May 28 2003

In this issue:

1. Book Review: Storage Security Protecting SANs NAS and DAS

2. Announcement: Cast Your Vote in Our Annual Readers Choice Awards

3 New from Windows IT Library: Windows NT Troubleshooting, Windows 2000 Authentication

4. New Books in Print: Programming C# 3rd Edition, The Administrator's Guide to SharePoint Portal Server 2001

5. New eBooks: Windows 2003 Active Directory Administration Essentials, The Insider's Guide to IT Certification

6. Windows IT Library Top Five: Microsoft Windows NT Server Administrator's Bible Option Pack Edition, A Certification How to Pass Your Exams, Microsoft Windows NT Secrets Option Pack Edition, The Microsoft Outlook E mail and Fax Guide, Undocumented Windows NT

1. Book Review: Storage Security Protecting SANs, NAS and DAS 

Authors: John Chirillo and Scott Blaul 

PublisherL Wiley Publishing 

Published: December 2002

ISBN: 0-7645-1688-4 

Paperback, 408 Pages 

Price: $45.00

Storage Security Protecting SANs, NAS and DAS is intended for anyone who has concerns about or who is responsible for maintaining a secure storage environment. The book written by John Chirillo, a security and analysis consultant, and Scott Blaul, a specialist in a range of computer support services, contains plenty of nitty gritty information aimed at IT professionals involved in the day to day administrative and technical aspects of storage systems. But a lot of the content is suitable for people in middle and upper management positions such as CIOs or CEOs of smaller businesses.

In Chapter 1: Storage Evolution, the authors provide a brief history of storage technologies so that you'll have a foundation for the book's discussion of storage and storage network security concerns. Chapter 1 also includes three real life examples that demonstrate the potential vulnerability of storage systems. You should use these examples, Unsecure SANs Invitation for Hackers Myth of Storage Security Savaged and How Secure Is IP Based Storage, as a catalyst to start security planning within your company and to ensure implementation of the plan. But before you start rushing about and scaring everyone, remember to keep things in perspective by considering one of the book's security thoughts. It is not possible to achieve 100 percent security and still provide access to the data. For this reason you should use a formal process to classify data, perform a risk analysis and evaluate risk versus cost of security

The authors devote chapters 2, 3 and 4 to the discussion of Direct Attached Storage DAS Network, Attached Storage NAS and Storage Area Network SAN technologies respectively. Each chapter begins with an explanation of the specific type of storage then covers the necessities of providing a secure foundation when using that storage technology. Individual topics include features properties options weaknesses and strengths, limitations scalability and flexibility.

The authors are acutely aware of the many variables involved in storage security. As a result the authors have developed a series of matrices that you can use to grade each storage technologies security requirements. By reading these three chapters and by using the supplied matrices you will be better able to determine which storage technology meets your company's storage and security needs.

The book contains another three chapters that I regard as mandatory reading for anyone in charge of a company's data. The first of these chapters tackles the subject of data availability. Any number of factors ranging from a power failure internal or external to a hub failure can lead to inaccessible data. Sample key principles of data availability discussed in this chapter include fault mitigation duplication disaster mitigation and capacity planning you can't provide access to data unless you first have enough storage space for the data.

The second must read chapter is Data Protection Backup and Recovery. Implementing an adequate backup strategy continues to be a challenge for many companies. This chapter helps you answer questions such as the following:

Which data do I need to back up?

How often should I back up data? 

Do I need to perform a verification of the backed up data?

How many versions of the backed up data should I keep? 

This chapter will also help you set up a backup strategy that is secure, reliable and practical.

The final must read chapter discusses testing and monitoring a storage solution a less glamorous aspect of storage technology and one that's not often given the attention it deserves. The authors refer to testing and monitoring as implementing a proactive auditing strategy or providing a workable strategy for monitoring a storage system's security. This chapter provides step-by-step instructions for building a testing system that matches your requirements and protects against the most common threats to storage networks.

Throughout the book you'll find highlighted blocks of text called security thoughts. The book's authors have included these thoughts to make you stop and think as you develop a security plan for your storage systems. Some of these security thoughts offer additional benefits such as warning you about possible side effects that might arise from actions you're considering. They also inform you of precautions to take to keep your storage systems from being adversely affected.

Interestingly, the first of these security thoughts warns against over securing your data. Data that is so secure that it can't be accessed can produce the same result as having no data at all. Consequently, although the primary focus of this book is storage, storage networks and more specifically, security as it relates to storage networks, we will not lose sight of the need to access data.

The book concludes with two appendices. The first appendix summarizes the type of information that you'll find at the book's Web site www.wiley.com/legacy/compbooks/chirillo/storage/index.html. At the site you'll find a link for downloading the previously mentioned evaluation matrices. The site also has links to documents about advanced custom auditing and to handy security tools devices and services. When you click on the image of the book's cover you'll be taken to the publisher's Web site where you can read an overview of the book click links to access the book's Table of Contents and read about the book's authors.

The second appendix is a comprehensive collection of useful storage related resources including relevant Web site addresses and email addresses. To make it easier and faster to find the resources you need the appendix is subdivided into the following categories: access control and management, encryption firewalls, intrusion detection systems, software and services, storage magazines and storage news, resources, search engines that specialize in finding storage information, storage network, software virus, control and technical, white papers and reports about storage networks, and security. br

In the final paragraph of Storage Security: Protecting SANs, NAS and DAS the authors caution readers to remember that the landscape of security is ever changing, you must adapt with it. New and more dangerous hacks vulnerabilities viruses (Trojans, DoS) attacks and other exploits continue to pop up just when you think you ve got everything under control. To keep or to regain control I recommend that you seriously consider this book's suggestions and advice. But don't wait until your system has been violated; instead, be proactive and secure your storage now!

2. Announcement: Cast Your Vote in Our Annual Readers Choice Awards

Which companies and products are the best on the market? Tell us by nominating your favorites in the annual Windows & NET Magazine Readers Choice Awards survey!

3. New from Windows IT Library: Windows NT Troubleshooting

Learn all the tweaks tips and administration shortcuts necessary to keep a Windows NT environment trouble free! This reference contains detailed solutions and preventive techniques for the most common NT hotspots.

Windows 2000 Authentication: This chapter looks at the most important OS security service authentication and how Windows 2000 implements it. Learn about the Win2K authentication architecture and the nuts and bolts of the Kerberos authentication protocol such as how it compares with Windows NT LAN Manager NTLM and how you can use it as a single sign on SSO solution between different OSs.

4. New Books in Print: Programming C# 3rd Edition 

This book focuses on the features and programming patterns that are new to the C# language and fundamental to programming Web services and Web applications on the Microsoft NET platform. The book features tips and tricks plus answers to frequently asked questions about C# 

http://www.oreilly.com/catalog/progcsharp3

The Administrator's Guide to SharePoint Portal Server 2001

This book is written for coordinators and those who administer a Microsoft SharePoint Portal Server. The book reflects the author's honest thoughts about SharePoint Portal Server and focuses on planning for and monitoring the server and on the management of documents categories and profiles

http://www.aw.com/catalog/academic/product/0/4096/0201775743/00.html

5. New eBooks: Windows 2003 Active Directory Administration Essentials

Whether you're an expert with Windows 2000 and Active Directory AD, a Windows NT administrator who's read all the trade journals and maybe has a Windows 2000 test lab or you're new to AD this book is for you! The book based on actual product code touches on key topics that many Windows texts fail to mention. This free eBook is delivered as each chapter is written.

The Insider's Guide to IT Certification

The Insider's Guide to IT Certification is a comprehensive how to manual that will help you conserve your time and money while you become certified. This book will help you choose the right certification to study for the right materials and methods to study with and the proper ways to prepare for the exams. 

6. Windows IT Library Top Five: Microsoft Windows NT Server Administrator's Bible Option Pack Edition

This book with specific coverage of the Windows NT 4 0 Option Pack add ons can help you plan install configure manage optimize and connect NT Server 4.0 to the Internet.

A Certification: How to Pass Your Exams

This book walks you through all the skills tested in the Computing Technology Industry Association's CompTIA's CompTIA A certification exam, both the A Core Hardware exam and the A OS Technologies exam.

Microsoft Windows NT Secrets Option Pack Edition

Packed with the kind of notes tips and workarounds that come only from years of working day in and day out with a product, this book will help you optimize the performance reliability and security of your network.

The Microsoft Outlook E Mail and Fax Guide

Written for Microsoft Outlook end users and the administrators who support them, this volume explains all the real world tasks that you're likely to encounter when working with Outlook plus many timesaving techniques that take you beyond the basics.

Undocumented Windows NT

This book documents what goes on under the covers in Windows NT. Three experts share what they've dug up on NT through years of hands on research and programming experience. The authors dissect the Win32 interface, deconstruct the underlying APIs and decipher the Memory Management architecture to help you understand operations fix flaws and enhance performance.