Auditing Security and Controls of Windows® Server 2000 and Windows® Server 2003
Published in 2005
Book
Paperback/Softback
137 pages
978-0-89413-564-4 (ISBN)
Description
Servers are the golden key for an attacker, since they hold the applications, services, and data that the attacker seeks.
For a thorough audit, all of the key server types need to be audited, which will ensure that the foundation of the network infrastructure has been audited. Many aspects that need to be audited, such as authentication protocols, anonymous access, and backup routines, are typically left out. This handbook will:
Delve into these areas, exposing all of the nooks and crannies on servers that should be audited.
Solve issues regarding security control points, scope of servers and target goals.
Teach you terminology that can help you perform better interviews to gather information.
Pinpoint where each control resides for a server.
Discuss how to structure the audit with regard to servers.
Illustrate some different tactics for the sampling procedure.
Lay out a detailed audit plan that will allow you to take the knowledge you learned and put it into action
For a thorough audit, all of the key server types need to be audited, which will ensure that the foundation of the network infrastructure has been audited. Many aspects that need to be audited, such as authentication protocols, anonymous access, and backup routines, are typically left out. This handbook will:
Delve into these areas, exposing all of the nooks and crannies on servers that should be audited.
Solve issues regarding security control points, scope of servers and target goals.
Teach you terminology that can help you perform better interviews to gather information.
Pinpoint where each control resides for a server.
Discuss how to structure the audit with regard to servers.
Illustrate some different tactics for the sampling procedure.
Lay out a detailed audit plan that will allow you to take the knowledge you learned and put it into action
More details
Language
English
ISBN-13
978-0-89413-564-4 (9780894135644)
Person
Derek Melber, MCSE, CISM, is one of the leading technical instructors, authors, and consultants in the nation, with an innate understanding of how to decipher, organize, and communicate complex issues. With a master's degree from the University of Kansas, Microsoft® Certified Systems Engineer Certification, CISM, A+ Certification, Microsoft® MVP, and 10 years of solution development, training, public speaking, sales, and management experience, he has used his experience and knowledge to write numerous books on Windows Active Directory, Security, Auditing, and certifications. He provides custom training on Windows Security, auditing, Active Directory, Group Policy, and administration. You can also visit his online training for Auditing Windows Security at www.auditlearning.org. He is a contributing editor to ESJ newsletter, RIAG Journal, IT Audit newsletter, and various other publications. He is a frequent speaker at various conferences, including those for The Institute of Internal Auditors, TechMentor, and MISTI.
Mr. Melber has taken his years of experience to develop the only Web site dedicated to Windows Auditing and Security, www.auditingwindows.com. The Web site links to his book series on Auditing Windows Security, his publications, and online training. The Web site keeps up on the pulse of Windows security, providing documents, applications, and other resources to the auditing community. He has developed and trained individuals from the most prestigious organizations and corporations around the world, including AT&T, Boeing, Intel, Citibank, Walt Disney, United Airlines, Hewlett- Packard, Compaq, Sony, the Department of Education, all branches of the U.S. military, and even Microsoft® itself.
Mr. Melber has taken his years of experience to develop the only Web site dedicated to Windows Auditing and Security, www.auditingwindows.com. The Web site links to his book series on Auditing Windows Security, his publications, and online training. The Web site keeps up on the pulse of Windows security, providing documents, applications, and other resources to the auditing community. He has developed and trained individuals from the most prestigious organizations and corporations around the world, including AT&T, Boeing, Intel, Citibank, Walt Disney, United Airlines, Hewlett- Packard, Compaq, Sony, the Department of Education, all branches of the U.S. military, and even Microsoft® itself.