Microsoft Windows Security Resource Kit (Paperback)

Ben Smith, Brian Komar, Microsoft Corporation

  • 出版商: MicroSoft
  • 出版日期: 2003-04-12
  • 定價: $1,750
  • 售價: 5.0$875
  • 語言: 英文
  • 頁數: 720
  • 裝訂: Paperback
  • ISBN: 8120322932
  • ISBN-13: 9780735618688
  • 相關分類: 資訊安全
  • 立即出貨(限量) (庫存=7)




Help maximize security for Windows-based systems, services, and networks?with tools and resources direct from Microsoft.

Get the in-depth information and tools you need to help secure Microsoft® Windows®–based clients, servers, networks, and Internet services with expertise from those who know the technology best—the Microsoft Security Team. These expert authors prescribe how to plan and implement a comprehensive security-management strategy—from identifying risks to configuring security technologies, applying security best practices, and monitoring and responding to security incidents. The kit also provides essential security tools, scripts, and other on-the-job resources—all designed to help maximize data and system security while minimizing downtime and costs.

• Gain a framework for understanding security threats and vulnerabilities and applying countermeasures
• Help protect servers, desktops, and laptops by configuring permissions, security templates, TCP/IP settings, and application-level security
• Implement security enhancements for domain controllers, Microsoft Internet Information Services 5.0, Windows Terminal Services, and DNS, DHCP, WINS, RAS, VPN, and certificate servers
• Help secure Active Directory® objects, attributes, domains, and forests; use Group Policy; manage user accounts and passwords
• Develop an auditing strategy and incident response team
• Utilize security assessment tools, detect and respond to internal and external security incidents, and recover services
• Create a process for deploying and managing security updates
•Help establish your enterprise privacy strategy

CD-ROM features:
50+ tools and scripts from the Microsoft Security Team and the Microsoft Windows Resource Kits, including:
• Subinacl.exe—view and help maintain security on files, registry keys, and services from the command line or in batch files
• Ntrights.exe—set user rights from the command line or in batch files
• EventcombMT.exe—collect and search event logs from multiple computers through a GUI
• Scripts for configuring security
Plus, a fully searchable eBook



Table of Contents:



獲取深入的資訊和工具,以幫助保護Microsoft Windows系統的客戶端、伺服器、網絡和網際網路服務,並獲得來自最了解技術的Microsoft安全團隊的專業知識。這些專家作者提供了如何規劃和實施全面的安全管理策略的建議,從識別風險到配置安全技術、應用安全最佳實踐、監控和應對安全事件。該套件還提供了必要的安全工具、腳本和其他在工作中使用的資源,旨在最大化數據和系統的安全性,同時最大限度地減少停機時間和成本。

• 獲得了解安全威脅和漏洞以及應對措施的框架
• 通過配置權限、安全模板、TCP/IP設定和應用層安全來幫助保護伺服器、桌面和筆記型電腦
• 為域控制器、Microsoft Internet Information Services 5.0、Windows Terminal Services和DNS、DHCP、WINS、RAS、VPN和憑證伺服器實施安全增強功能
• 幫助保護Active Directory對象、屬性、域和林;使用群組策略;管理使用者帳戶和密碼
• 制定審計策略和應對小組
• 利用安全評估工具,檢測和應對內部和外部安全事件,並恢復服務
• 建立部署和管理安全更新的流程
• 幫助建立企業隱私策略

來自Microsoft安全團隊和Microsoft Windows資源套件的50多個工具和腳本,包括:
• Subinacl.exe-從命令行或批處理文件中查看和維護文件、註冊表鍵和服務的安全性
• Ntrights.exe-從命令行或批處理文件中設置使用者權限
• EventcombMT.exe-通過圖形界面收集和搜索多台計算機的事件日誌
• 用於配置安全性的腳本

1. 安全的關鍵原則
- 了解風險管理
- 學習管理風險
- 風險管理策略
- 了解安全
- 最低權限原則授權

Foreword xix
        Acknowledgments xxi
        Introduction xxiii
    1  Key Principles of Security 3
        Understanding Risk Management 3
            Learning to Manage Risk 4
            Risk Management Strategies 6
        Understanding Security 8
            Granting the Least Privilege Required 8
            Defending Each Network Layer 8
            Reducing the Attack Surface 8
            Avoiding Assumptions 8
            Protecting, Detecting, and Responding 9
            Securing by Design, Default, and Deployment 9
            The 10 Immutable Laws of Security 9
            The 10 Immutable Laws of Security Administration 11
    2  Understanding Your Enemy 15
        Knowing Yourself 16
            Accurately Assessing Your Own Skills 16
        Possessing Detailed Documentation of Your Network 16
        Understanding the Level of Organizational Support You Receive 17
        Identifying Your Attacker 17
            Understanding External Attackers 19
            Understanding Internal Attackers 20
        What Motivates Attackers? 21
            Notoriety, Acceptance, and Ego 22
            Financial Gain 23
            Challenge 24
            Activism 25
            Revenge 25
            Espionage 25
            Information Warfare 26
        Why Defending Networks Is Difficult 27
            Attackers Have Unlimited Resources 27
            Attackers Need to Master Only One Attack 27
            Defenders Cannot Take the Offensive 27
            Defenders Must Serve Business Goals 28
            Defenders Must Win All the Time 29
    3  Securing User Accounts and Passwords 33
        Securing Accounts 33
            Understanding Security Identifiers 34
            Understanding Access Tokens 36
            Configuring Account Security Options 38
            Securing Administrative Accounts 40
            Implementing Password Security 43
        Granting Rights and Permissions Using Groups 49
            User Rights and Permissions 50
            Group Types and Scope 55
            Implementing Role-Based Security in Windows 2000 64
        Securing Passwords 67
            Understanding Authentication 67
            Storing Secrets in Windows 77
        Best Practices 80
        Additional Information 81
    4  Securing Active Directory Objects and Attributes 83
        Understanding the Active Directory Schema 83
            Attributes 84
            Classes 84
        Configuring DACLs to Secure Active Directory Objects 86
            What Are DACLs? 87
            How DACLs Work 90
        Securing Active Directory Objects and Attributes 91
            Configuring Default DACLs on Objects and Attributes 91
            Securing Objects After Being Created 93
            Configuring DACLs from the Command Line 94
        Best Practices 96
        Additional Information 97
    5  Implementing Group Policy 99
        Understanding Group Policy 99
            Computer-Related Group Policies 100
            User-Related Group Policies 102
            Using Group Policy Containers 104
        Processing Group Policy Objects 106
            Initial Group Policy Application 106
            Group Policy Refresh 107
            On-Demand Processing 107
        Altering Group Policy Application 108
            Block Inheritance 108
            No Override 109
            Group Policy Object Filtering 109
            Loopback Mode Processing 110
        Managing Group Policy 111
            Default Group Policy Permissions 111
            Delegating Group Policy Management 112
        Best Practices 113
        Additional Information 113
    6  Designing Active Directory Forests and Domains for Security 115
        Autonomy and Isolation in Active Directory 115
            Designing Forests for Active Directory Security 116
            Enterprise Administration Boundaries and Isolation of Authority 117
            Default Permissions and Schema Control 117
            Global Catalog Boundaries 118
            Domain Trust Requirements 118
            Domain Controller Isolation 119
            Protection of the Forest Root Domain 119
        Designing Domains for Active Directory Security 121
        Designing DNS for Active Directory Security 123
            Single Namespace 125
            Delegated Namespace 125
            Internal Namespace 125
            Segmented Namespace 125
        Designing the Delegation of Authority 126
        Best Practices 128
        Additional Information 130
    7  Securing Permissions 135
        Securing File and Folder Permissions 135
            How DACLs Work 140
            Assigning DACLs at Creation 141
            How DACLs Are Handled When Files and Folders Are Copied or Moved 142
            Command-Line Tools 143
            Default File and Folder Permissions 148
            Securing Files and Folder Access by Using Share Permissions 155
        Using the Encrypting File System 156
            How EFS Works 157
            EFS Command-Line Tools 159
            Additional EFS Features in Windows XP 162
            Introduction to Designing a Data Recovery Agent Policy 165
        Securing Registry Permissions 166
            Configuring Registry Permissions 168
        Best Practices 169
        Additional Information 169
    8  Securing Services 173
        Managing Service Permissions 173
            Configuring the Startup Value for a Service 175
            Stopping, Starting, Pausing, and Resuming Services 176
            Configuring the Security Context of Services 177
            Configuring the DACL for the Service 178
        Default Services in Windows 2000 and Windows XP 180
        Best Practices 202
        Additional Information 203
    9  Implementing TCP/IP Security 205
        Securing TCP/IP 205
            Understanding Internet Layer Protocols 206
            Understanding Transport Layer Protocols 209
            Common Threats to TCP/IP 212
            Configuring TCP/IP Security in Windows 2000 and Windows XP 215
        Using IPSec 225
            Securing Data Transmission with IPSec Protocols 226
            Choosing Between IPSec Modes 229
            Selecting an IPSec Authentication Method 230
            Creating IPSec Policies 231
            How IPSec Works 235
            Monitoring IPSec 238
        Best Practices 240
        Additional Information 241
    10  Securing Microsoft Internet Explorer 6 and Microsoft Office XP 243
        Security Settings in Internet Explorer 6 243
            Privacy Settings 243
            Security Zones 247
            Configuring Privacy and Security Settings in Internet Explorer 6 262
        Security Settings in Office XP 263
            Configuring ActiveX and Macros Security 263
            Configuring Security for Outlook 2002 266
        Best Practices 267
        Additional Information 267
    11  Configuring Security Templates 269
        Using Security Template Settings 269
            Account Policies 270
            Local Policies 273
            Event Log 288
            Restricted Groups 289
            System Services 289
            Registry 290
            File System 290
            Public Key Policies 290
            IP Security Policies 291
        How Security Templates Work 291
            Applying Security Templates to a Local Computer 291
            Applying Security Templates by Using Group Policy 295
        Default Security Templates 296
        Creating Custom Security Templates 298
            Adding Registry Entries to Security Options 298
            Adding Services, Registry Values, and Files to Security Templates 301
        Best Practices 301
        Additional Information 302
    12  Auditing Microsoft Windows Security Events 305
        Determining Which Events to Audit 306
        Managing the Event Viewer 307
            Determining the Storage Location 308
            Determining the Maximum Log File Size 308
            Configuring the Overwrite Behavior 308
        Configuring Audit Policies 310
            Auditing Account Logon Events 310
            Auditing Account Management Events 315
            Auditing Directory Service Access 317
            Auditing Logon Events 318
            Auditing Object Access 320
            Auditing Policy Change 322
            Auditing Privilege Use 323
            Auditing Process Tracking 324
            Auditing System Events 325
            How to Enable Audit Policies 326
        Monitoring Audited Events 328
            Using the Event Viewer 328
            Using Custom Scripts 329
            Using Event Comb 329
        Best Practices 333
        Additional Information 334
    13  Securing Mobile Computers 335
        Understanding Mobile Computers 335
            Increase in the Possibility of Being Lost or Stolen 335
            Difficulty in Applying Security Updates 337
            Exposure to Untrusted Networks 338
            Eavesdropping on Wireless Connectivity 338
        Implementing Additional Security for Laptop Computers 339
            Hardware Protection 339
            Boot Protection 341
            Data Protection 343
            User Education 345
        Securing Wireless Networking in Windows XP 346
            Using Wireless Zero Configuration in Windows XP 346
            Configuring Security for 802.11 Wireless Network Connectivity 347
            Configuring 802.11 Security with 802.1x 350
        Best Practices 352
        Additional Information 352
    14  Implementing Security for Domain Controllers 357
        Threats to Domain Controllers 357
            Modification of Active Directory Objects 358
            Password Attacks 358
            Denial-of-Service Attacks 358
            Replication Prevention Attacks 358
            Exploitation of Known Vulnerabilities 359
        Implementing Security on Domain Controllers 359
            Providing Physical Security 359
            Increasing the Security of Stored Passwords 360
            Eliminating Nonessential Services 361
            Applying Security Settings by Using Group Policy 363
            Protecting Against the Failure of a Domain Controller 363
            Implementing Syskey 364
            Securing Built-In Accounts and Groups 364
            Enabling Auditing 366
            Securing Active Directory Communications 366
        Best Practices 369
        Additional Information 370
    15  Implementing Security for DNS Servers 373
        Threats to DNS Servers 374
            Modification of DNS Records 375
            Zone Transfer of DNS Data by an Unauthorized Server 375
            Exposure of Internal IP Addressing Schemes 375
            Denial-of-Service Attacks Against DNS Services 376
        Securing DNS Servers 376
            Implementing Active Directory-Integrated Zones 376
            Implementing Separate Internal and External DNS Name Servers 377
            Restricting Zone Transfers 378
            Implementing IPSec Between DNS Clients and DNS Servers 379
            Restricting DNS Traffic at the Firewall 380
            Limiting Management of DNS 381
            Protecting the DNS Cache 381
        Best Practices 381
        Additional Information 382
    16  Implementing Security for Terminal Services 385
        Threats to Terminal Services 386
            Grants Excess Permissions for Users 386
            Allows Bypass of Firewall Security 386
            Uses a Well-Known Port 387
            Requires the Log On Locally User Right 387
            Provides an Attacker with a Full Windows Desktop 387
        Securing Terminal Services 387
            Choosing the Correct Terminal Services Mode 388
            Restricting Which Users and Groups Have the Log On Locally User Right 389
            Preventing Remote Control on Terminal Servers 389
            Restricting Which Applications Can Be Executed 390
            Implementing the Strongest Form of Encryption 392
            Strengthening the Security Configuration of the Terminal Server 393
        Best Practices 393
        Additional Information 394
    17  Implementing Security for DHCP Servers 397
        Threats to DHCP Servers 398
            Unauthorized DHCP Servers 398
            DHCP Servers Overwriting Valid DNS Resource Records 399
            DHCP Not Taking Ownership of DNS Resource Records 399
            Unauthorized DHCP Clients 400
        Securing DHCP Servers 400
            Keeping Default Name Registration Behavior 401
            Determining Whether to Use the DNSUpdateProxy Group 401
            Avoiding Installation of DHCP on Domain Controllers 401
            Reviewing DHCP Database for BAD_ADDRESS Entries 403
            Monitoring Membership in the DHCP Administrators Group 403
            Enabling DHCP Auditing 404
        Best Practices 404
        Additional Information 405
    18  Implementing Security for WINS Servers 407
        Threats to WINS Servers 409
            Preventing Replication Between WINS Servers 409
            Registration of False NetBIOS Records 409
            Incorrect Registration of WINS Records 409
            Modification of WINS Configuration 410
        Securing WINS Servers 410
            Monitor Membership in the WINS Admins Group 410
            Validate WINS Replication Configuration 410
            Eliminate NetBIOS Applications and Decommission Them 411
        Best Practices 411
        Additional Information 412
    19  Implementing Security for Routing and Remote Access 413
        Remote Access Solution Components 413
            Authentication Protocols 414
            VPN Protocols 415
            Client Software 416
            Server Services and Software 417
        Threats to Remote Access Solutions 417
            Authentication Interception 418
            Data Interception 418
            Bypass of the Firewall to the Private Network 419
            Nonstandardized Policy Application 419
            Network Perimeter Extended to Location of Dial-In User 420
            Denial of Service Caused by Password Attempts 420
            Stolen Laptops with Saved Credentials 420
        Securing Remote Access Servers 421
            Implementing RADIUS Authentication and Accounting 421
            Securing RADIUS Authentication Traffic Between the Remote Access Server and the RADIUS Server 422
            Configuring a Remote Access Policy 422
            Deploying Required Certificates for L2TP/IPSec 425
            Restricting Which Servers Can Run RRAS 427
            Implementing Remote Access Account Lockout 428
        Securing Remote Access Clients 428
            Configuring the CMAK Packages 429
            Implementing Strong Authentication 429
            Deploying Required Certificates 429
        Best Practices 430
        Additional Information 431
    20  Implementing Security for Certificate Services 433
        Threats to Certificate Services 433
            Compromise of a CA's Key Pair 434
            Attacks Against Servers Hosting CRLs and CA Certificates 434
            Attempts to Modify the CA Configuration 434
            Attempts to Modify Certificate Template Permissions 434
            Attacks that Disable CRL Checking 434
            Addition of Nontrusted CAs to the Trusted Root CA Store 435
            Issuance of Fraudulent Certificates 435
            Publication of False Certificates to Active Directory 435
        Securing Certificate Services 435
            Implementing Physical Security Measures 436
            Implementing Logical Security Measures 436
            Modifying CRL and CA Certificate Publication Points 437
            Enabling CRL Checking in All Applications 437
            Managing Permissions of Certificate Templates 437
        Best Practices 438
        Additional Information 438
    21  Implementing Security for Microsoft IIS 5.0 441
        Implementing Windows 2000 Security 442
            Minimizing Services 442
            Defining User Accounts 443
            Securing the File System 444
            Applying Specific Registry Settings 446
        Configuring IIS Security 447