Windows IT Library UPDATE--May 28, 2003

Windows & .NET Magazine http://www.winnetmag.com/seminars/mobility

====================

May 28, 2003--In this issue:

1. Book Review
- Storage Security: Protecting SANs, NAS, and DAS

2. Announcement
- Cast Your Vote in Our Annual Readers' Choice Awards!

3. New from Windows IT Library
- Windows NT Troubleshooting
- Windows 2000 Authentication

4. New Books in Print
- Programming C#, 3rd Edition
- The Administrator's Guide to SharePoint Portal Server 2001

5. New eBooks
- Windows 2003: Active Directory Administration Essentials
- The Insider's Guide to IT Certification

6. Windows IT Library Top Five
- Microsoft Windows NT Server Administrator's Bible: Option Pack Edition
- A+ Certification: How to Pass Your Exams
- Microsoft Windows NT Secrets: Option Pack Edition
- The Microsoft Outlook E-mail and Fax Guide
- Undocumented Windows NT

7. Contact Us
See this section for a list of ways to contact us.

==== Sponsor: Windows & .NET Magazine ====

Microsoft Mobility Tour
Couldn't make the Microsoft Mobility Tour event? If you were too busy to catch our Microsoft Mobility Tour event in person, now you can view the Webcast archives for free! You'll learn more about the available solutions for PC and mobile devices and discover where the mobility marketplace is headed.
http://www.winnetmag.com/seminars/mobility

==== 1. Book Review ====

Storage Security: Protecting SANs, NAS, and DAS
Authors: John Chirillo and Scott Blaul
Publisher: Wiley Publishing
Published: December 2002
ISBN: 0-7645-1688-4
Paperback, 408 Pages
Price: $45.00

"Storage Security: Protecting SANs, NAS, and DAS" is intended for anyone who has concerns about, or who is responsible for, maintaining a secure storage environment. The book, written by John Chirillo, a security and analysis consultant, and Scott Blaul, a specialist in a range of computer support services, contains plenty of nitty-gritty information aimed at IT professionals involved in the day-to-day administrative and technical aspects of storage systems. But a lot of the content is suitable for people in middle and upper management positions, such as CIOs or CEOs of smaller businesses.

In Chapter 1, "Storage Evolution," the authors provide a brief history of storage technologies so that you'll have a foundation for the book's discussion of storage and storage network security concerns. Chapter 1 also includes three real-life examples that demonstrate the potential vulnerability of storage systems. You should use these examples, "Unsecure SANs Invitation for Hackers," "Myth of Storage Security Savaged," and "How Secure Is IP-Based Storage?" as a catalyst to start security planning within your company--and to ensure implementation of the plan. But before you start rushing about and scaring everyone, remember to keep things in perspective by considering one of the book's security thoughts: "It is not possible to achieve 100 percent security and still provide access to the data! For this reason, you should use a formal process to classify data, perform a risk analysis, and evaluate risk versus cost of security."

The authors devote chapters 2, 3, and 4 to the discussion of Direct Attached Storage (DAS), Network Attached Storage (NAS), and Storage Area Network (SAN) technologies, respectively. Each chapter begins with an explanation of the specific type of storage, then covers the necessities of providing a secure foundation when using that storage technology. Individual topics include features, properties, options, weaknesses and strengths, limitations, scalability, and flexibility.

The authors are acutely aware of the many variables involved in storage security. As a result, the authors have developed a series of matrices that you can use to grade each storage technologies' security requirements. By reading these three chapters, and by using the supplied matrices, you will be better able to determine which storage technology meets your company's storage and security needs.

The book contains another three chapters that I regard as mandatory reading for anyone in charge of a company's data. The first of these chapters tackles the subject of data availability. Any number of factors--ranging from a power failure (internal or external) to a hub failure--can lead to inaccessible data. Sample key principles of data availability discussed in this chapter include fault mitigation, duplication, disaster mitigation, and capacity planning (you can't provide access to data unless you first have enough storage space for the data).

The second "must-read" chapter is "Data Protection, Backup, and Recovery." Implementing an adequate backup strategy continues to be a challenge for many companies. This chapter helps you answer questions such as the following:

-Which data do I need to back up?
-How often should I back up data?
-Do I need to perform a verification of the backed-up data?
-How many versions of the backed-up data should I keep?

This chapter will also help you set up a backup strategy that is secure, reliable, and practical.

The final "must-read" chapter discusses testing and monitoring a storage solution, a less glamorous aspect of storage technology and one that's not often given the attention it deserves. The authors refer to testing and monitoring as implementing "a proactive auditing strategy," or providing a workable strategy for monitoring a storage system's security. This chapter provides step-by-step instructions for building a testing system that matches your requirements and protects against the most common threats to storage networks.

Throughout the book, you'll find highlighted blocks of text called "security thoughts." The book's authors have included these thoughts to make you stop and think as you develop a security plan for your storage systems. Some of these security thoughts offer additional benefits, such as warning you about possible side effects that might arise from actions you're considering. They also inform you of precautions to take to keep your storage systems from being adversely affected.

Interestingly, the first of these security thoughts warns against over-securing your data: "Data that is so secure that it can't be accessed can produce the same result as having no data at all. Consequently, although the primary focus of this book is storage, storage networks, and more specifically, security as it relates to storage networks, we will not lose sight of the need to access data."

The book concludes with two appendices. The first appendix summarizes the type of information that you'll find at the book's Web site (www.wiley.com/legacy/compbooks/chirillo/storage/index.html). At the site, you'll find a link for downloading the previously mentioned evaluation matrices. The site also has links to documents about advanced custom auditing and to handy security tools, devices, and services. When you click on the image of the book's cover, you'll be taken to the publisher's Web site, where you can read an overview of the book, click links to access the book's Table of Contents, and read about the book's authors.

The second appendix is a comprehensive collection of useful storage-related resources, including relevant Web site addresses and email addresses. To make it easier and faster to find the resources you need, the appendix is subdivided into the following categories: access control and management; encryption; firewalls; intrusion detection systems, software, and services; storage magazines and storage news resources; search engines that specialize in finding storage information; storage network software; virus control; and technical white papers and reports about storage networks and security.

In the final paragraph of "Storage Security: Protecting SANs, NAS, and DAS," the authors caution readers to remember that the "landscape of security is ever-changing--you must adapt with it. New and more dangerous hacks, vulnerabilities, viruses, Trojans, DoS attacks, and other exploits continue to pop up just when you think you've got everything under control." To keep or to regain control, I recommend that you seriously consider this book's suggestions and advice. But don't wait until your system has been violated--instead, be proactive and secure your storage now.

Tony Stevenson
mkdsoftware@trump.net.au
Windows IT Library Guest Reviewer

For more book reviews, visit the Windows IT Library Web site.
http://www.WindowsITlibrary.com/bookreviews

==== 2. Announcement ====

Cast Your Vote in Our Annual Readers' Choice Awards!
Which companies and products are the best on the market? Tell us by nominating your favorites in the annual Windows & .NET Magazine Readers' Choice Awards survey. Click here!
http://www.winnetmag.com/readerschoice

==== 3. New from Windows IT Library ====

Windows NT Troubleshooting
Learn all the tweaks, tips, and administration shortcuts necessary to keep a Windows NT environment trouble-free. This reference contains detailed solutions and preventive techniques for the most common NT hotspots.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=638

Windows 2000 Authentication
This chapter looks at the most important OS security service--authentication--and how Windows 2000 implements it. Learn about the Win2K authentication architecture and the nuts and bolts of the Kerberos authentication protocol, such as how it compares with Windows NT LAN Manager (NTLM) and how you can use it as a single sign-on (SSO) solution between different OSs.
http://www.WindowsITlibrary.com/content/617/06/toc.html

==== 4. New Books in Print ====

Programming C#, 3rd Edition
This book focuses on the features and programming patterns that are new to the C# language and fundamental to programming Web services and Web applications on the Microsoft .NET platform. The book features tips and tricks plus answers to frequently asked questions about C#.
http://www.oreilly.com/catalog/progcsharp3/

The Administrator's Guide to SharePoint Portal Server 2001
This book is written for coordinators and those who administer a Microsoft SharePoint Portal Server. The book reflects the author's honest thoughts about SharePoint Portal Server and focuses on planning for and monitoring the server, and on the management of documents, categories, and profiles.
http://www.aw.com/catalog/academic/product/0,4096,0201775743,00.html

==== 5. New eBooks ====

Windows 2003: Active Directory Administration Essentials
Whether you're an expert with Windows 2000 and Active Directory (AD), a Windows NT administrator who's read all the trade journals and maybe has a Windows 2000 test lab, or you're new to AD, this book is for you. The book, based on actual product code, touches on key topics that many Windows texts fail to mention. This free eBook is delivered as each chapter is written. You can download the first chapter at the following URL:
http://www.WindowsITlibrary.com/ebooks/administeringad/index.cfm?pc=ebkit1

The Insider's Guide to IT Certification
The "Insider's Guide to IT Certification" is a comprehensive how-to manual that will help you conserve your time and money while you become certified. This book will help you choose the right certification to study for, the right materials and methods to study with, and the proper ways to prepare for the exams.
http://ebooks.winnetmag.com/ebookcover.asp?ebookid=13534

==== 6. Windows IT Library Top Five ====

Microsoft Windows NT Server Administrator's Bible: Option Pack Edition
This book, with specific coverage of the Windows NT 4.0 Option Pack add-ons, can help you plan, install, configure, manage, optimize, and connect NT Server 4.0 to the Internet.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=405

A+ Certification: How to Pass Your Exams
This book walks you through all the skills tested in the Computing Technology Industry Association's (CompTIA's) CompTIA A+ certification exam--both the A+ Core Hardware exam and the A+ OS Technologies exam.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=175

Microsoft Windows NT Secrets: Option Pack Edition
Packed with the kind of notes, tips, and workarounds that come only from years of working day-in and day-out with a product, this book will help you optimize the performance, reliability, and security of your network.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=329

The Microsoft Outlook E-Mail and Fax Guide
Written for Microsoft Outlook end users and the administrators who support them, this volume explains all the real-world tasks that you're likely to encounter when working with Outlook, plus many timesaving techniques that take you beyond the basics.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=191

Undocumented Windows NT
This book documents what goes on under the covers in Windows NT. Three experts share what they've dug up on NT through years of hands-on research and programming experience. The authors dissect the Win32 interface, deconstruct the underlying APIs, and decipher the Memory Management architecture to help you understand operations, fix flaws, and enhance performance.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=356

==== 7. Contact Us ====

About the newsletter -- letters@winnetmag.com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products@winnetmag.com

About your subscription -- winnetmagupdate@winnetmag.com
About sponsoring UPDATE--emedia_opps@winnetmag.com

====================

This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
http://www.winnetmag.com/sub.cfm?code=00inxupb

Manage Your Account
You are subscribed as #EmailAddr#. Manage your email newsletter account on our Web site. Simply log on to change your email address, update your profile information, and subscribe or unsubscribe to any of our email newsletters.
http://list.winnetmag.com/cgi-bin3/flo?y=eNee0CFYDW0CBo0rvS0Al

Copyright 2003, Penton Media, Inc.

End of Article