to be a significantly more secure operating system than its forebears. It's my hope that by making Vista's new security concepts easy to understand, you'll choose to use it earlier, and end up with a more secure network sooner. In laying this book out, my goal was to create a book that was short, readable, hands-on where possible, and focused on the stuff that doesn't get much coveragebut should. More specifically:
First, while this book covers security-related issues, it's aimed not just at security experts, but instead at the broader audience of admins and the IT professional population in general. Security experts already know what SeChangeNotifyPrivilege is and why anyone cares, but I think most admins will have perhaps seen something like it without having the time to find out more about it. Similarly, I think that many admins have heard of DACEs versus SACEs, but don't understand them well enough to understand the true import of tools like the new Windows integrity mechanism. In cases like that, you'll get some quick background and review on the pre-Vista security situation in Windows. The security experts in the crowd can, of course, just skip past those sections, as they're brief.
Second, the book explains in some detail the eight things that bring significant structural changes to Windows that will make life much more difficult for the dirtbags who are trying to attack our privacy or our wallets, but that aren't nearly as well-known as the new Explorer, or the new Windows image file format.
Third, this book covers those topics in a readable, practical sense; we'll start out with the big concepts and, where possible, end up with practical examplesthings you can try out right on your system. I find high-level presentations about integral, this-could-break-something security technologies frustrating because if I can't see it, I have trouble understanding it. This book offers step-by-step demonstrations of the new security technologies where possible and, in case they do break something, I'll show you how to turn them off or partially disable them. I don't recommend doing that, but if you have to, you have to, and I want you to be able to do that as quickly as possible!
Finally, we wanted to keep the book small so that we could get it out the door and into your hands around the time that Microsoft releases Vista or, if we're lucky, a bit earlier. To that end, this isn't about every single Vista security technologythat'd be a big book!it's just a closely focused explanation of the big "paradigm shifters," the cranialinfarction-causing new technologies.
But I couldn't get it all done by myself because, as I just mentioned, I wanted to get this book out fairly early and keep it relatively short so that overworked admins (yeah, I know, "overworked admins" is a horribly redundant phrase) could get through it quickly while trying to figure out their Vista deployment plans. The short time frame meant that I wouldn't have time to write the whole thing, so I enlisted the aid of some folks who are extremely smart about both security and Vista.
In the rest of this introduction, I'll explain more about why I think these new security features are so important, what we'll cover in the book, and introduce the other authors.
|
|
|
Administering Windows Vista SecurityThe Big Surprises
Wiley Publishing, Inc.
Acquisitions and Development Editor: Tom Cirtin
Technical Editors: John Paul Mueller and Russ Mullen
Production Editor: Rachel Gunn
Copy Editor: Cheryl Hauser
Production Manager: Tim Tate
Vice President and Executive Group Publisher: Richard Swadley
Vice President and Executive Publisher: Joseph B. Wikert
Vice President and Publisher: Neil Edde
Book Designer: Maureen Forys and Judy Fung
Compositor: Craig Woods, Happenstance Type-O-Rama
Proofreader: Nancy Riddiough
Indexer: Nancy Guenther
Anniversary Logo Design: Richard Pacifico
Cover Designer: Ryan Sneed
2007 Wiley Publishing, Inc.
Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-0-470-10832-1
0-470-10832-0
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising here-from. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read.