Securing Windows Server 2008 (eBook)
656 Seiten
Elsevier Science (Verlag)
978-0-08-056997-0 (ISBN)
As a result of being at the top of the most used and most hacked lists, Microsoft has released a truly powerful suite of security tools for system administrators to deploy with Windows Server 2008. This book is the comprehensive guide needed by system administrators and security professionals to master seemingly overwhelming arsenal of new security tools including:
1.Network Access Protection, which gives administrators the power to isolate computers that don't comply with established security policies. The ability to enforce security requirements is a powerful means of protecting the network.
2.Enhanced solutions for intelligent rules and policies creation to increase control and protection over networking functions, allowing administrators to have a policy-driven network.
3.Protection of data to ensure it can only be accessed by users with the correct security context, and to make it available when hardware failures occur.
4.Protection against malicious software with User Account Control with a new authentication architecture.
5.Increased control over your user settings with Expanded Group Policy.
...to name just a handful of the new security features. In short, Windows Server 2008 contains by far the most powerful and complex suite of security tools ever released in a Microsoft Server product. Securing Windows Server 2008 provides system administrators and security professionals with the knowledge they need to harness this power.
* Describes new technologies and features in Windows Server 2008, such as improvements to networking and remote access features, centralized server role management, and an improved file system.
* Outlines steps for installing only the necessary components and subsystems of Windows Server 2008 in your environment. No GUI needed.
* Describes Windows Server 2008?s security innovations, such as Network Access Protection, Federated Rights Management, and Read-Only Domain Controller
* Includes coverage of monitoring, securing, and troubleshooting Windows Server 2008
* Covers Microsoft's Hyper-V virtualization technology, which is offered as an add-on to four of the eight versions of Windows Server 2008 and as a stand-alone product
"
Microsoft hails the latest version of its flagship server operating system, Windows Server 2008, as "e;the most secure Windows Server ever"e;. However, to fully achieve this lofty status, system administrators and security professionals must install, configure, monitor, log, and troubleshoot a dizzying array of new features and tools designed to keep the bad guys out and maintain the integrity of their network servers. This is no small task considering the market saturation of Windows Server and the rate at which it is attacked by malicious hackers. According to IDC, Windows Server runs 38% of all network servers. This market prominence also places Windows Server at the top of the SANS top 20 Security Attach Targets. The first five attack targets listed in the SANS top 20 for operating systems are related to Windows Server. This doesn't mean that Windows is inherently less secure than other operating systems; it's simply a numbers game. More machines running Windows Server. More targets for attackers to hack.As a result of being at the top of the "e;most used"e; and "e;most hacked"e; lists, Microsoft has released a truly powerful suite of security tools for system administrators to deploy with Windows Server 2008. This book is the comprehensive guide needed by system administrators and security professionals to master seemingly overwhelming arsenal of new security tools including: 1. Network Access Protection, which gives administrators the power to isolate computers that don't comply with established security policies. The ability to enforce security requirements is a powerful means of protecting the network.2. Enhanced solutions for intelligent rules and policies creation to increase control and protection over networking functions, allowing administrators to have a policy-driven network.3. Protection of data to ensure it can only be accessed by users with the correct security context, and to make it available when hardware failures occur.4. Protection against malicious software with User Account Control with a new authentication architecture.5. Increased control over your user settings with Expanded Group Policy....to name just a handful of the new security features. In short, Windows Server 2008 contains by far the most powerful and complex suite of security tools ever released in a Microsoft Server product. Securing Windows Server 2008 provides system administrators and security professionals with the knowledge they need to harness this power. Describes new technologies and features in Windows Server 2008, such as improvements to networking and remote access features, centralized server role management, and an improved file system Outlines steps for installing only the necessary components and subsystems of Windows Server 2008 in your environment. No GUI needed Describes Windows Server 2008?s security innovations, such as Network Access Protection, Federated Rights Management, and Read-Only Domain Controller Includes coverage of monitoring, securing, and troubleshooting Windows Server 2008 Covers Microsoft's Hyper-V virtualization technology, which is offered as an add-on to four of the eight versions of Windows Server 2008 and as a stand-alone product
Front Cover 1
Securing Windows Server 2008 4
Copyright page 5
Contributing Authors' 6
Contents 8
Chapter 1: Microsoft Windows Server 2008: An Overview 16
Introduction 17
Server Manager 18
Using Server Manager to Implement Roles 18
Server Core 24
Using Server Core and Active Directory 25
What Is Server Core? 25
Uses for Server Core 31
Active Directory Certificate Services 33
Configuring a Certificate Authority 38
Certificate Authorities 38
Standard vs. Enterprise 39
Root vs. Subordinate Certificate Authorities 39
Certificate Requests 41
Request a Certificate from a Web Server 45
Certificate Practice Statement 46
Key Recovery 46
Active Directory Domain Services 47
What Is New in the AD DS Installation? 47
Summary 49
Solutions Fast Track 49
Server Manager 49
Server Core 49
Active Directory Certificate Services 50
Active Directory Domain Services 50
Frequently Asked Questions 51
Chapter 2: Microsoft Windows Server 2008: PKI-Related Additions 54
Introduction 55
What Is PKI? 56
The Function of the PKI 58
Components of PKI 59
How PKI Works 61
PKCS Standards 63
Public Key Functionality 69
Digital Signatures 69
Authentication 70
Secret Key Agreement via Public Key 71
Bulk Data Encryption without Prior Shared Secrets 71
Digital Certificates 72
User Certificates 74
Machine Certificates 75
Application Certificates 75
Working with Certificate Services 75
Backing Up Certificate Services 76
Restoring Certificate Services 78
Assigning Roles 81
Enrollments 82
Revocation 83
Working with Templates 86
General Properties 88
Request Handling 90
Cryptography 91
Subject Name 92
Issuance Requirements 93
Security 96
Types of Templates 97
User Certificate Types 97
Computer Certificate Types 99
Other Certificate Types 100
Custom Certificate Templates 101
Creating a Custom Template 101
Securing Permissions 103
Versioning 104
Key Recovery Agent 105
Summary 107
Solutions Fast Track 108
What Is PKI? 108
Digital Certificates 108
Working with Certificate Services 109
Working with Templates 109
Creating a Custom Template 110
Frequently Asked Questions 111
Chapter 3: Microsoft Windows Server 2008: Active Directory Domain 114
Introduction 115
Configuring Audit Policies 116
Logon Events 119
Directory Service Access 120
Configuring Directory Service Access Auditing in Group Policy 120
Configuring Active Directory Object Auditing 121
Fine-Grain Password and Account Lockout Policies 124
Configuring a Fine-Grain Password Policy 125
Applying Users and Groups to a PSO with Active Directory Users and Computers 134
Read-Only Domain Controllers (RODCs) 137
Introduction to RODC 137
An RODC’s Purpose in Life 137
RODC Features 138
Configuring RODC 139
Removing an RODC 143
Digital Rights Management Service 145
Summary 146
Solutions Fast Track 147
Configuring Audit Policies 147
Fine-Grain Password and Account Lockout Policies 147
Read-Only Domain Controllers (RODCs) 147
Configuring Active Directory Rights Management Services 148
Frequently Asked Questions 149
Chapter 4: Microsoft Windows Server 2008: Network Security Changes 152
Introduction 153
Network Policy Server 154
Configuring Policies and Settings for NAP Enforcement Methods in NPS 157
Network Policy and Access Services Role 158
NTLMv2 and Kerberos Authentication 161
802.1x Wired and Wireless Access 162
WLAN Authentication Using 802.1x and 802.3 163
Wireless and Wired Authentication Technologies 164
Implementing Secure Network Access Authentication 166
Configuring 802.1x Settings in Windows Server 2008 168
Configuring Wireless Access 171
Set Service Identifier (SSID) 175
Wi-Fi Protected Access (WPA) 176
Wi-Fi Protected Access 2 (WPA2) 177
Ad Hoc vs. Infrastructure Mode 177
Wireless Group Policy 180
Creating a New Policy 180
Summary 182
Solutions Fast Track 182
Network Policy Server 182
Network Policy and Access Services Role 183
802.1x Wired and Wireless Access 183
Frequently Asked Questions 184
Chapter 5: Microsoft Windows Server 2008: Data Protection 186
Introduction 187
BitLocker 187
Trusted Platform Modules 189
A Practical Example 190
Full Volume Encryption 190
Startup Process Integrity Verification 190
Recovery Mechanisms 192
Remote Administration 192
Secure Decommissioning 192
BitLocker Architecture 193
Keys Used for Volume Encryption 194
Hardware Upgrades on BitLocker Protected Systems 195
BitLocker Authentication Modes 196
TPM Only 196
TPM with PIN Authentication 196
TPM with Startup Key Authentication 197
Startup Key-Only 197
When to Use BitLocker on a Windows 2008 Server 198
Support for Multifactor Authentication on Windows Server 2008 198
PIN Authentication 198
Startup Key Authentication 199
Enabling BitLocker 199
Partitioning Disks for BitLocker Usage 199
Installing BitLocker on Windows Server 2008 201
Turning on and Configuring BitLocker 202
Turning on Bitlocker for Data Volumes 205
Configuring BitLocker for TPM-Less Operation 206
Turning on BitLocker on Systems without a TPM 207
Administration of BitLocker 209
Using Group Policy with BitLocker 209
Storing BitLocker and TPM Recovery Information in Active Directory 211
Storage of BitLocker Recovery Information in Active Directory 211
Storage of TPM Information in Active Directory 212
Prerequisites 212
Extending the Schema 213
Setting Required Permissions for Backing Up TPM Passwords 215
Enabling Group Policy Settings for BitLocker and TPM Active Directory Backup 215
Recovering Data 216
Testing Bitlocker Data Recovery 217
Disabling BitLocker 218
Active Directory Rights Management Services 218
Managing Trust Policies 221
Exclusion Policies 223
Configuring Policy Templates 226
Managing Your AD RMS Cluster 227
Removing AD RMS 228
Reporting 229
Transport Security 232
Adding a New Security Certificate 235
Authentication 241
Considerations When Using Client Certificates 244
Authorization 247
URL Authorization 247
IP Authorization 250
Request Filtering 252
.NET Trust Levels 254
Summary 256
Solutions Fast Track 256
BitLocker 256
Active Directory Rights Management Services 257
Authorization 257
Frequently Asked Questions 258
Chapter 6: Microsoft Windows Server 2008: Networking Essentials 260
Introduction 261
Not Your Father’s TCP/IP Stack 261
Introduction of IPv6 and Dual Stack 262
IPv6 Addressing Conventions 262
IPv6 Assigned Unicast Routable Address Prefixes 263
IPv6 Auto-Configuration Options 263
IPv6 Transition Technologies 264
Configuring IPv6 Settings 264
Using the Network and Sharing Center 270
Using Network Map 271
Connect to a Network 272
Manage Network Connections 276
Diagnose and Repair 277
Managing Wired Connections 278
Managing Wireless Connections 279
Changing from a Private to a Public Network Location 283
Other Troubleshooting Methods 284
Summary 285
Solutions Fast Track 285
Not Your Father’s TCP/IP Stack 285
The Network and Sharing Center 285
Network Map 286
Frequently Asked Questions 287
Chapter 7: Microsoft Windows Server 2008: Server Core 288
Introduction 289
Server Core Features 290
Server Core Has Minimal Attack Vector Opportunities 291
Server Core Requires Less Software Maintenance 292
Server Core Uses Less Disk Space for Installation 293
Server Core Components 293
What Is There? 293
Which Roles Can Be Installed? 296
What Is Missing? 299
Server Core Best Practices 302
Installing Software 302
Changing Background Settings and More 303
Enabling remote cmd.exe with Terminal Services 305
Changing the Command Prompt 307
Administrating Server Core with RDP 309
Creating Batch Menus 311
Combining Server Core, Read-Only Domain Controller, and BitLocker 313
Server Core Administration 314
Installing Server Core 314
Steps for a Normal Installation 314
Steps for an Unattended Installation 315
Configuring Server Core 316
Configuring the IPV4 IP-Stack 316
Configuring Windows Firewall 318
Changing the Hostname 320
Joining a Domain 320
Activating the Server 320
Enabling Automatic Updates 321
Swapping Mouse Buttons 324
Changing the Regional Settings 324
Changing the Date/Time or Timezone 325
Changing the Administrator Password 326
Adding Users to the Local Administrator Group 327
Setting the Pagefile 327
Installing Server Core Roles 327
Administrating Server Core 331
Remote Server Administration Tools (RSAT) 331
Winrm/winrs 332
Managing Server Core with Group Policy 333
PowerShell 334
Installing Active Directory Domain Services on Server Core 334
Summary 337
Solutions Fast Track 338
Server Core Features 338
Server Core Components 338
Server Core Best Practices 339
Server Core Administration 339
Frequently Asked Questions 340
Chapter 8: Configuring Windows Server Hyper-V and Virtual 342
Introduction 343
Advancing Microsoft’s Strategy for Virtualization 343
Understanding Virtualization 345
Understanding the Components of Hyper-V 349
Configuring Virtual Machines 352
Installing Hyper-V 353
Installing and Managing Hyper-V on Windows Server Core Installations 356
Virtual Networking 357
Virtualization Hardware Requirements 359
Virtual Hard Disks 360
Adding Virtual Machines 363
Installing Hyper-V and Creating Virtual Machines 369
Migrating from Physical to Virtual Machines 369
Planning a P2V Migration 374
Backing Up Virtual Machines 375
Backing Up a Virtual Hard Drive 380
Virtual Server Optimization 380
Summary 384
Solutions Fast Track 385
Configuring Virtual Machines 385
Migrating from Physical to Virtual Machines 385
Backing Up Virtual Machines 386
Virtual Server Optimization 387
Frequently Asked Questions 388
Chapter 9: Microsoft Windows Server 2008: Terminal Services Changes 390
Introduction 391
Terminal Services RemoteApp 391
Configuring TS RemoteApp 392
Terminal Services Gateway 401
Terminal Services Web Access 404
Configuring TS Remote Desktop Web Connection 408
Summary 410
Solutions Fast Track 410
Terminal Services RemoteApp 410
Terminal Services Gateway 410
Terminal Services Web Access 411
Frequently Asked Questions 412
Index 414
| Erscheint lt. Verlag | 1.7.2008 |
|---|---|
| Sprache | englisch |
| Themenwelt | Sachbuch/Ratgeber |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| Informatik ► Office Programme ► Outlook | |
| Mathematik / Informatik ► Mathematik ► Algebra | |
| Mathematik / Informatik ► Mathematik ► Angewandte Mathematik | |
| Technik | |
| ISBN-10 | 0-08-056997-8 / 0080569978 |
| ISBN-13 | 978-0-08-056997-0 / 9780080569970 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 15,5 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
