At a Glance
544 Pages
22.86 x 18.42 x 3.18
Paperback
$87.25
or 4 interest-free payments of $21.81 with
 orÂAims to ship in 10 to 15 business days
"The definitive tool to learn what's proper for Microsoft Windows systems. Roberta's excellent guidance will easily help you build secure, resiliant systems." --Steve Riley, Security Business and Technology Unit, Windows Division, Microsoft Corporation
Take a proactive approach to network security by hardening your Windows systems against attacks before they occur. Written by security evangelist Roberta Bragg, this hands-on resource provides concrete steps you can take immediately as well as ongoing actions to ensure long-term security. Whether you have one Windows server or one hundred, you'll get complete details on how to systematically harden your network from the ground up, as well as strategies for getting company-wide support for your security plan. With coverage of Windows 95/98/NT 4.0/2000/XP and Windows Server 2003, this book is an essential security tool for on-the-job IT professionals.
Features a four-part hardening methodology:
- Do This Now!--Checklist of immediate steps to take to lockdown your system from further attack
- Take It From The Top--Systematic approach to hardening your enterprise from the top down, focusing on authentication, access controls, borders, logical security boundaries, communications, storage, and administrative authority
- Once Is Never Enough!--Ongoing monitoring and assessment plan to keep your network secure, including patch management and auditing
- How to Succeed At Hardening Your Windows Systems--Strategies for getting budget approval, management buy-in, and employee cooperation for your security program
Roberta Bragg, CISSP, MCSE: Security, Security+, co-author of Network Security: The Complete Reference, instructor, and consultant, focuses on how to proactively deploy proven security principles to defend Windows systems from possible attack. Roberta is the Security Advisor columnist for MCP magazine, the Security Expert for searchWin2000.com, and writes for the Security Watch newsletter. Roberta is the series editor of McGraw-Hill/Osborne's Hardening security series.
Foreword | p. xiii |
Acknowledgments and Introduction | p. xv |
Do This Now! | |
An Immediate Call to Action | p. 3 |
Strengthen the Password Policy | p. 5 |
Create Logical Policies | p. 7 |
Change Policy for Local Accounts | p. 7 |
Change Policy for Individual Accounts | p. 8 |
Lock Down Remote Administration | p. 8 |
Lock Down Administrative Workstations | p. 11 |
Physically Secure All Systems | p. 12 |
Keep Secrets | p. 12 |
Disable EFS | p. 13 |
Ban Wireless Networks That Don't Meet Tough Security Policy Requirements | p. 13 |
Don't Allow Unprotected Laptops and Desktops to Connect to the LAN | p. 14 |
Use Runas or Su | p. 14 |
Disable Infrared File Transfer | p. 15 |
Take It from the Top: Systematic Harden | |
Harden Authentication--You Are Who You Can Prove You Are | p. 19 |
What Is Authentication? | p. 20 |
When Is Authentication Required? | p. 20 |
Where Does Authentication Fit in the Windows Security Framework? | p. 21 |
Authentication Credentials Choices | p. 22 |
Harden User Logon | p. 24 |
Logon Types | p. 25 |
Harden Accounts | p. 25 |
Harden the Account Policy | p. 27 |
Harden WetWare | p. 40 |
Kill Autologon | p. 42 |
Restrict Anonymous Access | p. 43 |
Protect Passwords on Windows 2000 | p. 45 |
Harden Network Authentication | p. 45 |
LM, NTLM, NTLMv2 | p. 46 |
Kerberos | p. 49 |
Remote Access Authentication Protocols | p. 49 |
Web Server Authentication Choices | p. 51 |
Harden Wireless Authentication | p. 53 |
Harden Computer and Services Authentication Processes | p. 54 |
Assign Strong Passwords for Service Accounts and Never Allow Users to Log On Using Service Accounts | p. 54 |
Use Local Service Accounts and Do Not Allow Service Accounts Access via the Network | p. 55 |
Use Less Privileged Accounts for Service Accounts | p. 55 |
Harden Computer Accounts | p. 56 |
Harden Network Physical Infrastructure | p. 57 |
Segment Networks | p. 58 |
Examples | p. 58 |
Best Practices for Determining Appropriate Network Segments | p. 61 |
Provide Protection and Detection at Segment Boundaries | p. 64 |
Protective Controls | p. 64 |
Detective Controls | p. 71 |
Best Practices for Border Controls | p. 72 |
Provide Protection for Critical Traffic | p. 85 |
Protect Active Directory and Other Domain Traffic | p. 86 |
Protect Web Traffic | p. 96 |
Protect E-Mail | p. 96 |
Provide Protection for Critical Servers | p. 96 |
Protect Domain Controllers | p. 96 |
Protect Infrastructure Servers | p. 100 |
Secure Network Infrastructure | p. 100 |
Protect Access to Client Systems | p. 100 |
Use Computer-Resident Firewalls | p. 101 |
Physical Security Options for Clients | p. 102 |
Harden Logical Network Infrastructure | p. 105 |
Secure Foundations for Workgroup Computers | p. 106 |
Workgroup Rationale | p. 106 |
User Accounts in Workgroups | p. 107 |
Network Resources in Workgroups | p. 107 |
Harden Workgroups | p. 109 |
Secure Foundations for Windows NT 4.0-Style Domains | p. 113 |
Central Administration | p. 113 |
Security Boundary | p. 114 |
NT 4.0-Style Trusts | p. 114 |
Harden Windows NT 4.0 Domains | p. 117 |
Secure Foundations for the Active Directory Forest | p. 118 |
Benefits of Centralized Administration | p. 119 |
Autonomy and Isolation: The Domain Is Not a Security Boundary | p. 120 |
Establish Domains Based on Security Needs | p. 122 |
Establish OUs Based on Security and Administrative Needs | p. 122 |
Locate Domain Controllers and Global Catalog Servers Only Where Required | p. 123 |
Configure Remote Windows Server 2003 DCs to Use Universal Group Caching | p. 123 |
Establish the Minimum Number of Additional Domain Trusts | p. 125 |
Raise Domain and Forest Functional Levels to Windows Server 2003 | p. 128 |
Use Selective Authentication | p. 131 |
How to Establish an External Trust | p. 134 |
Checklist for Hardening the Logical Network Infrastructure | p. 139 |
Harden Network Infrastructure Roles | p. 141 |
Develop Security Baselines | p. 143 |
Limit User Rights | p. 144 |
Baseline Modifications for User Rights | p. 144 |
Modify User Rights Using the Local Security Policy | p. 146 |
Modify User Rights Using User Manager for NT 4.0 | p. 147 |
Disable Optional Subsystems | p. 148 |
Disable or Remove Unnecessary Services | p. 149 |
Implement Miscellaneous Security Configuration | p. 156 |
Do Not Display Last User Name | p. 157 |
Add a Logon Notice | p. 157 |
Develop Incremental Security Steps | p. 157 |
Harden the Infrastructure Group | p. 157 |
Harden DHCP | p. 158 |
Harden DNS | p. 162 |
Harden WINS | p. 171 |
Select Methods and Models for Security Deployment | p. 172 |
Use Tools to Set General Security Settings in Windows NT 4.0 | p. 173 |
Use Security Templates to Define Security Settings | p. 177 |
Use Security Configuration and Analysis or Security Manager | p. 182 |
Use Secedit | p. 183 |
Secure Windows Directory Information and Operations | p. 185 |
Secure DNS | p. 187 |
Place AD Database and SYSVOL on a Drive Separate from the System Partition | p. 188 |
Physically Secure Domain Controllers | p. 189 |
Monitor and Protect Active Directory Health | p. 192 |
Monitor DNS | p. 192 |
Monitor Replication | p. 201 |
Monitor Group Policy Operation | p. 207 |
Provide a Strong Domain and Domain Controller Security Policy | p. 212 |
Local Group Policy vs. Domain Group Policy | p. 213 |
Protect Active Directory Communications | p. 218 |
Manage Administrative Authority | p. 218 |
Secure Active Directory Data--Understand Active Directory Object Permissions | p. 219 |
Harden Administrative Authority and Practice | p. 221 |
Delegate and Control Administrative Authority | p. 222 |
Define User Roles | p. 223 |
Define Technical Controls | p. 234 |
Define Secure Administrative Practices | p. 243 |
Very High-Risk Administration | p. 244 |
High-Risk Data Center Administration | p. 253 |
High-Risk Non-Data Center Administration | p. 258 |
Medium-Risk Administration | p. 258 |
Low-Risk Administration | p. 261 |
Harden Servers and Client Computers by Role | p. 263 |
The Role-Based Hardening Process | p. 264 |
Determine Computer Roles | p. 265 |
Top-Level Computer Roles | p. 266 |
Second- and Third-Tier Computer Roles | p. 267 |
Design Role-Based Hardening Infrastructure | p. 267 |
Automate the Use of Multiple Templates via Scripting | p. 268 |
Use an Active Directory Hierarchy and Group Policy Approach | p. 270 |
Use Windows NT 4.0 System Policy | p. 275 |
Adapt Security Templates | p. 283 |
Examine and Modify Baseline Templates | p. 284 |
Examine and Modify Role-Based Templates | p. 288 |
Implement the Hardening Plan Using Group Policy | p. 289 |
Create a Back-Out Plan | p. 290 |
Import Templates into Appropriate GPOs | p. 290 |
Harden Application Access and Use | p. 295 |
Restrict Access with Administrative Templates | p. 296 |
Harden Operating System Configuration | p. 298 |
Harden User Settings | p. 303 |
Use Additional .adm Files | p. 307 |
Harden Applications | p. 308 |
Restrict Access with Software Restriction Policies | p. 321 |
Set Security Level to Disallowed | p. 322 |
Set Policy Options | p. 323 |
Write Rules to Allow and Restrict Software | p. 326 |
Develop and Implement Desktop Computer and User Roles | p. 329 |
Study Common Desktop Scenarios | p. 330 |
Use Group Policy Management Console to Copy GPOs | p. 331 |
Harden Data Access | p. 333 |
Use the NTFS File System | p. 334 |
Use DACLs to Secure Data | p. 335 |
Use Inheritance to Manage Permissions | p. 337 |
Assign Permissions Based on User Role | p. 339 |
Maintain Proper Permissions | p. 343 |
Secure File Systems and Data | p. 344 |
Harden File System Shares | p. 346 |
Secure Printers | p. 351 |
Secure Registry Keys | p. 352 |
Secure Directory Objects | p. 355 |
Secure Services | p. 355 |
Use EFS to Secure Data | p. 357 |
Disable EFS Until You Can Securely Implement It | p. 357 |
Harden EFS Practices | p. 360 |
Harden Communications | p. 365 |
Protect LAN Communications | p. 366 |
Use SMB Message Signing and Session Security for NTLM | p. 366 |
Use IPSec Policies | p. 368 |
Protect WAN Communications | p. 378 |
Harden the Remote Access Server | p. 378 |
Harden NT 4.0 Remote Access Server Configuration | p. 381 |
Harden Windows Server 2000 and Windows Server 2003 RRAS Configuration | p. 384 |
Use L2TP/IPSec VPNs | p. 387 |
Use Remote Access Policies | p. 389 |
Harden Remote Access Clients | p. 391 |
Use IAS to Centralize Authentication, Accounting, and Authorization | p. 392 |
Secure Wireless Access | p. 392 |
Protect Web Communications with SSL | p. 398 |
Harden Windows Using PKI and Harden PKI | p. 399 |
Harden Windows Using PKI | p. 400 |
Harden Authentication Using PKI | p. 400 |
Protect Data with Certificates | p. 407 |
Harden PKI | p. 408 |
Harden Certificate Authority Computers | p. 408 |
Implement a CA Hierarchy | p. 408 |
Protect the Root CA | p. 409 |
Use Intermediate CAs to Increase Reliability | p. 415 |
Split Certificate Purposes Between Multiple Issuing CAs | p. 417 |
Provide Physical Protection for Subordinate CAs | p. 418 |
Require Certificate Approval | p. 418 |
Limit Certificate Issuance | p. 420 |
Establish Role Separation | p. 422 |
Enforce Role Separation | p. 423 |
Configure Autoenrollment | p. 424 |
Train Users In Certificate Request Procedures | p. 427 |
Harden PKI Policies, Procedures, and Practices | p. 428 |
Once Is Never Enough! | |
Harden the Security Lifecycle | p. 433 |
Create a Business Continuity Plan | p. 434 |
Determine Plan Scope | p. 435 |
Perform Business Impact Assessment | p. 435 |
Perform Risk Analysis | p. 437 |
Develop Plans | p. 438 |
Test | p. 439 |
Implement Plans | p. 439 |
Maintain Plans | p. 439 |
Generate a Security Policy | p. 439 |
Perform Hardened Operating System Installation | p. 440 |
Prepare Default Security Templates | p. 440 |
Use Slipstreaming | p. 440 |
Use RIS to Add Service Packs During Installation | p. 441 |
Install Hotfixes During Installation | p. 441 |
Harden Operating System, Application, and Data Protection | p. 444 |
Manage Changes with a Formal Change Management Program | p. 444 |
Upgrades, Migration, Replacements, and New Installations | p. 445 |
Security Configuration Change | p. 446 |
Patch | p. 446 |
Be Prepared for Disaster Recovery | p. 459 |
Use Fault-Tolerant Configurations | p. 459 |
Schedule and Perform Backups | p. 459 |
Plan and Perform Special Backup Operations | p. 463 |
Practice Recovery Operations | p. 464 |
Monitor and Audit | p. 466 |
Configure System Auditing | p. 467 |
Configure Audit Logs | p. 470 |
Archive Audit Logs | p. 472 |
Use Security Events for Intrusion Detection and Forensics | p. 472 |
Audit Security Configuration | p. 474 |
Audit Patch Status | p. 477 |
How to Succeed at Hardening Your Windows Systems | |
Harden WetWare | p. 481 |
Vet and Improve Security Policy | p. 482 |
Determine Current Information System Security Policy | p. 483 |
Evaluate Policy | p. 483 |
Participate in Security Policy Creation and Maintenance | p. 484 |
Learn to Speak Business | p. 487 |
Take the First Step | p. 488 |
Understand Current Laws | p. 488 |
Rules to Live By | p. 489 |
Current Legislation Snapshots | p. 490 |
Understand Vulnerabilities of Windows and Other OSs | p. 494 |
Know and Incorporate Voluntary Standards | p. 495 |
ISO 17799 | p. 495 |
The National Strategy to Secure Cyberspace | p. 496 |
Start or Participate in Security Awareness Education | p. 496 |
Security Awareness Objectives | p. 496 |
Operations | p. 497 |
Resources | p. 499 |
Required Reading | p. 500 |
Tool Downloads | p. 502 |
Security Bulletins and Discussion Lists | p. 502 |
Index | p. 505 |
Table of Contents provided by Rittenhouse. All Rights Reserved. |
ISBN: 9780072253542
ISBN-10: 0072253541
Series: Hardening
Published: 7th May 2004
Format: Paperback
Language: English
Number of Pages: 544
Audience: Professional and Scholarly
Publisher: McGraw-Hill Education - Europe
Country of Publication: US
Dimensions (cm): 22.86 x 18.42 x 3.18
Weight (kg): 0.9
Shipping
Standard Shipping | Express Shipping | |
---|---|---|
Metro postcodes: | $9.99 | $14.95 |
Regional postcodes: | $9.99 | $14.95 |
Rural postcodes: | $9.99 | $14.95 |
How to return your order
At Booktopia, we offer hassle-free returns in accordance with our returns policy. If you wish to return an item, please get in touch with Booktopia Customer Care.
Additional postage charges may be applicable.
Defective items
If there is a problem with any of the items received for your order then the Booktopia Customer Care team is ready to assist you.
For more info please visit our Help Centre.
You Can Find This Book In
Access Database Design & Programming
Creating Programmable Database Applications with Access 97, 2000, 2002 & 2003
Paperback
RRP $60.80
$29.25
OFF