Home

About the authors

Buy the book

Listening room

PYWN News Page

Errata

PYWN Services Page

Tools from the book

Welcome to the Protect Your Windows Network page, the home page for Jesper and Steve's book by the same name. On this page you will find information about how to protect your Windows network, as well as some additional links and information that you hopefully will find useful.

IMPORTANT  Notice April, 16, 2006:
The old protectyournetwork@hotmail.com e-mail address no longer works. Please use info@protectyourwindowsnetwork.com instead.

The Book

Jesper and Steve have done an outstanding job of covering the myriad of issues you must deal with to implement an effective network security policy. If you care about security this book is a must have.
Mark Russinovich, Chief Software Architect, Winternals Software

Johansson and Riley's new book presents complex issues in straightforward language, examining both the technical and business aspects of network security... this book is an important tutorial for those responsible for network security...
Scott Charney, Vice President of Trustworthy Computing, Microsoft Corporation

Protect Your Windows Network is focused around the defense in depth model we helped develop and refine in our work at Microsoft, and it gives a logical flow to the book which helps in building an overall security strategy, something both of us felt was lacking in the current literature. You can affect only so much security if you concentrate just on the technology; the people and the processes are equally important. Indeed, without thought in those two areas, most of the technology you deploy to protect information systems will fail to do what you intend—it will give you a false sense of security, which in fact is more dangerous than none at all.

Much of what you see in these pages has been said before, in various presentations. Both of us travel the world to deliver speeches on security and if you have ever heard us you will no doubt recognize some of the things you will read in these pages. In a sense, the book is the lecture notes everyone who has heard our presentations keeps asking for. Of course, those notes are sorely needed as most of our presentations are increasingly light on slides to avoid that all-to-common malady: death by PowerPoint.

Everyone we know who has written a book always says in the foreword that their first book is one they wanted to write for a long time. (We are now wondering what’s left for us to write in our second book?) That is good, because it takes a long time to write a book. Neither of us felt that we had the competency to write one until recently, so it is not really true that we have wanted to write it for a long time. We have certainly thought about security for a long time though, and you could certainly say that we wanted to learn enough about it for a long time to have something meaningful to say. Once we spent a few years talking to people it was clear that security is an area that is fraught with misunderstandings (as we see them) and snake oil (pseudo-solutions that really do not do what they purport to do at best, and are harmful at worst).

We find this type of “security theater” all around us. Consider, for instance, next time you go through an airport security check, who would be capable of causing more damage: a 92-year old grandmother with a pair of cuticle scissors, or a 22-year old martial art black belt? They will confiscate the cuticle scissors, but they will allow the martial arts champion on the plane without putting him in shackles first. Some secure facilities will confiscate USB drives (and GPS receivers—why in the world?) “for security reasons” but they allow 80 gigabyte FireWire-1394 drives through because the security personnel cannot imagine any “threats” associated with digital music players. Many organizations have a password policy that requires users to use passwords too long and complicated to remember (and then routinely complain about the expense of resetting locked-out accounts); they block any kind of information gathering from down-level systems; and they do it all on computers that have not been patched for over a year!

We finally decided that the right way to dispel these myths was to write a book. At the time it seemed like a really good idea and we are sure that at some point it will again.

Contact Information

If you have questions or comments about the book, feel free to contact us as follows. If you would like Jesper and/or Steve to come speak to you or have questions about securing Windows or the networks that runs on it, contact us about that too!

Electronic mail

info@protectyourwindowsnetwork.com

Blogs

Jesper: http://msinfluentials.com/blogs/jesper
Steve: http://blogs.technet.com/steriley/

 

Send mail to info@protectyourwindowsnetwork.com with questions or comments about this web site.
Copyright © 2006 Jesper M. Johansson
Last modified: March 3, 2006