Hardening Windows (eBook)

Jonathan Hassell is an author, consultant, and speaker on a variety of IT topics. His published works include RADIUS, Hardening Windows, Using Microsoft Windows Small Business Server 2003, and Learning Windows Server 2003. His work appears regularly in such periodicals as Windows IT Pro, PC Pro, and TechNet Magazine. Jonathan also speaks worldwide on topics ranging from networking and security to Windows administration. He is currently an editor for Apress, which specializes in books for programmers and IT professionals.

Contents at a Glance 4
Contents 6
About the Author 12
About the Technical Reviewer 14
Acknowledgments 16
Introduction 18
CHAPTER 1 Some Words About Hardening 19
What Is Security? 20
The Security Dilemma 21
Enemies of Security 22
What Windows Is Lacking 22
Some General Hardening Suggestions 23
Software Considerations 24
Hardware and Network Considerations 25
Checkpoints 27
CHAPTER 2 Windows NT Security 29
Windows NT System Policy Editor 29
Customizing and Applying Policies to Multiple Computers 30
Resolving Conflicts Between Multiple Policies 31
Recommended User Policy Settings 32
Extending Policies 37
Passwords 37
Password Policies 38
Password Cracking 39
Protecting User Accounts 40
Registry Procedures 40
Protecting the File System 41
Locking Down Local Directories 41
Search Paths 42
Guarding Against Internet Threats 43
Windows NT Port Filtering 43
Protecting Against Viruses 44
Assigning Rights to Users 45
Granting and Revoking User Rights 45
Remote Access Server Configuration 48
Selecting Appropriate Communications Protocols and Methods 48
Security Implications of Domains 49
Checkpoints 50
CHAPTER 3 Windows 2000 Security 53
System Updates 53
The “Slipstreaming” Process 54
Critical Updates and Security Hotfixes 55
Managing Critical Updates Across Multiple Computers 55
Security Templates 56
Creating a Custom Security Template 58
Recommended Security Policy Settings 59
User Accounts 60
Local Options 61
Other Security Considerations 64
Windows Component Selection and Installation 64
Tightening Running Services 65
Checkpoints 66
CHAPTER 4 Windows XP Security 67
Implementing the Built-In Windows XP Firewall 67
Profiles 68
Configuring Through Group Policy 69
The Internet Connection Firewall in XP Gold and Service Pack 1 69
Disabling Unnecessary Services 71
Providing a Secure Configuration for Services 80
Microsoft Baseline Security Analyzer Patch Check and Security Tests 81
Installing Microsoft Baseline Security Analyzer 81
Penetration Tests 81
File System Security 82
Disable Automated Logins 83
Hardening Default Accounts 83
Use Runas for Administrative Work 84
Disable Infrared Transfers 85
Using Forensic Analysis Techniques 85
Checkpoints 87
CHAPTER 5 Windows Server 2003 Security 89
Enhancements to Security in Service Pack 1 89
The Security Configuration Wizard 90
Installing the SCW 91
Creating a Security Policy with the SCW 91
The Rollback Feature 98
SCW Best Practices 98
Using SCW from the Command Line 99
Checkpoints 100
CHAPTER 6 Deploying Enterprise Security Policies 103
System Policies, Group Policies, and Interaction 103
Mixing Policies and Operating Systems 105
Security and the Group Policy Framework 107
Organized Layout of Policies 108
Policy Application Precedence 110
Creating Security Configuration Files 110
Default Domain Policy 112
Default Domain Controller Security Policies 112
Troubleshooting Group Policy 113
Checkpoints 114
CHAPTER 7 Patch Management 117
About Windows Server Update Services 117
Comparing Windows Server Update Services to Systems Management Server 118
Using Windows Server Update Services: On the Server Side 119
Using WSUS: On the Client Side 132
Checkpoints 135
CHAPTER 8 Network Access Quarantine Control 137
How Network Access Quarantine Works 138
A Step-by-Step Overview of Network Access Quarantine Control 138
Deploying NAQC 140
Creating Quarantined Resources 140
Writing the Baseline Script 141
Installing the Listening Components 143
Creating a Quarantined Connection Profile 145
Distributing the Profile to Remote Users 147
Configuring the Quarantine Policy 148
Checkpoints 153
CHAPTER 9 Internet Information Services Security 155
Completely Disable IIS 156
Keeping IIS Updated 156
Using Windows Update 157
Using Network-Based Hotfix Installation 157
Securing Files, Folders, and Scripts 158
The Microsoft Indexing Service 160
TCP/IP Port Evaluation 162
Administrative and Default Pages 163
The Ins and Outs of Internet Services Application Programming Interface 164
Looking at Apache as an Alternative 164
Checkpoints 165
CHAPTER 10 Exchange Server 2003 Security 167
Installation Security 167
Security Policy Modifications 169
For Exchange Server Machines 169
For Domain Controller Machines 169
Service Security 170
Patch Management 171
Protecting Against Address Spoofing 172
Protecting Against Denial-of-Service Attacks 174
Restricting SMTP Access 176
Controlling Access 178
Checkpoints 179
CHAPTER 11 Security Auditing and Event Logs 181
For Windows 2000, XP, and Server 2003 181
Recommended Items to Audit 183
Event Logs 183
The Event Viewer 184
For Windows NT 4.0 185
Recommended Items to Audit 186
The Event Log 187
Filtering Events 187
What Might Be Missing 188
Checkpoints 188
APPENDIX Quick-Reference Checklists 191
Chapter 1: Some Words About Hardening 191
Chapter 2: Windows NT Security 192
Chapter 3: Windows 2000 Security 194
Chapter 4: Windows XP Security 195
Chapter 5: Windows Server 2003 Security 196
Chapter 6: Deploying Enterprise Security Policies 197
Chapter 7: Patch Management 198
Chapter 8: Network Access Quarantine Control 198
Chapter 9: Internet Information Services Security 199
Chapter 10: Exchange Server 2003 Security 199
Chapter 11: Security Auditing and Event Logs 201
INDEX 203