You are previewing Microsoft® Windows® XP Networking and Security Inside Out: Also Covers Windows 2000.
O'Reilly logo
Microsoft® Windows® XP Networking and Security Inside Out: Also Covers Windows 2000

Book Description

Configure and manage your PC network-and help combat privacy and security threats-from the inside out! This book packs hundreds of timesaving solutions, troubleshooting tips, and workarounds, all in concise, fast-answer format.

Table of Contents

  1. Microsoft® Windows XP Networking and Security Inside Out
    1. Acknowledgments
    2. We'd Like to Hear from You!
      1. How to Reach Us
        1. How to Reach Us
          1. How to Reach Us
    3. About the CD
      1. What's on the CD
      2. Using the CD
      3. System Requirements
      4. Support Information
    4. Conventions and Features Used in This Book
      1. Text Conventions
      2. Design Conventions
    5. 1. Windows Networking and Security Essentials
      1. 1. Windows Networking and Security 101
        1. Building a Network with Security in Mind
          1. Which Windows? A Comparison of Networking Features
          2. Using a Hardware Firewall Appliance
          3. Configuring Network Hardware
        2. Blocking Attacks by Using a Firewall
          1. Packet Filtering
          2. Stateful-Inspection Packet Filtering
          3. Application Filtering
          4. Who Needs a Firewall?
        3. Restricting Network Access to Files and Folders
          1. Windows Sharing and Security Models
            1. Simple File Sharing in Windows XP
            2. Classic File Sharing in Windows XP Professional and Windows 2000
            3. Shared Folders in Windows 95/98/Me
        4. Workgroups vs. Domains
      2. 2. Computer Security: Are You at Risk?
        1. Balancing Safety and Convenience
        2. Know Your Enemy: Seven Threats to Your Computer's Security
          1. Threat #1: Physical Attacks
          2. Threat #2: Pilfered Passwords
          3. Threat #3: Nosy Network Neighbors
          4. Threat #4: Viruses, Worms, and Other Hostile Programs
          5. Threat #5: Outside Intruders and Trojan Horse Takeovers
          6. Threat #6: Invasions of Privacy
          7. Threat #7: E-Mail Threats
        3. How Can You Protect Yourself?
      3. 3. Windows Security Tools and Techniques
        1. What Are User Accounts?
          1. Local vs. Domain Accounts
          2. Built-In User Accounts
          3. Security Groups
            1. Built-In Security Groups
            2. Roles of Security Group Members
          4. Rule of Least Privilege
        2. Controlling the Logon and Authentication Process
          1. How Interactive Logons Work
          2. Safeguarding the Security Accounts Manager
          3. Using Group Policy to Restrict Access
        3. Ensuring the Security of Files
          1. Using NTFS Permissions
          2. Sharing Files Over a Network
          3. Encryption Options
        4. Securing Your Computer: A Checklist
          1. 1. Install and Configure a Firewall
          2. 2. Install All Windows Security Updates
          3. 3. Install and Configure Antivirus Software
          4. 4. Eliminate or Disable Unused Accounts
          5. 5. Set Strong Passwords for All User Accounts
          6. 6. Tighten Logon Security for All Users
          7. 7. Use NTFS for All Drives
          8. 8. Review NTFS Permissions on All Data Directories
          9. 9. Review All Network Shares
          10. 10. Use Your Screen Saver as a Security Device
          11. 11. Create a Backup
        5. Advanced Security Options
      4. 4. Managing User Accounts and Passwords
        1. Managing User Accounts for Security
          1. Finding the Account-Management Tools
          2. Creating User Accounts
          3. Disabling or Deleting User Accounts
          4. Assigning User Accounts to Security Groups
          5. Assigning a Password to a User Account
          6. Securing the Administrator Account
          7. Securing the Guest Account
        2. Following Best Practices for Your Everyday Account
        3. Using Passwords Effectively
          1. Creating Strong Passwords
          2. Establishing and Enforcing Password Policies
          3. Recovering a Lost Password
            1. Using a Password Reset Disk
            2. Using Other Methods for Recovering Lost Passwords
          4. Managing Passwords
        4. Configuring the Logon Process for Security
          1. Securing the Welcome Screen
          2. Securing the Classic Logon
          3. Controlling Automatic Logons
          4. Logging On with a Biometric Device
          5. Displaying a Welcome Message—or a Warning
          6. Setting Account Lockout Policies
          7. Adding Another Layer of Protection with Syskey
      5. 5. Securing a Shared Computer
        1. Using NTFS Permissions for Access Control
          1. Basic and Advanced Permissions
          2. Viewing and Changing NTFS Permissions
            1. Turning Off the Simple File Sharing Interface in Windows XP
            2. Setting NTFS Permissions Through Windows Explorer
            3. Setting NTFS Permissions Using Command-Line Utilities
          3. Applying Permissions to Subfolders Through Inheritance
          4. What Happens to Permissions When You Copy or Move Files?
          5. How to Break into Files and Folders When You Don't Have Access Rights
        2. Locking Up Personal Documents
          1. Making a Folder Private with Windows XP
          2. Protecting Personal Files in Windows 2000
        3. Sharing Documents Securely on a Multiuser Computer
        4. Restricting Access to Programs
        5. Restricting Access to the Registry
        6. Managing Removable Storage Devices and Printers
          1. Restricting Access to Removable Storage Devices
          2. Restricting Access to Printers
      6. 6. Preventing Data Loss
        1. Determining Your Backup Needs
          1. How Much Data Do You Have to Back Up?
          2. What Is Your Most Important Goal?
          3. How Much Are You Willing to Spend?
          4. How Important Is Your Data?
          5. What Level of Hassle Are You Willing to Endure?
        2. Organizing Your Data
          1. Eliminating Unnecessary Data
          2. Arranging Your Data for Easy Backup
          3. Choosing a Backup Location
        3. Designing a Backup Solution
          1. Simple Backup Strategies
            1. Backing Up Data for a Single Program
            2. Saving E-Mail and Addresses
            3. Saving Microsoft Office Settings
          2. Backing Up Selected Folders and Files
          3. Using Imaging Software to Back Up Complete Partitions
          4. Combining Methods for a Comprehensive Backup Strategy
        4. Using the Windows Backup Program
          1. Choosing a Backup Type
          2. Performing Interim Backups with Windows Backup
        5. Using Other Data Loss Prevention Tools Included with Windows
          1. Checking for Hard Disk Errors with Chkdsk
          2. Keeping an Up-to-Date Emergency Repair Disk
          3. Creating System Restore Points
          4. Backing Up the Registry
        6. Protecting Backups
        7. Recovering Data
          1. Recovering Individual Files from Backups
          2. Restoring a System by Using an Emergency Repair Disk
          3. Restoring a System by Using an Automated System Recovery Disk
          4. Recovering Data from a Damaged Hard Disk
      7. 7. Keeping Your System Secure
        1. Monitoring Security in Windows XP
        2. Keeping Current with Windows Update
          1. Automating Your Updates
          2. Downloading the Update Files for Multiple Computers
        3. Security Alert Services
          1. Receiving Alerts Through Instant Messaging
          2. Receiving E-Mail Alerts and RSS Notification
          3. Other Sources for Security Alerts
        4. Testing and Verifying Your Secure Status
          1. Checking Your Update Status with Microsoft Baseline Security Analyzer
            1. Using MBSA Command-Line Options
            2. Learning More About MBSA
            3. Going Beyond MBSA
    6. 2. Smart, Secure Networking
      1. 8. Setting Up a Secure Home or Small Business Network
        1. Choosing a Network Type
          1. Ethernet Networking
          2. Wireless Networking
          3. HomePNA Networking
          4. HomePlug Powerline Networking
          5. Other Network Types
        2. Setting Up Your Network Hardware
          1. Installing and Configuring a Network Adapter
          2. Connecting with Hubs, Switches, and Routers
          3. Selecting Cable for an Ethernet Network
        3. Configuring Your Network
          1. Using the Network Setup Wizard in Windows XP
          2. Configuring a Connection in Windows 2000
          3. Configuring Workgroup Settings
        4. Managing Network Connections
          1. Checking Connection Status
          2. Installing Protocols, Services, and Clients
          3. Setting IP Addresses
          4. Configuring Network Bindings and Provider Order
          5. Bridging Connections
        5. Securing Network Connections
          1. Using Windows Firewall in Windows XP
            1. Enabling or Disabling Windows Firewall
            2. Preventing All Incoming Traffic
            3. Disabling Windows Firewall for Individual Connections
          2. Choosing a Third-Party Personal Firewall
            1. Agnitum, Ltd.
            2. Computer Associates International, Inc.
            4. F-Secure Corporation
            5. Internet Security Systems, Inc.
            6. Kerio Technologies Inc.
            7. McAfee, Inc.
            8. Sygate Technologies, Inc.
            9. Symantec Corporation
            10. Tiny Software, Inc.
            11. Trend Micro Incorporated
            12. Zone Labs LLC
        6. Sharing Information Across Your Network
          1. Setting Up Shared Folders
            1. Enabling File Sharing in Windows XP
            2. Configuring a Shared Folder with Simple File Sharing
            3. Sharing a Folder by Using Classic Security
            4. Hiding a Shared Folder
            5. Stopping Access to a Shared Folder
            6. Assigning Permissions to a Shared Folder
          2. Managing Shared Folders
            1. Managing Administrative Shares
            2. Creating a New Share
            3. Managing Sessions and Open Files
      2. 9. Sharing an Internet Connection
        1. Connecting Your Network to the Internet
        2. Using Direct Internet Connections on a LAN
          1. Configuring a Dial-Up Connection
          2. Configuring a Broadband Connection
          3. Adding Firewall Protection
        3. Sharing an Internet Connection Through Hardware
          1. Configuring a Router or Residential Gateway
          2. Tightening Security on a Router
        4. Sharing an Internet Connection Through Software
          1. Setting Up Internet Connection Sharing in Windows XP
          2. Setting Up Internet Connection Sharing in Windows 2000 Professional
        5. Controlling Inbound Access to Your LAN
          1. Using Peer-to-Peer File-Sharing Software
          2. Running a Web Server on Your Network
          3. Connecting to Your Desktop from a Remote Location
          4. Third-Party Remote Access Software
          5. Windows XP Remote Desktop
      3. 10. Wireless Networking
        1. The Risks and Rewards of Wireless Networking
        2. Controlling Connections to a Wireless Access Point
        3. Encrypting Wireless Transmissions
        4. Configuring a Windows Computer for Wireless Networking
          1. Managing Wireless Network Connections
          2. Configuring a New Wireless Network
        5. Extra Security for Wireless Networks
      4. 11. Working with a Corporate Network
        1. Introducing Windows-Based Domains
          1. Active Directory
          2. Domain Servers
          3. Domain Structure
          4. Group Policy
        2. Joining a Domain
          1. Configuring Network Settings
          2. Adding Domain Accounts to Your Local Account Database
          3. Leaving a Domain
          4. Accessing Domain Resources from a Computer Running Windows XP Home Edition
          5. Enabling Security Center
        3. Working on a Domain-Based Computer
          1. Logging On to a Domain
          2. Displaying My Network Places
          3. Specifying Network Resources by UNC Path
          4. Finding Files, Printers, and Users
            1. Searching Active Directory in Windows XP
            2. Searching Active Directory in Windows 2000
          5. Connecting to Shared Network Folders
            1. Creating a Network Place
            2. Mapping a Network Drive
          6. Windows XP Differences in a Domain Environment
            1. Logon and Logoff
            2. File Sharing and Security
            3. Networking
            4. Computer and User Management
        4. Connecting Remotely to a Corporate Network
          1. Setting Up a VPN Connection
          2. Connecting to a VPN
          3. Working with VPN Connection Properties
          4. Setting Up a Virtual Private Network
    7. 3. Protecting Your Personal Computer
      1. 12. Making Internet Explorer More Secure
        1. When Web Pages Go Bad
        2. Following Safe Browsing Practices
          1. Using the Information Bar
          2. Blocking Pop-Ups
            1. Setting the Filter Level
            2. Allowing Pop-Ups from Specific Sites
            3. Blocking Pop-Ups in the Local Intranet or Trusted Sites Security Zone
          3. Downloading Executable Files
          4. Dealing with Automatic Downloads
          5. Controlling ActiveX Downloads
            1. Controlling ActiveX Downloads in Windows 2000
            2. Controlling ActiveX Downloads in Windows XP SP2
            3. Deciding Whom to Trust
          6. Using Least Privilege When Browsing the Internet
        3. Using Security Zones
          1. Configuring the Local Intranet Zone
          2. Adding Sites to a Zone
          3. Configuring Security Settings
            1. .NET Framework Settings
            2. ActiveX Security Settings
            3. Download Settings
            4. Java Security Settings
            5. Miscellaneous Security Settings
            6. Scripting Security Settings
            7. User Authentication Settings
        4. Managing Browser Add-Ons
        5. Managing ActiveX Controls
          1. Updating an ActiveX Control
          2. Reading a Control's Properties
          3. The Safe for Initialization and Safe for Scripting Flags
          4. Deleting a Downloaded ActiveX Control
          5. Permitting Only Administrator-Approved ActiveX Controls to Run
          6. Deactivating an ActiveX Control
        6. Managing Java Applets
      2. 13. Blocking Spyware, Adware, and Other Unwanted Software
        1. What Is Spyware?
        2. Blocking Unwanted Software
        3. Choosing and Using Anti-Spyware Tools
          1. Aluria Software
            1. Aluria Software
            2. Computer Associates International
            3. ewido networks
            4. FaceTime Communications
            5. Javacool Software
            6. Lavasoft
            7. McAfee
            9. Microsoft Corporation
            10. PC Tools Software
            11. Safer Networking
            12. Sunbelt Software
            13. Symantec
            14. Tenebril
            15. Trend Micro
            16. Webroot Software
        4. Rooting Out Spyware
          1. Identifying Potentially Unwanted Software
          2. Using Automated Removal Tools
          3. Using Special-Purpose Removal Tools
          4. Removing Unwanted Software Manually
      3. 14. Stopping Viruses, Worms, and Trojan Horses
        1. How Malicious Software Attacks Your Computer
          1. Attachment-Borne Viruses
          2. Attacks from the Web
          3. Trojan Horse Programs
          4. Other Attacks
        2. Identifying Malicious Software
        3. Choosing an Antivirus Program
          1. Authentium, Inc.
          2. Central Command
          3. Computer Associates International, Inc.
          4. Eset
          5. F-Secure Corporation
          6. Grisoft, Inc.
          7. Kaspersky Lab
          8. McAfee, Inc.
          9. Norman ASA
          10. Panda Software
          11. Sophos
          12. Symantec Corporation
          13. Trend Micro Inc.
        4. Protecting Your Computer from Hostile Software
          1. Training Users to Avoid Viruses
          2. Blocking Dangerous Attachments
          3. Using Backups and System Restore
        5. Repairing an Infected System
      4. 15. Securing E-Mail and Instant Messages
        1. Protecting Yourself from Hazardous Attachments
          1. Attachment and Automation Security in Outlook
            1. Determining Whether You Have the Security Update
            2. How the Security Update Handles File Attachments
            3. How the Security Update Handles Microsoft Office Documents
            4. The Outlook Object Model and the Security Update
            5. Adding the Security Update to Your System
            6. Customizing the Security Update in Outlook 2002 and Outlook 2003
            7. Workarounds for the Security Update
            8. Attachment Security Without the E-Mail Security Update
          2. Attachment Security in Outlook Express
        2. Protecting Yourself from Rogue HTML
          1. Changing the Security Zone
          2. Activating Script in an Outlook 2002 or Outlook 2003 Message
        3. Using Web-Based E-Mail Securely
          1. Handling Attachments and Script
        4. Protecting E-Mail from Prying Eyes
          1. Obtaining a Public Key/Private Key Pair
          2. Using S/MIME to Send Encrypted Messages
            1. Encrypting All Outbound Messages
            2. Reading Encrypted Messages
          3. Ensuring the Authenticity and Integrity of Your Messages
            1. Signing All Outbound Messages
          4. Using PGP for Signing and Encrypting
          5. Other Third-Party Encryption Tools
            2. Hushmail
            3. Sigaba Secure Email
            4. ZixMail
        5. Using Instant Messaging Safely
          1. Avoiding Malicious Software
          2. Preventing Spim
      5. 16. Blocking Spam
        1. What Is Spam?
          1. Sneaky Spammers' Secrets
          2. How to Decode an E-Mail Header
            1. Viewing Message Headers in Outlook Express
            2. Viewing Message Headers in Outlook
            3. Viewing Headers in Other E-Mail Programs
            4. Reading a Message Header
        2. Basic Spam-Blocking Techniques
        3. Using Filters
          1. Creating Custom Filters
            1. Message Rules in Outlook Express
            2. Message Rules in Outlook
            3. Filters in MSN Hotmail
          2. Using Outlook's Junk E-Mail Filters
          3. Backing Up Message Rules
        4. Third-Party Spam-Busting Solutions
        5. Fighting Back Against Spam
      6. 17. Securing Your Computer by Using a Firewall
        1. How Hack Attacks Work
        2. Configuring a Host Firewall
          1. Allowing Incoming Connections Through Windows Firewall
            1. Creating an Exception for a Program
            2. Opening a Port
            3. Creating Exceptions for a Server
            4. Configuring ICMP Options
          2. Controlling Windows Firewall with Group Policy
          3. Using the Netsh Command to Manage Windows Firewall
          4. Blocking All Exceptions
        3. Identifying Intruders
          1. Configuring Windows Firewall Logging
          2. Examining Windows Firewall Logs
        4. Fighting Back
      7. 18. Protecting Your Privacy
        1. Protecting Your Identity
        2. Avoiding Losses from "Phishing" Attacks
        3. Ensuring Your Children's Safety and Privacy
        4. Managing Cookies
          1. The Anatomy of a Cookie
            1. How a Cookie Is Created
            2. Reading Cookies
          2. Setting Cookie Preferences in Internet Explorer 6
            1. Using the Privacy Slider to Manage Cookies
            2. Fine-Tuning Your Privacy Settings with the Per-Site List
            3. Reading the Privacy Report
            4. Overriding P3P–Based Cookie Handling
            5. Importing Custom Privacy Settings
            6. Removing Custom Privacy Settings
          3. Setting Cookie Preferences in Firefox/Mozilla
          4. Backing Up, Restoring, and Deleting Cookies
          5. Using a Cookie-Management Program
        5. Watching for Web Bugs
        6. Browsing Anonymously
        7. Covering Your Tracks
          1. Eliminating Your Internet Explorer History
          2. Erasing Your Internet Explorer AutoComplete History
          3. Turning Off Inline AutoComplete in Internet Explorer
          4. Clearing Your Recent Documents List
          5. Eliminating Recent Document History on Exit
          6. Eliminating Applications' Most-Recently-Used Lists and the Recent Documents Menu
          7. Using Third-Party Cleaners
    8. 4. Extreme Security
      1. 19. Securing Ports and Protocols
        1. How Ports and Protocols Allow Access to Your Computer
          1. How Ports Are Assigned
          2. Unofficial Port Usage
          3. How Connections to a Port Are Made
        2. Determining Which Ports Are Active
        3. Restricting Access to Ports
          1. Restricting Ports by Using Windows Firewall
          2. Restricting Ports by Using TCP/IP Filtering
          3. Restricting Ports by Using a Perimeter Firewall
          4. Restricting Ports by Using IP Security
            1. Creating an IPSec Policy
            2. Enabling an IPSec Policy
            3. Modifying an IPSec Policy
            4. Monitoring IPSec
        4. Why Blocking Ports Isn't Enough
        5. Shutting Down Unneeded Services
          1. Understanding Windows Services
        6. Tightening Security on Internet Information Services
          1. Managing IIS Services
          2. Running the IIS Lockdown Tool
          3. Blocking Anonymous Access to IIS
          4. Using Server Logs
          5. Keeping Up with IIS Security Updates
      2. 20. Installing and Using Digital Certificates
        1. What Are Digital Certificates?
          1. Certificate Purposes
          2. Certificate Stores
          3. Certification Authorities
        2. Obtaining a Personal Certificate
        3. Managing Your Certificates
          1. Using the Certificates Dialog Box
          2. Using the Certificates Snap-In
            1. Creating a Console
            2. Changing View Options
          3. Viewing and Modifying Certificate Properties
            1. Determining a Certificate's Validity
            2. Changing a Certificate's Properties
          4. Exporting Certificates for Safekeeping
          5. Importing Certificates
          6. Copying or Moving a Certificate
          7. Deleting a Certificate
          8. Renewing a Certificate
      3. 21. Encrypting Files and Folders
        1. Using the Encrypting File System
          1. Before You Begin: Learn the Dangers of EFS
          2. Encrypting Your Data
            1. Encrypting Offline Files
            2. Using the Cipher Command
          3. Using Encrypted Data
            1. Sharing Your Encrypted Files with Other Users
            2. Accessing Encrypted Data on Remote Shares
          4. Recovering Encrypted Data
          5. Disabling or Reenabling EFS
            1. Disabling or Reenabling EFS in Windows XP
            2. Disabling or Reenabling EFS in Windows 2000
            3. Disabling EFS for Individual Folders or Files
          6. Strengthening EFS Protection
        2. Creating a Data Recovery Agent
          1. Generating a File Recovery Certificate
          2. Designating Data Recovery Agents
          3. Removing the Private Key
        3. Backing Up Your Certificates
          1. Backing Up the File Recovery Certificate
          2. Exporting a Personal Encryption Certificate
          3. Importing a Personal Encryption Certificate
          4. Creating a New Personal Encryption Certificate
      4. 22. Managing Security Through Group Policy and Security Templates
        1. Exploring Security-Related Policies
          1. Exploring User Rights
          2. Exploring Security Options
          3. Exploring Other Group Policies
        2. Using the Group Policy Snap-In
          1. Using the Security Settings Extension
          2. How Policies Are Applied
          3. Starting Group Policy for a Remote Computer
        3. Using Security Templates
          1. Using the Security Templates Snap-In
          2. Reviewing Account Policies, Local Policies, Event Log, and System Services Settings
          3. Controlling Security Group Membership
          4. Configuring Permissions on Folders, Files, and the Registry
          5. Applying Template Settings
        4. Analyzing System Security
      5. 23. Monitoring Security Events
        1. Auditing Security Events
          1. Enabling Security Auditing
          2. Configuring Auditing of Access to Files, Printers, and Registry Keys
          3. Deciding What to Audit
        2. Viewing the Log of Security Events
          1. Working with Logged Events
          2. Working with Log Files
            1. Setting Log File Size and Longevity
            2. Archiving and Exporting Log File Information
            3. Displaying an Archived Log File
            4. Clearing Log Files
        3. Viewing Other Security-Related Logs
    9. 5. Appendix
      1. A. The Ten Immutable Laws of Security
        1. Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore.
        2. Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore.
        3. Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
        4. Law #4: If you allow a bad guy to upload programs to your Web site, it's not your Web site anymore.
        5. Law #5: Weak passwords trump strong security.
        6. Law #6: A computer is only as secure as the administrator is trustworthy.
        7. Law #7: Encrypted data is only as secure as the decryption key.
        8. Law #8: An out-of-date virus scanner is only marginally better than no virus scanner at all.
        9. Law #9: Absolute anonymity isn't practical, in real life or on the Web.
        10. Law #10: Technology is not a panacea.
    10. Index