E-Book, Englisch, 216 Seiten
Hassell Hardening Windows
2. ed
ISBN: 978-1-4302-0083-3
Verlag: Apress
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 216 Seiten
ISBN: 978-1-4302-0083-3
Verlag: Apress
Format: PDF
Kopierschutz: 1 - PDF Watermark
* Covers the Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, Windows Server R2's new Security Configuration Wizard, branch-office security features, and new setup options. * Each chapter ends with checkpoints to ensure thoroughness. * Applicable to all current versions of Windows (NT, 2000 Pro/Server, SP Pro, and Server 2003). * Includes automation suggestions, from deployment to rollout and beyond.
Jonathan Hassell is an author, consultant, and speaker on a variety of IT topics. His published works include RADIUS, Hardening Windows, Using Microsoft Windows Small Business Server 2003, and Learning Windows Server 2003. His work appears regularly in such periodicals as Windows IT Pro, PC Pro, and TechNet Magazine. Jonathan also speaks worldwide on topics ranging from networking and security to Windows administration. He is currently an editor for Apress, which specializes in books for programmers and IT professionals.
Autoren/Hrsg.
Weitere Infos & Material
1;Contents at a Glance;4
2;Contents;6
3;About the Author;12
4;About the Technical Reviewer;14
5;Acknowledgments;16
6;Introduction;18
7;CHAPTER 1 Some Words About Hardening;19
7.1;What Is Security?;20
7.1.1;The Security Dilemma;21
7.1.2;Enemies of Security;22
7.2;What Windows Is Lacking;22
7.3;Some General Hardening Suggestions;23
7.3.1;Software Considerations;24
7.3.2;Hardware and Network Considerations;25
7.4;Checkpoints;27
8;CHAPTER 2 Windows NT Security;29
8.1;Windows NT System Policy Editor;29
8.1.1;Customizing and Applying Policies to Multiple Computers;30
8.1.2;Resolving Conflicts Between Multiple Policies;31
8.1.3;Recommended User Policy Settings;32
8.1.4;Extending Policies;37
8.2;Passwords;37
8.2.1;Password Policies;38
8.2.2;Password Cracking;39
8.3;Protecting User Accounts;40
8.4;Registry Procedures;40
8.5;Protecting the File System;41
8.5.1;Locking Down Local Directories;41
8.5.2;Search Paths;42
8.6;Guarding Against Internet Threats;43
8.6.1;Windows NT Port Filtering;43
8.6.2;Protecting Against Viruses;44
8.7;Assigning Rights to Users;45
8.7.1;Granting and Revoking User Rights;45
8.8;Remote Access Server Configuration;48
8.8.1;Selecting Appropriate Communications Protocols and Methods;48
8.9;Security Implications of Domains;49
8.10;Checkpoints;50
9;CHAPTER 3 Windows 2000 Security;53
9.1;System Updates;53
9.1.1;The “Slipstreaming” Process;54
9.1.2;Critical Updates and Security Hotfixes;55
9.1.3;Managing Critical Updates Across Multiple Computers;55
9.2;Security Templates;56
9.2.1;Creating a Custom Security Template;58
9.3;Recommended Security Policy Settings;59
9.3.1;User Accounts;60
9.3.2;Local Options;61
9.4;Other Security Considerations;64
9.4.1;Windows Component Selection and Installation;64
9.4.2;Tightening Running Services;65
9.5;Checkpoints;66
10;CHAPTER 4 Windows XP Security;67
10.1;Implementing the Built-In Windows XP Firewall;67
10.1.1;Profiles;68
10.1.2;Configuring Through Group Policy;69
10.1.3;The Internet Connection Firewall in XP Gold and Service Pack 1;69
10.2;Disabling Unnecessary Services;71
10.2.1;Providing a Secure Configuration for Services;80
10.3;Microsoft Baseline Security Analyzer Patch Check and Security Tests;81
10.3.1;Installing Microsoft Baseline Security Analyzer;81
10.4;Penetration Tests;81
10.5;File System Security;82
10.6;Disable Automated Logins;83
10.7;Hardening Default Accounts;83
10.7.1;Use Runas for Administrative Work;84
10.8;Disable Infrared Transfers;85
10.9;Using Forensic Analysis Techniques;85
10.10;Checkpoints;87
11;CHAPTER 5 Windows Server 2003 Security;89
11.1;Enhancements to Security in Service Pack 1;89
11.2;The Security Configuration Wizard;90
11.2.1;Installing the SCW;91
11.2.2;Creating a Security Policy with the SCW;91
11.2.3;The Rollback Feature;98
11.2.4;SCW Best Practices;98
11.2.5;Using SCW from the Command Line;99
11.3;Checkpoints;100
12;CHAPTER 6 Deploying Enterprise Security Policies;103
12.1;System Policies, Group Policies, and Interaction;103
12.1.1;Mixing Policies and Operating Systems;105
12.2;Security and the Group Policy Framework;107
12.2.1;Organized Layout of Policies;108
12.2.2;Policy Application Precedence;110
12.2.3;Creating Security Configuration Files;110
12.3;Default Domain Policy;112
12.3.1;Default Domain Controller Security Policies;112
12.4;Troubleshooting Group Policy;113
12.5;Checkpoints;114
13;CHAPTER 7 Patch Management;117
13.1;About Windows Server Update Services;117
13.1.1;Comparing Windows Server Update Services to Systems Management Server;118
13.1.2;Using Windows Server Update Services: On the Server Side;119
13.1.3;Using WSUS: On the Client Side;132
13.2;Checkpoints;135
14;CHAPTER 8 Network Access Quarantine Control;137
14.1;How Network Access Quarantine Works;138
14.1.1;A Step-by-Step Overview of Network Access Quarantine Control;138
14.2;Deploying NAQC;140
14.2.1;Creating Quarantined Resources;140
14.2.2;Writing the Baseline Script;141
14.2.3;Installing the Listening Components;143
14.2.4;Creating a Quarantined Connection Profile;145
14.2.5;Distributing the Profile to Remote Users;147
14.2.6;Configuring the Quarantine Policy;148
14.3;Checkpoints;153
15;CHAPTER 9 Internet Information Services Security;155
15.1;Completely Disable IIS;156
15.2;Keeping IIS Updated;156
15.2.1;Using Windows Update;157
15.2.2;Using Network-Based Hotfix Installation;157
15.3;Securing Files, Folders, and Scripts;158
15.4;The Microsoft Indexing Service;160
15.5;TCP/IP Port Evaluation;162
15.6;Administrative and Default Pages;163
15.7;The Ins and Outs of Internet Services Application Programming Interface;164
15.8;Looking at Apache as an Alternative;164
15.9;Checkpoints;165
16;CHAPTER 10 Exchange Server 2003 Security;167
16.1;Installation Security;167
16.2;Security Policy Modifications;169
16.2.1;For Exchange Server Machines;169
16.2.2;For Domain Controller Machines;169
16.3;Service Security;170
16.4;Patch Management;171
16.5;Protecting Against Address Spoofing;172
16.6;Protecting Against Denial-of-Service Attacks;174
16.7;Restricting SMTP Access;176
16.8;Controlling Access;178
16.9;Checkpoints;179
17;CHAPTER 11 Security Auditing and Event Logs;181
17.1;For Windows 2000, XP, and Server 2003;181
17.1.1;Recommended Items to Audit;183
17.1.2;Event Logs;183
17.1.3;The Event Viewer;184
17.2;For Windows NT 4.0;185
17.2.1;Recommended Items to Audit;186
17.2.2;The Event Log;187
17.3;Filtering Events;187
17.4;What Might Be Missing;188
17.5;Checkpoints;188
18;APPENDIX Quick-Reference Checklists;191
18.1;Chapter 1: Some Words About Hardening;191
18.2;Chapter 2: Windows NT Security;192
18.3;Chapter 3: Windows 2000 Security;194
18.4;Chapter 4: Windows XP Security;195
18.5;Chapter 5: Windows Server 2003 Security;196
18.6;Chapter 6: Deploying Enterprise Security Policies;197
18.7;Chapter 7: Patch Management;198
18.8;Chapter 8: Network Access Quarantine Control;198
18.9;Chapter 9: Internet Information Services Security;199
18.10;Chapter 10: Exchange Server 2003 Security;199
18.11;Chapter 11: Security Auditing and Event Logs;201
19;INDEX;203
