You are previewing ISO27001 in a Windows® Environment: The best practice handbook for a Microsoft® Windows® environment, Second Edition.
O'Reilly logo
ISO27001 in a Windows® Environment: The best practice handbook for a Microsoft® Windows® environment, Second Edition

Book Description

Covering best practice implementation over a wide range of Windows® environments, this second edition is completely up to date for Windows® 7 and Servers® 2008.

Table of Contents

  1. Copyright
  2. Foreword
  3. Preface
  4. About the Author
  5. Acknowledgements
  6. Introduction
  7. 1. Information and Information Security
    1. Information security concepts
    2. Other information security concepts
    3. The importance of information security
  8. 2. Using an Isms to Counter the Threats
    1. System security versus information security
    2. The structure of an ISMS
      1. Information security policy
      2. Acceptable usage policy
      3. Remote access policy
      4. Information management policy
      5. Computer malware prevention and protection policy
      6. Password policy
    3. Managing exceptions to the policy
  9. 3. An Introduction To ISO27001
    1. The ISO27000 standards family
    2. History of ISO27001
    3. What is in the ISO27001 standard?
    4. The plan, do, check and act cycle (PDCA)
      1. Plan
      2. Do
      3. Check
      4. Act
    5. What are the benefits of ISO27001?
  10. 4. Identify Your Information Assets
    1. Define the scope of the ISMS
    2. Identifying your information security assets
      1. Information asset classification
      2. The value of information assets
  11. 5. Conducting A Risk Assessment
    1. What is risk?
      1. Vulnerability
      2. Threats to information
      3. Theft
      4. Loss
      5. Intrusion
      6. Corruption
      7. Denial of service
      8. Natural threats
    2. Managing risks
      1. Risk acceptance
      2. Risk mitigation
      3. Risk avoidance
      4. Risk transfer
      5. Risk deference
    3. The different types of risk analysis
      1. Quantitative risk analysis
        1. The advantages of quantitative risk analysis
        2. The disadvantages of quantitative risk management
      2. Qualitative risk management
        1. The advantages of qualitative risk management
        2. The disadvantages of qualitative risk management
      3. The quantitative versus qualitative approach
    4. Risk management tools
      1. Microsoft Security Risk Management Guide
  12. 6. An Overview of Microsoft Technologies
    1. Microsoft® Windows Server® 2008
      1. Security features of Microsoft® Windows Server® 2008
        1. Read-only domain controller
        2. BitLocker™ drive encryption
        3. Server Core
        4. Network Access Protection
        5. Routing and Remote Access service
        6. Windows® Firewall with Advanced Security
        7. Active Directory® Certificate Services
        8. Active Directory® Rights Management Services
        9. Group Policies
    2. Microsoft® Windows® 7
      1. Windows® Backup and Restore Center
        1. Automatic Backup
        2. Complete Backup
      2. BitLocker™
      3. DirectAccess
      4. AppLocker™
      5. Windows® Firewall
      6. Windows® Defender
      7. User Account Control
      8. Windows® Security Center
    3. Microsoft® Forefront™
    4. Microsoft® Systems Center
    5. Microsoft® Windows Server® Update Services
    6. Microsoft® Baseline Security Analyzer
    7. Microsoft Security Risk Management Guide
    8. Microsoft® Threat Analysis and Modeling Enterprise Edition
    9. Microsoft® CAT.NET
    10. Microsoft® Source Code Analyzer for SQL Injection
  13. 7. Implementing ISO27001 in a Microsoft Environment
    1. Section 4 Information security management system
    2. Section A.5 Security policy
    3. Section A.6 Organisational security
    4. Section A.7 Asset management
    5. Section A.8 Human resource security
    6. Section A.9 Physical and environmental security
    7. Section A.10 Communications and operations management
    8. Section A.11 Access control
    9. Section A.12 Information systems acquisition development and maintenance
    10. Section A.13 Information security incident management
    11. Section A.14 Business continuity management
    12. Section A.15 Compliance
  14. 8. Securing the Windows® Environment
    1. Windows Server® 2008 architecture
      1. Structured naming convention
      2. Domain name
      3. Windows® server naming conventions
      4. Client workstation names
      5. Printer names
    2. Domain user accounts naming standards
      1. User accounts
      2. Windows Server® 2008 domain administrator account
      3. Service-desk administration
      4. Guest account
      5. Everyone group
  15. 9. Securing the Microsoft® Windows Server® Platform
    1. Domain controllers
      1. Read-only domain controller
    2. Member servers
      1. Standard servers
      2. Sensitive servers
    3. Recommended settings
  16. 10. Auditing and Monitoring
    1. Configuring auditing of file and resource access
    2. Event log settings
    3. Events to record
      1. Local logon attempt failures
      2. Domain logon account failures
      3. Account misuse
      4. Account lockout
      5. Terminal services
      6. Creation of a user account
      7. User account password change
      8. User account status change
      9. Modification of security groups
      10. Modification of security log
      11. Policy change
      12. Process tracking
  17. 11. Securing Your Servers
    1. Setting file system permissions
    2. Configuring registry permissions
    3. Protecting files and directories
  18. 1. Overview of Security Settings for Windows Server® 2008 Servers and Domain Controllers
    1. Service pack and hotfixes
      1. Current service pack installed
      2. Software patches
    2. Account and audit policies
      1. Account policies
        1. Minimum password length
        2. Maximum password age
        3. Minimum password age
        4. Password complexity
        5. Password history
        6. Store passwords using reversible encryption
      2. Audit policy
      3. Account lockout policy
    3. Event log settings
      1. Application log settings
      2. Security log settings
      3. System log settings
    4. Security settings
      1. Allow anonymous SID/Name translation
      2. Do not allow anonymous enumeration of SAM accounts
      3. Do not allow anonymous enumeration of SAM accounts and shares
      4. Administrator account status
      5. Guest account status
      6. Limit local account use of blank passwords to console only
      7. Rename administrator account
      8. Rename guest account
      9. Audit the access of global system objects
      10. Audit the use of back-up and restore privileges
      11. Shut down system immediately if unable to log security events
      12. Allowed to format and eject removable media
      13. Prevent users from installing print drivers
      14. Restrict CD-ROM access to locally logged-on users only
      15. Restrict floppy disk access to locally logged-on users only
      16. Unsigned device driver behavior
      17. Allow server operators to schedule tasks
      18. LDAP server signing requirements
      19. Refuse Machine account password changes
      20. Digitally encrypt or sign secure channel data (always)
      21. Digitally encrypt secure channel data
      22. Digitally sign secure channel data
      23. Disable Machine account password changes
      24. Maximum Machine account password age
      25. Require strong (Windows® 2000 or later) session key
      26. Do not display last user name for interactive logon
      27. Do not require Ctrl+Alt+Del
      28. Message text for users attempting to log on
      29. Message title for users attempting to log on
      30. Number of previous logons to cache
      31. Require domain controller authentication to unlock workstation
      32. Require smart cards
      33. Smart card removal behavior
      34. Amount of idle time required before disconnecting session for Microsoft® Network Server
      35. Digitally sign communications for Microsoft® Network Server (always)
      36. Digitally sign communications for Microsoft® Network Server (if client agrees)
      37. Do not allow storage of credentials or .NET passports for network authentication
      38. Let Everyone permissions apply to anonymous users
      39. Named pipes that can be accessed anonymously
      40. Remotely accessible registry paths
      41. Restrict anonymous access to named shares and pipes
      42. Shares that can be accessed anonymously
      43. Sharing and security model for local accounts
      44. Do not store LAN Manager hash value on next password change
      45. LAN Manager authentication level
      46. LDAP client signing requirements
      47. Minimum session security for NTLM SSP-based (including secure RPC) clients
      48. Allow automatic administrative logon as part of recovery console
      49. Allow floppy copy and access to all drives and all folders for recovery console
      50. Allow system to be shut down without having to log on
      51. Clear virtual memory page file
      52. Default owner for objects created by members of the Administrators group
      53. Require case insensitivity for non-Windows® subsystems
      54. Strengthen default permissions of internal system objects
      55. Optional subsystems
      56. Use certificate rules on Windows® executables for software restriction policies
      57. (AFD DynamicBacklogGrowthDelta) Number of connections to create when additional connections are necessary for Winsock applications (10 recommended)
      58. (AFD EnableDynamicBacklog) Enable dynamic backlog for Winsock applications (recommended)
      59. (AFDMaximumDynamicBacklog) Maximum number of ‘quasi-free’ connections for Winsock applications
      60. (AFD MinimumDynamicBacklog) Minimum number of free connections for Winsock applications (20 recommended for systems under attack, 10 otherwise)
      61. (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)
      62. (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to denial of service)
      63. (EnableICMPRedirect) Allow ICMP redirects to override OSPF-generated routes
      64. (EnablePMTUDiscovery) Allow automatic detection of MTU size (possible denial of service by an attacker using a small MTU)
      65. (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name-release requests except from WINS servers
      66. (PerformRouterDiscovery) Allow IRDP to detect and configure DefaultGateway addresses (could lead to denial of service)
      67. (SynAttackProtect) Syn attack protection level (protects against denial of service)
      68. (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged
      69. (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (three recommended, five is default)
      70. (TCPMaxPortsExhausted) How many dropped connect requests to initiate SYN attack protection (five is recommended)
      71. Disable autorun for all drives
      72. Enable safe DLL search mode
      73. Enable the server to stop generating 8.3 file names
      74. How often keep-alive packets are send in milliseconds
      75. Percentage threshold at which the security event log will generate an alert
      76. The time in seconds before the screensaver grace period expires
    5. Service settings
      1. Permissions on services
      2. Alerter
      3. Clipbook
      4. Fax service
      5. File replication
      6. FTP publishing service
      7. Help and support
      8. HTTP SSL
      9. IIS admin service
      10. Indexing service
      11. License logging server
      12. Messenger
      13. Microsoft® POP3 service
      14. NetMeeting remote desktop management service
      15. Network connections
      16. Network news transport protocol (NNTP)
      17. Print spooler
      18. Remote access connection manager
      19. Remote access auto-connection manager
      20. Remote administration service
      21. Remote desktop help session manager
      22. Remote installation
      23. Remote procedure call (RPC) locator
      24. Remote registry service
      25. Remote server manager
      26. Remote server monitor
      27. Remote storage notification
      28. Remote storage server
      29. Simple mail transfer protocol
      30. Simple network management protocol (SNMP) service
      31. Simple network management protocol (SNMP) traps
      32. Telephony
      33. Telnet
      34. Terminal services
      35. Trivial FTP service
      36. Wireless configuration
      37. World Wide Web publishing rights
    6. User rights
      1. Access this computer from the network
      2. Act as part of the operating system
      3. Add workstations to the domain
      4. Adjust memory quota for a process
      5. Allow to log on locally
      6. Allow to log on through terminal services
      7. Back up files and directories
      8. Bypass traverse tracking
      9. Change the system time
      10. Create a pagefile
      11. Create a token object
      12. Create global objects
      13. Create permanent shared objects
      14. Debug programs
      15. Deny access to this computer from the network (minimum)
      16. Deny logon as a batch job
      17. Deny logon as a service
      18. Deny logon locally
      19. Deny logon through terminal services (minimum)
      20. Enable computer and user accounts to be trusted for delegation
      21. Force shutdown from a remote system
      22. Generate security audits
      23. Impersonate client after authentication
      24. Increase scheduling priority
      25. Load and unload device drivers
      26. Lock pages in memory
      27. Log on as a batch job
      28. Log on as a service
      29. Manage audit and security logs
      30. Modify firmware environment values
      31. Perform volume maintenance tasks
      32. Profile system performance
      33. Replace a process level token
      34. Restore files and directories
      35. Shut down the system
      36. Synchronise directory service data
      37. Take ownership of file or other object
      38. File system permissions
    7. Registry permissions
    8. File and registry auditing
  19. 2. Bibliography, Reference and Further Reading
    1. ISO27001 resources
    2. Microsoft resources
    3. Microsoft products
    4. Other resources
  20. ITG Resources
    1. Other Websites
    2. Pocket Guides
    3. Toolkits
    4. Best Practice Reports
    5. Training and Consultancy
    6. Newsletter