MCSA/MCSE Self-Paced Training Kit: Implementing and Managing Security in a Microsoft Windows 2000 Network Infrastructure, Exam 70-214
||Author: Microsoft Corporation/Strebe, Microsoft Corporation|
List Price: $59.99
Our Price: Click to see the latest and low price
Publisher: Microsoft Press (12 February, 2003)
Sales Rank: 50,349
Average Customer Rating: 4 out of 5
Customer ReviewsRating: 4 out of 5
A good start to learning a vast topic.
After reading the Microsoft Press book for the 70-214 exam, I can recommend it as a good start to learning about securing a Windows 2000 network, which covers a lot of territory. Since I am already a MCSE I do not plan on taking the exam but read the book because I am always interested in security books. The book has a lot of content and is loaded with step by step instructions and exercises, so much so that I thought it was mostly a "cook book" and light on the theory and practical experience end. The end of chapter questions were very brief and few in number. However the content covered was thorough and by and large accurate (the statements that ipsec requires certificates and that NT4.0 workstations apply the user configuration part of group policy are wrong). It was nice to see a specific example of how to use secedit and create a few basic script files. Kerberos authentication was nicely explained along with the benefits, and why and how you should upgrade older clients to Active Directory Client to get them up to NTLM 2. There was quite a bit of coverage on pki and setting up cerificate services and great examples of using Web Enrollment to obtain certificates. The usual stuff on managing groups/users, share and ntfs permissions, and user permissions were covered. Vpn explanations were fairly thorough, with especially good explanation of differences between pptp and l2tp. It was nice to find a chapter on wireless security that included a step by step example to setting up a WAP. The section on IIS security does not require you to be a guru at IIS, but gets to the point on how to implement various authentication methods to a website from anonymous to ssl and why and when to use each. Intrusion detection is a basic part of network security and using group policy to enable various types of auditing and using Eventcomb is well covered. There is even a lesson on how to set up and use a honey pot. The often misunderstood IPSEC is explained well enough that you can learn how to implement, create a custom policy, and do some basic troubleshooting. Service packs and hot fixes are an important part to maintaining a secure operating system, and chapter 14 covers how to use various tools like MBSA and Qchain to determine the need for and to effeciently implement these updates. Slipstreaming service packs and using RIS is also well explained.
There was a lot for me to like about Implementing and Administering Security, but I felt it was short in a few areas also. It could have used an intro chapter explaining the importance of security and ramifications of lack of to get the reader in the right mindset, but the first page jumps right into group policy. There could have also been an ending "put it all together" summary chapter with general tips/tricks like the top ten security blunders or how to harden a Windows 2000 server like Microsoft has on their website. I saw very little on disabling uneeded services (though the MBSA tool checks for that). There was little detail about EFS which trips up a lot of users using it by losing their data or believing it is secure when it is not. Dcdiag and netdiag were briefly covered, but these are two very useful tools deserve more - they help troubleshoot when policies are not applied correctly. MBSA was not covered in much detail either. A couple pages on the mysterious anonymous/null session account, what it is used for, how it is a security risk, and what to do about it would have been a great inclusion. Finally I thought that even though the explanation of implementing security policy and templates was good, there was very little explanation of what any of the settings in user rights or security options actually do. Incorrect configurations of some of them can lead to problems in environments with downlevel clients and NT4.0 servers.
In Summary I though the book was a good read and worth keeping, but I would be hesitant to advise anyone to use this book alone to prepare for the 70-214 exam. It would be a good book to have even if not planning to take the exam, because it explains a lot of topics required to know in more detail than you will find in "core four" books. I highly recommend the Microsoft Press Design Security 70-220 book as a possible read to reinforce/supplement topics found here. I also STRONGLY suggest spending time at Microsoft TechNet security website. It has a tremendous amount of detailed information about topics covered in the book and much more including white papers. Finally if you are serious about learning about securing Microsoft networks beyond requirements for this exam I also recommend reading Hacking Windows 2000 Exposed and Inside Network Perimeter Security as a good foundation.
Rating: 4 out of 5
Does the job but needs afew updates.
Having recently passed the 70-214 exam, which is new from Microsoft, I had used another book for the exam study as this one arrived 2 days before my exam. With the material contained in this book had it arrived earlier I could have used it to study for the exam.
Like most MS Press books each topic is broken down into lessons with practice labs to help you learn as you go. The cd included has a 120-day evaluation of Windows 2000 Server and the exercises coincide with the cdrom, which also has exercises on it as well.
Looking at the questions on my exam, this book came up a little short with coverage of utils like MBSA, as I several questions on the use of MBSA and there are only a few pages and labs covering the topic.
Although the book does a good job on other utils like QChain, HFNetChk and URLScan. As with any book there will areas with more coverage and areas with less coverage, which is why it is important to have multiple sources.
There is a great deal of material covered in this book and it does make a nice study tool for the exam. The cd also has a practice test generator which is a nice add-on. Overall I think a few updates are needed and this book makes a great companion with other study material.
· MCSE Self-Paced Training Kit: Microsoft Windows 2000 Core Requirements, Second Edition, Exams 70-210, 70-215, 70-216, 70-217
· MCSE Training Kit: Designing Microsoft Windows 2000 Network Security
· Security+ Certification Training Kit
· MCSA/MCSE Self-Paced Training Kit (Exams 70-292 and 70-296): Upgrading Your Certification to Microsoft Windows Server 2003
· MCSE Training Kit: Microsoft(r) Internet Security and Acceleration Server 2000