You are previewing Windows Server 2012 Security from End to Edge and Beyond.
O'Reilly logo
Windows Server 2012 Security from End to Edge and Beyond

Book Description

Windows Server 2012 Security from End to Edge and Beyond shows you how to architect, design, plan, and deploy Microsoft security technologies for Windows 8/Server 2012 in the enterprise. The book covers security technologies that apply to both client and server and enables you to identify and deploy Windows 8 security features in your systems based on different business and deployment scenarios. The book is a single source for learning how to secure Windows 8 in many systems, including core, endpoint, and anywhere access.

Authors Tom Shinder and Yuri Diogenes, both Microsoft employees, bring you insider knowledge of the Windows 8 platform, discussing how to deploy Windows security technologies effectively in both the traditional datacenter and in new cloud-based solutions. With this book, you will understand the conceptual underpinnings of Windows 8 security and how to deploy these features in a test lab and in pilot and production environments.

The book's revolutionary "Test Lab Guide" approach lets you test every subject in a predefined test lab environment. This, combined with conceptual and deployment guidance, enables you to understand the technologies and move from lab to production faster than ever before. Critical material is also presented in key concepts and scenario-based approaches to evaluation, planning, deployment, and management. Videos illustrating the functionality in the Test Lab can be downloaded from the authors’ blog http://blogs.technet.com.b.security_talk/. Each chapter wraps up with a bullet list summary of key concepts discussed in the chapter.



  • Provides practical examples of how to design and deploy a world-class security infrastructure to protect both Windows 8 and non-Microsoft assets on your system
  • Written by two Microsoft employees who provide an inside look at the security features of Windows 8
  • Test Lab Guides enable you to test everything before deploying live to your system

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Acknowledgments
  6. About the Authors
  7. About the Technical Editor
  8. Foreword
  9. Chapter 1. Planning Platform Security
    1. Chapter Points
    2. Reviewing the Core Security Principles
    3. Planning a Secure Platform from End to Edge and Beyond
    4. From End to Edge and Beyond Chapter Previews
    5. Summary
  10. Chapter 2. Planning Server Role in Windows Server 2012
    1. Chapter Points
    2. Server Role and Security Considerations
    3. Using Server Manager to Add a New Role or Feature
    4. Using Security Compliance Manager to Hardening Servers
    5. Administrator’s Punch List
    6. Summary
  11. Chapter 3. Deploying Directory Services and Certificate Services
    1. Chapter Points
    2. Evolving Threats Against Certificates
    3. Implementing Directory Services on Windows Server 2012
    4. Implementing Certificate Services on Windows Server 2012
    5. Installing AD CS Role
    6. Site-Aware Certificate Enrollment
    7. Renew with the Same Key
    8. Validate Your Knowledge in AD CS
    9. Administrator’s Punch List
    10. Summary
  12. Chapter 4. Deploying AD FS and AD RMS in Windows Server 2012
    1. Chapter Points
    2. Planning for Active Directory Federation Services
    3. Deploying Active Directory Federation Services
    4. Troubleshooting Active Directory Federation Services
    5. Active Directory Rights Management Services
    6. Summary
  13. Chapter 5. Patch Management with Windows Server 2012
    1. Chapter Points
    2. Why Should You Have a Patch Management Strategy in Place?
    3. Planning WSUS Deployment on Windows Server 2012
    4. Deploying WSUS
    5. Managing Updates with WSUS
    6. Using Group Policy to Configure WSUS
    7. Administrator’s Punch List
    8. Summary
  14. Chapter 6. Virtualization Security
    1. Chapter Points
    2. Considerations Regarding Virtualization Security in Microsoft Platform
    3. Understanding and Deploying Windows Server 2012 Hyper-V Security Capabilities
    4. High Availability for Virtualization Security
    5. Beyond the Hypervisor
    6. Scenario: Virtualization Security Considerations for a Cloud Infrastructure
    7. Administrator’s Punch List
    8. Summary
  15. Chapter 7. Controlling Access to Your Environment with Authentication and Authorization
    1. Chapter Points
    2. Planning Authentication, Authorization, and Access Control
    3. Understanding Dynamic Access Control
    4. Planning Authentication
    5. Configuring Dynamic Access Control
    6. Summary
  16. Chapter 8. Endpoint Security
    1. Chapter Points
    2. Considerations Regarding Endpoint Security
    3. Windows 8 Security Enhancements
    4. Administrator’s Punch List
    5. Summary
  17. Chapter 9. Secure Client Deployment with Trusted Boot and BitLocker
    1. Chapter Points
    2. Security Considerations for Mobile Users
    3. Understanding the Trusted Boot Process
    4. Understanding BitLocker Full Volume Encryption
    5. Summary
  18. Chapter 10. Mitigating Application’s Vulnerabilities
    1. Chapter Points
    2. Living in the World of Apps
    3. Browser Protection
    4. The Old Friends Are Still Here: UAC and AppLocker
    5. Extra Tools
    6. Summary
  19. Chapter 11. Mitigating Network Vulnerabilities
    1. Chapter Points
    2. Understanding Windows Firewall with Advanced Security
    3. Deploying and Managing the Windows Firewall with Advanced Security
    4. Protecting the Windows Endpoint with IPsec Rules
    5. Common Deployment Scenarios
    6. Using SMB Encryption to Protect Data Traversing the Network
    7. Summary
  20. Chapter 12. Unified Remote Access and BranchCache
    1. Chapter Points
    2. The Evolving Remote Access Landscape
    3. New Capabilities in DirectAccess
    4. DirectAccess Requirements and Planning
    5. What is BranchCache?
    6. Overview of BranchCache Deployment
    7. Administrator’s Punch List
    8. Summary
  21. Chapter 13. DirectAccess Deployment Scenarios
    1. The Simplified DirectAccess Server Test Lab
    2. Create a Security Group for DirectAccess Clients on DC1
    3. Install the Unified Remote Access Server Role on EDGE1
    4. Run the Getting Started Wizard on EDGE1
    5. Setup and Test CLIENT1 for DirectAccess Connectivity
    6. Overview of Traditional DirectAccess Single Server Deployment
    7. Administrator’s Punch List
    8. Summary
  22. Chapter 14. Protecting Legacy Remote Clients
    1. Chapter Points
    2. Virtual Private Networking with Windows Server 2012
    3. Deploying Network Access Protection (NAP) Through Network Policy and Access Services
    4. Summary
  23. Chapter 15. Cloud Security
    1. Chapter Points
    2. General Considerations for Cloud Security (SaaS)
    3. General Considerations for Cloud Security (IaaS)
    4. Building a Private Cloud with Windows Server 2012
    5. Summary
  24. Index