Hardening Windows (eBook)

eBook Download: PDF
2006 | 2nd ed.
216 Seiten
Apress (Verlag)
978-1-4302-0083-3 (ISBN)

Lese- und Medienproben

Hardening Windows - Jonathan Hassell
Systemvoraussetzungen
32,09 inkl. MwSt
  • Download sofort lieferbar
  • Zahlungsarten anzeigen
* Covers the Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, Windows Server R2's new Security Configuration Wizard, branch-office security features, and new setup options.

* Each chapter ends with checkpoints to ensure thoroughness.

* Applicable to all current versions of Windows (NT, 2000 Pro/Server, SP Pro, and Server 2003).

* Includes automation suggestions, from deployment to rollout and beyond.



Jonathan Hassell is an author, consultant, and speaker on a variety of IT topics. His published works include RADIUS, Hardening Windows, Using Microsoft Windows Small Business Server 2003, and Learning Windows Server 2003. His work appears regularly in such periodicals as Windows IT Pro, PC Pro, and TechNet Magazine. Jonathan also speaks worldwide on topics ranging from networking and security to Windows administration. He is currently an editor for Apress, which specializes in books for programmers and IT professionals.
Hardening is the process of protecting a system against unknown threats. System administrators harden against that which they think could be a threat. Administrators know the Internet is a hostile environment. Although they can't tell, for example, that a hacker will attempt to gain access to the SQL server next Tuesday, they can bet money there'll be an attempt soon and should "e;batten down the hatches"e; in anticipation.Hardening Windows, Second Edition is the definitive "e;counterintelligence"e; guide to performing preventative security measures for the Windows operating system. This second edition covers the release of Windows XP Service Pack 2 and its new security features, including the Windows Firewall and the Security Center. It also covers Windows Server 2003 Service Pack 1, Windows Server R2's new Security Configuration Wizard, Windows NT, Windows 2000, branch-office security features, and new setup options. A new chapter has been added on Windows Software Update Services. All chapters have been updated to reflect reader feedback from the first edition. Topics covered include system and group policies, Network Access Quarantine Control, auditing and event logs, IIS, and Exchange.

Jonathan Hassell is an author, consultant, and speaker on a variety of IT topics. His published works include RADIUS, Hardening Windows, Using Microsoft Windows Small Business Server 2003, and Learning Windows Server 2003. His work appears regularly in such periodicals as Windows IT Pro, PC Pro, and TechNet Magazine. Jonathan also speaks worldwide on topics ranging from networking and security to Windows administration. He is currently an editor for Apress, which specializes in books for programmers and IT professionals.

Contents at a Glance 4
Contents 6
About the Author 12
About the Technical Reviewer 14
Acknowledgments 16
Introduction 18
CHAPTER 1 Some Words About Hardening 19
What Is Security? 20
The Security Dilemma 21
Enemies of Security 22
What Windows Is Lacking 22
Some General Hardening Suggestions 23
Software Considerations 24
Hardware and Network Considerations 25
Checkpoints 27
CHAPTER 2 Windows NT Security 29
Windows NT System Policy Editor 29
Customizing and Applying Policies to Multiple Computers 30
Resolving Conflicts Between Multiple Policies 31
Recommended User Policy Settings 32
Extending Policies 37
Passwords 37
Password Policies 38
Password Cracking 39
Protecting User Accounts 40
Registry Procedures 40
Protecting the File System 41
Locking Down Local Directories 41
Search Paths 42
Guarding Against Internet Threats 43
Windows NT Port Filtering 43
Protecting Against Viruses 44
Assigning Rights to Users 45
Granting and Revoking User Rights 45
Remote Access Server Configuration 48
Selecting Appropriate Communications Protocols and Methods 48
Security Implications of Domains 49
Checkpoints 50
CHAPTER 3 Windows 2000 Security 53
System Updates 53
The “Slipstreaming” Process 54
Critical Updates and Security Hotfixes 55
Managing Critical Updates Across Multiple Computers 55
Security Templates 56
Creating a Custom Security Template 58
Recommended Security Policy Settings 59
User Accounts 60
Local Options 61
Other Security Considerations 64
Windows Component Selection and Installation 64
Tightening Running Services 65
Checkpoints 66
CHAPTER 4 Windows XP Security 67
Implementing the Built-In Windows XP Firewall 67
Profiles 68
Configuring Through Group Policy 69
The Internet Connection Firewall in XP Gold and Service Pack 1 69
Disabling Unnecessary Services 71
Providing a Secure Configuration for Services 80
Microsoft Baseline Security Analyzer Patch Check and Security Tests 81
Installing Microsoft Baseline Security Analyzer 81
Penetration Tests 81
File System Security 82
Disable Automated Logins 83
Hardening Default Accounts 83
Use Runas for Administrative Work 84
Disable Infrared Transfers 85
Using Forensic Analysis Techniques 85
Checkpoints 87
CHAPTER 5 Windows Server 2003 Security 89
Enhancements to Security in Service Pack 1 89
The Security Configuration Wizard 90
Installing the SCW 91
Creating a Security Policy with the SCW 91
The Rollback Feature 98
SCW Best Practices 98
Using SCW from the Command Line 99
Checkpoints 100
CHAPTER 6 Deploying Enterprise Security Policies 103
System Policies, Group Policies, and Interaction 103
Mixing Policies and Operating Systems 105
Security and the Group Policy Framework 107
Organized Layout of Policies 108
Policy Application Precedence 110
Creating Security Configuration Files 110
Default Domain Policy 112
Default Domain Controller Security Policies 112
Troubleshooting Group Policy 113
Checkpoints 114
CHAPTER 7 Patch Management 117
About Windows Server Update Services 117
Comparing Windows Server Update Services to Systems Management Server 118
Using Windows Server Update Services: On the Server Side 119
Using WSUS: On the Client Side 132
Checkpoints 135
CHAPTER 8 Network Access Quarantine Control 137
How Network Access Quarantine Works 138
A Step-by-Step Overview of Network Access Quarantine Control 138
Deploying NAQC 140
Creating Quarantined Resources 140
Writing the Baseline Script 141
Installing the Listening Components 143
Creating a Quarantined Connection Profile 145
Distributing the Profile to Remote Users 147
Configuring the Quarantine Policy 148
Checkpoints 153
CHAPTER 9 Internet Information Services Security 155
Completely Disable IIS 156
Keeping IIS Updated 156
Using Windows Update 157
Using Network-Based Hotfix Installation 157
Securing Files, Folders, and Scripts 158
The Microsoft Indexing Service 160
TCP/IP Port Evaluation 162
Administrative and Default Pages 163
The Ins and Outs of Internet Services Application Programming Interface 164
Looking at Apache as an Alternative 164
Checkpoints 165
CHAPTER 10 Exchange Server 2003 Security 167
Installation Security 167
Security Policy Modifications 169
For Exchange Server Machines 169
For Domain Controller Machines 169
Service Security 170
Patch Management 171
Protecting Against Address Spoofing 172
Protecting Against Denial-of-Service Attacks 174
Restricting SMTP Access 176
Controlling Access 178
Checkpoints 179
CHAPTER 11 Security Auditing and Event Logs 181
For Windows 2000, XP, and Server 2003 181
Recommended Items to Audit 183
Event Logs 183
The Event Viewer 184
For Windows NT 4.0 185
Recommended Items to Audit 186
The Event Log 187
Filtering Events 187
What Might Be Missing 188
Checkpoints 188
APPENDIX Quick-Reference Checklists 191
Chapter 1: Some Words About Hardening 191
Chapter 2: Windows NT Security 192
Chapter 3: Windows 2000 Security 194
Chapter 4: Windows XP Security 195
Chapter 5: Windows Server 2003 Security 196
Chapter 6: Deploying Enterprise Security Policies 197
Chapter 7: Patch Management 198
Chapter 8: Network Access Quarantine Control 198
Chapter 9: Internet Information Services Security 199
Chapter 10: Exchange Server 2003 Security 199
Chapter 11: Security Auditing and Event Logs 201
INDEX 203

Erscheint lt. Verlag 7.11.2006
Zusatzinfo 216 p.
Verlagsort Berkeley
Sprache englisch
Themenwelt Informatik Betriebssysteme / Server Windows
Informatik Netzwerke Sicherheit / Firewall
Mathematik / Informatik Informatik Software Entwicklung
Schlagworte Deployment • operating system • security • WINDOWS 2000 • Windows firewall • WINDOWS NT • Windows Server 2003 • WINDOWS XP
ISBN-10 1-4302-0083-9 / 1430200839
ISBN-13 978-1-4302-0083-3 / 9781430200833
Haben Sie eine Frage zum Produkt?
PDFPDF (Wasserzeichen)
Größe: 2,5 MB

DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasser­zeichen und ist damit für Sie persona­lisiert. Bei einer missbräuch­lichen Weiter­gabe des eBooks an Dritte ist eine Rück­ver­folgung an die Quelle möglich.

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seiten­layout eignet sich die PDF besonders für Fach­bücher mit Spalten, Tabellen und Abbild­ungen. Eine PDF kann auf fast allen Geräten ange­zeigt werden, ist aber für kleine Displays (Smart­phone, eReader) nur einge­schränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.

Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
der leichte Weg zur eigenen Cloud.Daten sicher speichern und teilen

von Herbert Hertramph

eBook Download (2023)
MITP Verlags GmbH & Co. KG
24,99
Learn how to program with PowerShell 7 on Windows, Linux, and the …

von Nick Parlow

eBook Download (2024)
Packt Publishing (Verlag)
32,39