Windows Server 2003 Security Infrastructures (eBook)
756 Seiten
Elsevier Science (Verlag)
978-0-08-052112-1 (ISBN)
*Explains nuts and bolts of Windows Server 2003 security
*Provides practical insights into how to deploy and administer secure Windows Server 2003 infrastructures
*Draws on the experience of a lead consultant in the Microsoft security area
Windows Server 2003 Security Infrastructures is a must for anyone that wants to know the nuts and bolts of Windows Server 2003 security and wants to leverage the operating system's security infrastructure components to build a more secure I.T. infrastructure. The primary goal of this book is to provide insights into the security features and technologies of the Windows Server 2003 operating system. It also highlights the security principles an architect should remember when designing an infrastructure that is rooted on the Windows Server 2003 OS.*Explains nuts and bolts of Windows Server 2003 security*Provides practical insights into how to deploy and administer secure Windows Server 2003 infrastructures*Draws on the experience of a lead consultant in the Microsoft security area
Front Cover 1
Windows Server 2003 Security Infrastructures 4
Copyright Page 5
Contents 8
Foreword by Tony Redmond 14
Foreword by Mark Mortimore 16
Preface 20
Acknowledgments 24
Chapter 1. The Challenge of Trusted Security Infrastructures 26
1.1 Introduction 26
1.2 Positioning trusted security infrastructures 28
1.3 The fundamental role of trust 31
1.4 TSI roles 31
1.5 The long road toward unified TSI solutions 42
1.6 Microsoft and the challenge of TSIs 46
1.7 Conclusion 51
Chapter 2. Windows Security Authorities and Principals 54
2.1 Security authorities 54
2.2 Security principals 62
Chapter 3. Windows Trust Relationships 94
3.1 Defining trust relationships 94
3.2 Trust properties and types 96
3.3 Trust relationships: Under the hood 99
3.4 Forest trust 102
3.5 Trusts and secure channels 118
3.6 Trusts and firewalls 123
Chapter 4. Introducing Windows Authentication 126
4.1 Authentication infrastructure terminology 126
4.2 Qualifying authentication 128
4.3 Authentication authentication architecture 131
4.4 Authentication in the Windows machine startup and user logon sequences 137
4.5 NTLM-based authentication 141
4.6 Secondary logon service 145
4.7 Anonymous access 148
4.8 Credential caching 149
4.9 General authentication troubleshooting 150
4.10 What’s coming up in the next chapters? 157
Chapter 5. Kerberos 158
5.1 Introducing Kerberos 158
5.2 Kerberos: The basic protocol 162
5.3 Logging on to windows using Kerberos 177
5.4 Advanced Kerberos topics 189
5.5 Kerberos configuration 215
5.6 Kerberos and authentication troubleshooting 222
5.7 Kerberos interoperability 225
Chapter 6. IIS Authentication 232
6.1 Secure by default in IIS 6.0 232
6.2 Introducing IIS authentication 234
6.3 HTTP authentication 236
6.4 Integrated Windows authentication 246
6.5 Passport-based authentication 248
6.6 Certificate-based authentication 248
6.7 IIS Authentication method comparison 265
Chapter 7. Microsoft Passport 266
7.1 Passport-enabling Web technologies 266
7.2 Passport infrastructure 267
7.3 Basic passport authentication exchange 268
7.4 XP and Windows Server 2003 changes 271
7.5 Passport cookies 273
7.6 Passport authentication revisited 277
7.7 Passport and the privacy of user information 280
7.8 Passport integration in Windows Server 2003 281
7.9 Passport futures 283
Chapter 8. UNIX and Windows Authentication Interoperability 286
8.1 Comparing Windows and UNIX authentication 286
8.2 Interoperability enabling technologies 287
8.3 UNIX security-related concepts 289
8.4 Windows and UNIX account management and authentication integration approaches 299
8.5 Summary 321
Chapter 9. Single Sign-On 324
9.1 Single sign-on: Pros and cons 324
9.2 SSO architectures 326
9.3 Extending SSO 339
9.4 SSO technologies in Windows Server 2003 and XP 344
9.5 Summary 351
Chapter 10. Windows Server 2003 Authorization 354
10.1 Authorization basics 354
10.2 The Windows authorization model 355
10.3 Windows 2000 authorization changes 360
10.4 Windows Server 2003 authorization changes 384
10.5 Authorization intermediaries 392
10.6 User rights 404
10.7 Administrative delegation 406
10.8 Authorization tools 415
Chapter 11. Malicious Mobile Code Protection 418
11.1 Malicious mobile code protection architecture 418
11.2 Software restriction policies 419
11.3 Code Access Security 425
11.4 Comparing SRPs and CAS 440
Chapter 12. New Authorization Tracks: Role-Based Access Control and Digital Rights Management 442
12.1 Role-based access control 442
12.2 Digital rights management 453
Chapter 13. Introducing Windows Server 2003 Public Key Infrastructure 466
13.1 Getting started 466
13.2 A short history of Windows PKI 466
13.3 Why use the Microsoft PKI software? 468
13.4 Windows Server 2003 PKI core components 469
Chapter 14. Trust in Windows Server 2003 PKI 518
14.1 PKI is all about trust 518
14.2 A trust taxonomy 519
14.3 PKI trust terminology 520
14.4 PKI trust models 521
14.5 User PKI trust management 540
14.6 CA trust definition 546
14.7 Summary 568
Chapter 15. The Certificate Life Cycle 570
15.1 Overview of the certificate life cycle 570
15.2 Certificate enrollment 571
15.3 Key archival and recovery 593
15.4 Data recovery 604
15.5 Certificate validation 605
15.6 Certificate retrieval 614
15.7 Key and certificate update 614
15.8 Certificate revocation 615
15.9 Certificate expiry and certificate lifetimes 624
Chapter 16. Building and Maintaining a Windows PKI 628
16.1 Building a PKI 628
16.2 Maintaining a PKI 657
16.3 Administration and troubleshooting tools 665
Chapter 17. Windows Server 2003 PKI-enabled Applications 668
17.1 Encrypting File System 668
17.2 Secure mail using S/MIME 692
17.3 Leveraging smart cards and USB tokens for PKI-enabled applications 704
Chapter 18. Windows Server 2003 Security Management 712
18.1 Security policy management 712
18.2 Security patch management 729
18.3 Security-related auditing 737
Appendix A. The ITU-T X.509 Standard for Certificate and CRL Formats 746
Appendix B. PKCS Standards 750
Index 752
| Erscheint lt. Verlag | 2.4.2004 |
|---|---|
| Sprache | englisch |
| Themenwelt | Sachbuch/Ratgeber |
| Informatik ► Betriebssysteme / Server ► Windows | |
| Informatik ► Betriebssysteme / Server ► Windows Server | |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| ISBN-10 | 0-08-052112-6 / 0080521126 |
| ISBN-13 | 978-0-08-052112-1 / 9780080521121 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 17,5 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
