You are previewing Microsoft® Windows® Security Resource Kit.
O'Reilly logo
Microsoft® Windows® Security Resource Kit

Book Description

This kit gives you information and tools—straight from the Microsoft Security Team—to help secure Microsoft® Windows®–based clients, servers, networks, and Internet services. The tools and scripts provided help you maximize data and system security.

Table of Contents

  1. Copyright
  2. Foreword
  3. Acknowledgments
  4. Introduction
  5. Applying Key Principles of Security
    1. Key Principles of Security
      1. Understanding Risk Management
      2. Understanding Security
    2. Understanding Your Enemy
      1. Knowing Yourself
      2. Possessing Detailed Documentation of Your Network
      3. Understanding the Level of Organizational Support You Receive
      4. Identifying Your Attacker
      5. What Motivates Attackers?
      6. Why Defending Networks Is Difficult
  6. Securing Active Directory
    1. Securing User Accounts and Passwords
      1. Securing Accounts
      2. Granting Rights and Permissions Using Groups
      3. Securing Passwords
      4. Best Practices
      5. Additional Information
    2. Securing Active Directory Objects and Attributes
      1. Understanding the Active Directory Schema
      2. Configuring DACLs to Secure Active Directory Objects
      3. Securing Active Directory Objects and Attributes
      4. Best Practices
      5. Additional Information
    3. Implementing Group Policy
      1. Understanding Group Policy
      2. Processing Group Policy Objects
      3. Altering Group Policy Application
      4. Managing Group Policy
      5. Best Practices
      6. Additional Information
    4. Designing Active Directory Forests and Domains for Security
      1. Autonomy and Isolation in Active Directory
      2. Designing Forests for Active Directory Security
      3. Designing Domains for Active Directory Security
      4. Designing DNS for Active Directory Security
      5. Designing the Delegation of Authority
      6. Best Practices
      7. Additional Information
  7. Securing the Core Operating System
    1. Securing Permissions
      1. Securing File and Folder Permissions
      2. Using the Encrypting File System
      3. Securing Registry Permissions
      4. Best Practices
      5. Additional Information
    2. Securing Services
      1. Managing Service Permissions
      2. Default Services in Windows 2000 and Windows XP
      3. Best Practices
      4. Additional Information
    3. Implementing TCP/IP Security
      1. Securing TCP/IP
      2. Using IPSec
      3. Best Practices
      4. Additional Information
    4. Securing Microsoft Internet Explorer 6 and Microsoft Office XP
      1. Security Settings in Internet Explorer 6
      2. Security Settings in Office XP
      3. Best Practices
      4. Additional Information
    5. Configuring Security Templates
      1. Using Security Template Settings
      2. How Security Templates Work
      3. Default Security Templates
      4. Creating Custom Security Templates
      5. Best Practices
      6. Additional Information
    6. Auditing Microsoft Windows Security Events
      1. Determining Which Events to Audit
      2. Managing the Event Viewer
      3. Configuring Audit Policies
      4. Monitoring Audited Events
      5. Best Practices
      6. Additional Information
    7. Securing Mobile Computers
      1. Understanding Mobile Computers
      2. Implementing Additional Security for Laptop Computers
      3. Securing Wireless Networking in Windows XP
      4. Best Practices
      5. Additional Information
  8. Securing Common Services
    1. Implementing Security for Domain Controllers
      1. Threats to Domain Controllers
      2. Implementing Security on Domain Controllers
      3. Best Practices
      4. Additional Information
    2. Implementing Security for DNS Servers
      1. Threats to DNS Servers
      2. Securing DNS Servers
      3. Best Practices
      4. Additional Information
    3. Implementing Security for Terminal Services
      1. Threats to Terminal Services
      2. Securing Terminal Services
      3. Best Practices
      4. Additional Information
    4. Implementing Security for DHCP Servers
      1. Threats to DHCP Servers
      2. Securing DHCP Servers
      3. Best Practices
      4. Additional Information
    5. Implementing Security for WINS Servers
      1. Threats to WINS Servers
      2. Securing WINS Servers
      3. Best Practices
      4. Additional Information
    6. Implementing Security for Routing and Remote Access
      1. Remote Access Solution Components
      2. Threats to Remote Access Solutions
      3. Securing Remote Access Servers
      4. Securing Remote Access Clients
      5. Best Practices
      6. Additional Information
    7. Implementing Security for Certificate Services
      1. Threats to Certificate Services
      2. Securing Certificate Services
      3. Best Practices
      4. Additional Information
    8. Implementing Security for Microsoft IIS 5.0
      1. Implementing Windows 2000 Security
      2. Configuring IIS Security
      3. Using Tools to Secure IIS
      4. Configuring the FTP Service
      5. Best Practices
      6. Additional Information
  9. Managing Security Updates
    1. Patch Management
      1. Types of Patches
      2. Development of a Hotfix
      3. Patch Management in Six Steps
      4. Best Practices
      5. Additional Information
    2. Using Patch Management Tools
      1. The Security Patch Bulletin Catalog
      2. Windows Update
      3. Automatic Updates
      4. Microsoft Software Update Services
      5. Microsoft Baseline Security Analyzer
      6. SMS Software Update Services Feature Pack
      7. Best Practices
      8. Additional Information
    3. Using Security Assessment Tools
      1. Assessing Security Configuration
      2. Performing Security Assessments
      3. Best Practices
      4. Additional Information
  10. Planning and Performing Security Assessments and Incident Responses
    1. Assessing the Security of a Network
      1. Types of Security Assessments
      2. How to Conduct Security Assessments
      3. Conducting Penetration Tests
      4. Best Practices
      5. Additional Information
    2. Planning for Incident Response
      1. Creating an Incident Response Team
      2. Defining Incident Response Policy
      3. Creating a Communications Plan
      4. Best Practices
      5. Additional Information
    3. Responding to Security Incidents
      1. Common Indicators of Security Incidents
      2. Analyzing a Security Incident
      3. Conducting Security Investigations
      4. Implementing Countermeasures to a Security Incident
      5. Recovering Services After a Security Incident
      6. Conducting a Security Incident Post Mortem
      7. Best Practices
      8. Additional Information
  11. Applying Key Principles of Privacy
    1. Understanding the Importance of Privacy
      1. Defining Privacy
      2. The Roots of Privacy Legislation
      3. Formulating an Enterprise Privacy Strategy
      4. Best Practices
      5. Additional Information
    2. Defining Privacy for the Corporate Web Site
      1. Defining a Privacy Statement
      2. Platform for Privacy Preferences Project
      3. Best Practices
      4. Additional Information
    3. Deploying Privacy in the Enterprise
      1. Selecting Applications Based on Their Privacy Features
      2. Protecting the Privacy of Your Employees
      3. Protecting the Privacy of Your Customers and Business Partners
      4. Creating a Centralized Contact System
      5. Best Practices
      6. Additional Information
  12. About the author
  13. The Lock
  14. System Requirements
    1. System Requirements for Tools and Scripts
    2. Recommended System Requirements for eBook
  15. Index