![Hardening Windows](http://img.images-bn.com/static/redesign/srcs/images/grey-box.png?v11.9.4)
![Hardening Windows](http://img.images-bn.com/static/redesign/srcs/images/grey-box.png?v11.9.4)
eBook1st ed. (1st ed.)
Available on Compatible NOOK devices, the free NOOK App and in My Digital Library.
Related collections and offers
Overview
System administrators know the Internet is a hostile environment. They can't tell when a hacker will attempt to gain access to the SQL server, but they can bet that there will be an attempt soon. Because the operating system is vital to a computer's functioning, and because it's the only layer between the machine's available resources and its users, it's critical that the operating system resist compromise.
Hardening Windows is an intermediate-to-advanced guide to implementing preventative security measures for the Windows operating system, and it's the only book that covers NT, 2000, XP, and 2003. This book is designed to provide a quick and easy checklist-style reference to the steps system administrators need to take to anticipate attacks and compromises, and to harden Windows NT, 2000, XP, and Server 2003 against them.
Product Details
ISBN-13: | 9781430206811 |
---|---|
Publisher: | Apress |
Publication date: | 01/01/2008 |
Sold by: | Barnes & Noble |
Format: | eBook |
Pages: | 200 |
File size: | 4 MB |
About the Author
Table of Contents
About the Author | ix | |
About the Technical Reviewer | x | |
Acknowledgments | xi | |
Introduction | xiii | |
Chapter 1 | Hardening: Theory and General Practice | 1 |
What Is Security? | 2 | |
The Security Dilemma | 3 | |
Enemies of Security | 4 | |
Some General Hardening Suggestions | 4 | |
Software Considerations | 5 | |
Hardware and Network Considerations | 6 | |
Checkpoints | 8 | |
Chapter 2 | Windows NT Security | 11 |
Windows NT System Policy Editor | 11 | |
Customizing and Applying Group Policies | 12 | |
Resolving Conflicts Between Multiple Policies | 13 | |
Recommended User Policy Settings | 13 | |
Passwords | 18 | |
Password Policies | 18 | |
Password Cracking | 19 | |
Protecting User Accounts | 20 | |
Registry Procedures | 21 | |
Protecting the File System | 21 | |
Locking Down Local Directories | 22 | |
Search Paths | 23 | |
Guarding Against Internet Threats | 23 | |
Windows NT Port Filtering | 24 | |
Protecting Against Viruses | 24 | |
Assigning Rights to Users | 25 | |
Granting and Revoking User Rights | 26 | |
Checkpoints | 30 | |
Chapter 3 | Windows 2000 Security | 33 |
System Updates | 33 | |
The "Slipstreaming" Process | 34 | |
Critical Updates and Security Hotfixes | 35 | |
Managing Critical Updates Across Multiple Computers | 35 | |
Security Templates | 37 | |
Creating a Custom Security Template | 38 | |
Recommended Security Policy Settings | 40 | |
User Accounts | 40 | |
Local Options | 42 | |
Other Security Considerations | 45 | |
Windows Component Selection and Installation | 45 | |
Tightening Running Services | 45 | |
Checkpoints | 46 | |
Chapter 4 | Windows XP Security | 49 |
Implementing a Firewall | 49 | |
Changes to Services | 51 | |
Microsoft Baseline Security Analyzer Patch Check and Security Tests | 64 | |
Installing Microsoft Baseline Security Analyzer | 64 | |
Penetration Tests | 65 | |
File System Security | 65 | |
Disable Automated Logins | 66 | |
Hardening Default Accounts | 66 | |
Using Forensic Analysis Techniques | 68 | |
Checkpoints | 69 | |
Chapter 5 | Defining Enterprise Security Policies with Windows 2000 and Later | 71 |
System Policies, Group Policies, and Interaction | 72 | |
Mixing Policies and Operating Systems | 73 | |
Security and the Group Policy Framework | 77 | |
Organized Layout of Policies | 78 | |
Policy Application Precedence | 79 | |
Creating Security Configuration Files | 80 | |
Default Domain Policy | 82 | |
Default Domain Controller Security Policies | 82 | |
Troubleshooting Group Policy | 83 | |
Checkpoints | 84 | |
Chapter 6 | Patch Management | 87 |
About Software Update Services | 87 | |
Comparing Software Update Services to Systems Management Server | 88 | |
Using Software Update Services: On the Server Side | 90 | |
Using SUS: On the Client Side | 99 | |
Checkpoints | 102 | |
Chapter 7 | Network Access quarantine Control | 105 |
How Network Access Quarantine Works | 106 | |
A Step-by-Step Overview of Network Access Quarantine Control | 106 | |
Deploying NAQC | 108 | |
Creating Quarantined Resources | 108 | |
Writing the Baseline Script | 109 | |
Installing the Listening Components | 112 | |
Creating a Quarantined Connection Profile | 113 | |
Distributing the Profile to Remote Users | 116 | |
Configuring the Quarantine Policy | 116 | |
Checkpoints | 122 | |
Chapter 8 | Internet Information Services Security | 123 |
Completely Disable IIS | 123 | |
Checking for Updates on Machines | 124 | |
Keeping IIS Updated | 126 | |
Securing Files, Folders, and Scripts | 127 | |
The Microsoft Indexing Service | 129 | |
TCP/IP Port Evaluation | 131 | |
Administrative and Default Pages | 133 | |
The Ins and Outs of Internet Services Application Programming Interface | 134 | |
Looking at Apache as an Alternative | 134 | |
Checkpoints | 135 | |
Chapter 9 | Exchange 2000 Server Security | 137 |
Installation Security | 137 | |
Security Policy Modifications | 138 | |
For Exchange Server Machines | 139 | |
For Domain Controller Machines | 139 | |
Service Security | 140 | |
Patch Management | 141 | |
Protecting Against Address Spoofing | 142 | |
Protecting Against Denial-of-Service Attacks | 144 | |
Restricting SMTP Access | 146 | |
Controlling Access | 148 | |
Checkpoints | 149 | |
Chapter 10 | Security Auditing and Event Logs | 151 |
For Windows 2000, XP, and Server 2003 | 151 | |
Recommended Items to Audit | 153 | |
Event Logs | 153 | |
For Windows NT 4.0 | 155 | |
Recommended Items to Audit | 156 | |
The Event Log | 157 | |
Filtering Events | 157 | |
What Might Be Missing | 158 | |
Checkpoints | 158 | |
Appendix | Quick-Reference Checklists | 161 |
Index | 173 |