When you're writing a book about a new product, it's difficult to get everything right. In this case, chapter 6 of the Exchange 2003 book omits any serious mention of the Exchange 2003 security hardening guide. At the time I wrote the chapter, it was unclear whether MS was going to produce it or not; I based the material in the chapter on a draft version that was circulating. After a cursory review, I don't see anything explicit missing from the chapter except details on the security templates that are included; I'll update this post after I've had a chance to do a more thorough reading.