You are previewing Security Strategies in Windows Platforms and Applications.
O'Reilly logo
Security Strategies in Windows Platforms and Applications

Book Description

PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES! More than 90 percent of individuals, students, educators, businesses, organizations, and governments use Microsoft Windows, which has experienced frequent attacks against its well-publicized vulnerabilities. Written by an industry expert, Security Strategies in Windows Platforms and Applications focuses on new risks, threats, and vulnerabilities associated with the Microsoft Windows operating system. Particular emphasis is placed on Windows XP, Vista, and 7 on the desktop, and Windows Server 2003 and 2008 versions. It highlights how to use tools and techniques to decrease risks arising from vulnerabilities in Microsoft Windows operating systems and applications. The book also includes a resource for readers desiring more information on Microsoft Windows OS hardening, application security, and incident management. With its accessible writing style, and step-by-step examples, this must-have resource will ensure readers are educated on the latest Windows security strategies and techniques.

Table of Contents

  1. Copyright
  2. Preface
    1. Purpose of This Book
    2. Learning Features
    3. Audience
  3. Acknowledgments
  4. ONE. The Microsoft Windows Security Situation
    1. 1. Microsoft Windows and the Threat Landscape
      1. Information Systems Security
      2. Tenets of Information Security: The A-I-C Triad
        1. Availability
        2. Integrity
        3. Confidentiality
      3. Mapping Microsoft Windows and Applications Into a Typical IT Infrastructure
        1. Windows Clients
        2. Windows Servers
      4. Microsoft's End User Licensing Agreement (EULA)
      5. Windows Threats and Vulnerabilities
      6. Anatomy of Microsoft Windows Vulnerabilities
        1. Code Red
        2. SQL Slammer
        3. Conficker
      7. Discovery-Analysis-Remediation Cycle
        1. Discovery
        2. Analysis
        3. Remediation
      8. Common Forms of Attack
      9. CHAPTER SUMMARY
      10. KEY CONCEPTS AND TERMS
      11. CHAPTER 1 ASSESSMENT
    2. 2. Security in the Microsoft Windows Operating System
      1. Operating System Components and Architecture
        1. The Kernel
        2. Operating System Components
      2. Basic Windows Operating System Architecture
        1. Windows Run Modes
        2. Kernel Mode
        3. User Model
      3. Access Controls and Authentication
        1. Authentication Methods
        2. Access Control Methods
      4. Security Access Tokens, Rights, and Permissions
        1. Security Identifier
        2. Access Rules, Rights, and Permissions
      5. Users, Groups, and Active Directory
        1. Workgroups
        2. Active Directory
      6. Windows Attack Surfaces and Mitigation
        1. Multilayered Defense
        2. Mitigation
      7. Fundamentals of Microsoft Windows Security Monitoring and Maintenance
        1. Security Monitoring
        2. Identify Vulnerabilities
      8. CHAPTER SUMMARY
      9. KEY CONCEPTS AND TERMS
      10. CHAPTER 2 ASSESSMENT
  5. TWO. Managing and Maintaining Microsoft Windows Security
    1. 3. Access Controls in Microsoft Windows
      1. The Principle of Least Privilege
        1. The Orange Book
        2. Least Privilege and LUAs
        3. Rights and Permissions
      2. Access Models: Identification, Authentication, Authorization, ACLs, and More
        1. User Account Control (UAC)
        2. Sharing SIDs and SATs
        3. Kerberos
        4. NT LAN Manager
      3. Windows Objects and Access Controls
        1. Windows DACLs
        2. DACL Advanced Permissions
      4. SIDs, GUIDs, and CLSIDs
      5. Calculating Microsoft Windows Access Permissions
      6. Auditing and Tracking Windows Access
      7. Microsoft Windows Access Management Tools
        1. Cacls.exe
        2. iCacls.exe
        3. Robocopy
      8. Best Practices for Microsoft Windows Access Control
      9. CHAPTER SUMMARY
      10. KEY CONCEPTS AND TERMS
      11. CHAPTER 3 ASSESSMENT
    2. 4. Microsoft Windows Encryption Tools and Technologies
      1. Encryption Methods Microsoft Windows Supports
      2. Encrypting File System, BitLocker, and BitLocker To Go
        1. Encrypting File System
        2. BitLocker
        3. BitLocker To Go
      3. Enabling File-, Folder-, and Volume-Level Encryption
        1. Enabling EFS
        2. Enabling BitLocker
        3. Enabling BitLocker To Go
      4. Encryption in Communications
      5. Encryption Protocols in Microsoft Windows
        1. SSL/TLS
        2. Virtual Private Network
        3. Wireless Security
      6. Microsoft Windows and Security Certificates
      7. Public Key Infrastructure
      8. Best Practices for Windows Encryption Techniques
      9. CHAPTER SUMMARY
      10. KEY CONCEPTS AND TERMS
      11. CHAPTER 4 ASSESSMENT
    3. 5. Protecting Microsoft Windows Against Malware
      1. Types of Malware
        1. Virus
        2. Worm
        3. Trojan Horse
        4. Rootkit
        5. Spyware
        6. Malware Type Summary
      2. Antivirus and Anti-Spyware Software
        1. Antivirus Software
        2. Anti-Spyware Software
      3. Importance of Updating Your Software
      4. Maintaining a Malware-Free Environment
      5. Scanning and Auditing Malware
      6. Tools and Techniques for Removing Malware
      7. Malware Prevention Best Practices
      8. CHAPTER SUMMARY
      9. KEY CONCEPTS AND TERMS
      10. CHAPTER 5 ASSESSMENT
    4. 6. Group Policy Control in Microsoft Windows
      1. Group Policy and Group Policy Objects
        1. Group Policy Settings
        2. GPO Linking
      2. Making Group Policy Conform to Security Policy
        1. Security Responsibility
        2. Security Policy and Group Policy
        3. Group Policy Targets
      3. Types of GPOs in the Registry
        1. Local Group Policy Editor
        2. GPOs in the Registry Editor
      4. Types of GPOs in Active Directory
        1. Group Policy Management Console
        2. GPOs on the Domain Controller
      5. Designing, Deploying, and Tracking Group Policy Controls
        1. GPO Application Order
        2. Security Filters
        3. GPO Windows Management Instrumentation (WMI) Filters
        4. Deploying Group Policy
      6. Auditing and Managing Group Policy
        1. Group Policy Inventory
        2. Analyzing the Effect of GPOs
      7. Best Practices for Microsoft Windows Group Policy and Processes
        1. Group Policy Design Guidelines
      8. CHAPTER SUMMARY
      9. KEY CONCEPTS AND TERMS
      10. CHAPTER 6 ASSESSMENT
    5. 7. Microsoft Windows Security Profile and Audit Tools
      1. Profiling Microsoft Windows Security
        1. Profiling
        2. Profiling Windows Computers
      2. Microsoft Baseline Security Analyzer (MBSA)
        1. MBSA GUI
        2. MBSA Command Line Interface
      3. Shavlik Security Analyzers
        1. NetChk Protect Limited
        2. NetChk Protect
      4. Secunia Personal and Corporate Security Analyzers
        1. Secunia Personal Scanners
        2. Secunia Corporate Products
      5. Microsoft Windows Security Audit
      6. Microsoft Windows Security Audit Tools
      7. Best Practices for Microsoft Windows Security Audits
      8. CHAPTER SUMMARY
      9. KEY CONCEPTS AND TERMS
      10. CHAPTER 7 ASSESSMENT
    6. 8. Microsoft Windows Backup and Recovery Tools
      1. Microsoft Windows Operating System (OS) and Application Backup and Recovery
        1. The Need for Backups
        2. The Backup Process
        3. The Restore Process
      2. Workstation, Server, Network, and Internet Backup Techniques
        1. Workstation Backups
          1. Other Workstation Backup Utilities
        2. Server Backups
          1. Other Server Backup Utilities
        3. Network Backups
        4. Internet Backups
      3. Microsoft Windows and Application Backup and Recovery in a Business Continuity Recovery Setting
        1. Disaster Recovery Plan
        2. Business Continuity Plan
        3. Where a Restore Fits In
      4. Microsoft Windows Backup and Restore Utility
        1. Restoring with the Windows Backup and Restore Utility
        2. Restoring with the Windows Server 2008 Server Recovery Utility
      5. Rebuilding Systems from Bare Metal
      6. Managing Backups with Virtual Machines
      7. Best Practices for Microsoft Windows Backup and Recovery
      8. CHAPTER SUMMARY
      9. KEY CONCEPTS AND TERMS
      10. CHAPTER 8 ASSESSMENT
    7. 9. Microsoft Windows Network Security
      1. Network Security
        1. Network Security Controls
      2. Principles of Microsoft Windows Network Security
        1. Common Network Components
        2. Connection Media
          1. Wired Network Connections
          2. Wireless Network Connections
        3. Networking Devices
          1. Hub
          2. Switch
          3. Router
          4. Gateway
        4. Server Computers and Services Devices
          1. Network File Server
          2. Network Print Server
          3. Data Storage
          4. Application Services
          5. Firewalls
      3. Microsoft Windows Security Protocols and Services
      4. Securing Microsoft Windows Environment Network Services
        1. Service Updates
        2. Service Accounts
        3. Necessary Services
      5. Securing Microsoft Windows Wireless Networking
      6. Microsoft Windows Desktop Network Security
        1. User Authorization and Authentication
        2. Malicious Software Protection
        3. Outbound Traffic Filtering
      7. Microsoft Windows Server Network Security
        1. Authentication and Authorization
        2. Malicious Software Protection
        3. Network Traffic Filtering
      8. Best Practices for Microsoft Windows Network Security
      9. CHAPTER SUMMARY
      10. KEY CONCEPTS AND TERMS
      11. CHAPTER 9 ASSESSMENT
    8. 10. Microsoft Windows Security Administration
      1. Security Administration Overview
        1. The Security Administration Cycle
        2. Security Administration Tasks
      2. Maintaining the A-I-C Triad in the Microsoft Windows OS World
        1. Maintaining Availability
        2. Maintaining Integrity
        3. Maintaining Confidentiality
      3. Microsoft Windows OS Security Administration
        1. Firewall Administration
        2. Performance Monitor
        3. Backup Administration
          1. Windows Workstation Backups
          2. Windows Server Backups
        4. Operating System Service Pack Administration
        5. Group Policy Administration
        6. DACL Administration
        7. Encryption Administration
          1. Enabling EFS
          2. Enabling BitLocker or BitLocker To Go
        8. Anti-Malware Software Administration
      4. Ensuring Due Diligence and Regulatory Compliance
        1. Due Diligence
      5. The Need for Security Policies, Standards, Procedures, and Guidelines
      6. Best Practices for Microsoft Windows OS Security Administration
      7. CHAPTER SUMMARY
      8. KEY CONCEPTS AND TERMS
      9. CHAPTER 10 ASSESSMENT
  6. THREE. Microsoft Windows OS and Application Security Trends and Directions
    1. 11. Hardening the Microsoft Windows Operating System
      1. Understanding the Hardening Process and Mindset
        1. Strategies to Secure Windows Computers
        2. Install Only What You Need
        3. Security Configuration Wizard
        4. Manually Disabling and Removing Programs and Services
      2. Hardening Microsoft Windows Operating System Authentication
      3. Hardening the Network Infrastructure
      4. Securing Directory Information and Operations
      5. Hardening Microsoft Windows OS Administration
      6. Hardening Microsoft Servers and Client Computers
        1. Hardening Server Computers
        2. Hardening Workstation Computers
      7. Hardening Data Access and Controls
      8. Hardening Communications and Remote Access
        1. Authentication Servers
          1. RADIUS
          2. TACACS+
        2. VPNs and Encryption
      9. Hardening PKI
      10. User Security Training and Awareness
      11. Best Practices for Hardening Microsoft Windows OS and Applications
      12. CHAPTER SUMMARY
      13. KEY CONCEPTS AND TERMS
      14. CHAPTER 11 ASSESSMENT
    2. 12. Microsoft Application Security
      1. Principles of Microsoft Application Security
        1. Common Application Software Attacks
        2. Hardening Applications
      2. Securing Key Microsoft Client Applications
        1. Web Browser
        2. E-mail Client
        3. Productivity Software
        4. File Transfer Software
        5. AppLocker
      3. Securing Key Microsoft Server Applications
        1. Web Server
        2. E-mail Server
        3. Database Server
        4. ERP Software
        5. Line of Business Software
      4. Case Studies in Microsoft Application Security
        1. Sporton International
        2. Monroe College
        3. Dow Corning
      5. Best Practices for Securing Microsoft Windows Applications
      6. CHAPTER SUMMARY
      7. KEY CONCEPTS AND TERMS
      8. CHAPTER 12 ASSESSMENT
    3. 13. Microsoft Windows Incident Handling and Management
      1. Understanding and Handling Security Incidents Involving Microsoft Windows OS and Applications
      2. Formulating an Incident Response Plan
        1. Plan Like a Pilot
        2. Plan for Anything That Could Cause Loss or Damage
        3. Build the CSIRT
        4. Plan for Communication
        5. Plan Security
        6. Revision Procedures
        7. Plan Testing
      3. Handling Incident Response
        1. Preparation
        2. Identification
        3. Containment
        4. Eradication
        5. Recovery
        6. Lessons Learned
      4. Incident Handling and Management Tools for Microsoft Windows and Applications
      5. Investigating Microsoft Windows and Applications Incidents
      6. Acquiring and Managing Incident Evidence
        1. Types of Evidence
        2. Chain of Custody
        3. Evidence Collection Rules
      7. Best Practices for Handling Microsoft Windows OS and Applications Incidents and Investigations
      8. CHAPTER SUMMARY
      9. KEY CONCEPTS AND TERMS
      10. CHAPTER 13 ASSESSMENT
    4. 14. Microsoft Windows and the Security Life Cycle
      1. Understanding System Life Cycle Phases
      2. Managing Microsoft Windows OS and Application Software Security
      3. Developing Secure Microsoft Windows OS and Application Software
      4. Implementing, Evaluating, and Testing Microsoft Windows OS and Application Software Security
      5. Maintaining the Security of Microsoft Windows OS and Application Software
      6. Microsoft Windows OS and Application Software Revision, Change Management, and End-of-Life Phaseout
        1. Software Development Areas of Difficulty
        2. Software Control
        3. Software Configuration Management (SCM)
      7. Best Practices for Microsoft Windows and Application Software Development Security Investigations
      8. CHAPTER SUMMARY
      9. KEY CONCEPTS AND TERMS
      10. CHAPTER 14 ASSESSMENT
    5. 15. Best Practices for Microsoft Windows and Application Security
      1. Basic Rules of Microsoft Windows OS and Application Security
      2. Audit and Remediation Cycles
      3. Security Policy Conformance Checks
      4. Security Baseline Analysis
      5. OS and Application Checks and Upkeep
      6. Network Management Tools and Policies
      7. Software Testing, Staging, and Deployment
      8. Compliance/Currency Tests on Network Entry
      9. Trends in Microsoft Windows OS and Application Security Management
      10. CHAPTER SUMMARY
      11. KEY CONCEPTS AND TERMS
      12. CHAPTER 15 ASSESSMENT
  7. A. Answer Key
  8. B. Standard Acronyms
  9. Glossary of Key Terms
  10. References