You are previewing WINDOWS VISTA™ SECURITY: Securing Vista Against Malicious Attacks.
O'Reilly logo
WINDOWS VISTA™ SECURITY: Securing Vista Against Malicious Attacks

Book Description

Written by two veteran Windows security experts—one a Microsoft Security MVP and Foundstone Security Consultant, and the other a former senior member of Microsoft's Security Engineering Team—this essential resource prepares end users and technical administrators to handle various security problems that exist in Windows Vista as well as possible future threats. Offering in-depth coverage of all significant new security technologies in Windows Vista, this book addresses User Account Control, the new Firewall, Internet Explorer 7.0, Windows Defender, Service Hardening, and BitLocker.

Table of Contents

  1. Copyright
  2. About the Authors
  3. Credits
  4. Foreword
  5. Acknowledgments
  6. Introduction
    1. Overview of the Book and Technology
    2. How This Book Is Organized
      1. Chapter 1, "New Security Features"
      2. Chapter 2, "How Hackers Attack"
      3. Chapter 3, "Windows Infrastructure"
      4. Chapter 4, "User Account Control"
      5. Chapter 5, "Managing Access Control"
      6. Chapter 6, "Application Security"
      7. Chapter 7, "Vista Client Protection"
      8. Chapter 8, "Securing Internet Explorer"
      9. Chapter 9, "Introducing IIS 7"
      10. Chapter 10, "Protecting E-mail"
      11. Chapter 11, "Managing Windows Firewall"
      12. Chapter 12, "Server and Domain Isolation"
      13. Chapter 13, "Wireless Security"
      14. Chapter 14, "Using Group Policy"
      15. Chapter 15 "Thinking About Security"
      16. Appendixes
    3. Who Should Read This Book
    4. Tools You Will Need
    5. What's on the Web Site
    6. Summary
  7. I. Introducing Windows Vista
    1. 1. New Security Features
      1. 1.1. Security Development Lifecycle
      2. 1.2. Improved C++ Security
      3. 1.3. Address Space Layout Randomization
      4. 1.4. Data Execution Protection
      5. 1.5. Protected Processes
      6. 1.6. Windows Vista User Experience
      7. 1.7. Host-Based Security
        1. 1.7.1. Boot Changes
          1. 1.7.1.1. Boot Configuration Data
          2. 1.7.1.2. System Recovery
          3. 1.7.1.3. Startup Repair Tool
          4. 1.7.1.4. BitLocker Drive Encryption and TPM
        2. 1.7.2. Security Defaults
        3. 1.7.3. Windows Defender
        4. 1.7.4. Malicious Software Removal Tool
        5. 1.7.5. Improved Logon Architecture
          1. 1.7.5.1. LAN Manager Disabled
          2. 1.7.5.2. Better Support for Additional Authentication Methods
          3. 1.7.5.3. Session Isolation
        6. 1.7.6. Service Hardening
        7. 1.7.7. Enhanced Device Driver Experience
          1. 1.7.7.1. User-Mode Driver Framework
          2. 1.7.7.2. Portable Media Device Control
          3. 1.7.7.3. ReadyBoost Memory
        8. 1.7.8. User Account Control
        9. 1.7.9. Secure Desktop
        10. 1.7.10. Mandatory Integrity Control
        11. 1.7.11. Improved File, Folder, and Registry Protection
          1. 1.7.11.1. NTFS Changes
          2. 1.7.11.2. Creator Owners Can Be Prevented from Having Full Control
          3. 1.7.11.3. Per Socket Permissions
          4. 1.7.11.4. New Built-in Users and Groups
          5. 1.7.11.5. File and Registry Virtualization
          6. 1.7.11.6. Windows Resource Protection
        12. 1.7.12. Encryption Enhancements
          1. 1.7.12.1. EFS Enhancements
          2. 1.7.12.2. RMS-Integrated Client
          3. 1.7.12.3. Unix on Windows
        13. 1.7.13. Improved Patch Management
        14. 1.7.14. Hot Patching and Restart Manager
        15. 1.7.15. Improved Event Logs
        16. 1.7.16. Subscription and Forwarded Events
        17. 1.7.17. Task Manager
        18. 1.7.18. Increased Emphasis on Backup
      8. 1.8. Securing E-mail and the Internet
        1. 1.8.1. Windows Mail
        2. 1.8.2. Internet Explorer
        3. 1.8.3. IIS 7
      9. 1.9. Securing Windows Networks
        1. 1.9.1. Enhanced Network Location Awareness
        2. 1.9.2. Network Map
        3. 1.9.3. The Rebuilt TCP/IP Stack with IPv6
        4. 1.9.4. Routing Compartmentalization
        5. 1.9.5. Windows Firewall
        6. 1.9.6. Domain Isolation
        7. 1.9.7. Improved Wireless Security
        8. 1.9.8. New Peer-to-Peer Networking
        9. 1.9.9. SMB 2.0
      10. 1.10. Group Policy
      11. 1.11. 64-bit Only Improvements
      12. 1.12. Future Improvements
      13. 1.13. Summary
      14. 1.14. Best Practices
    2. 2. How Hackers Attack
      1. 2.1. Malicious Exploitation
        1. 2.1.1. Eight Exploitation Techniques
        2. 2.1.2. Logon Credential Guessing/Cracking
          1. 2.1.2.1. Password Guessing
        3. 2.1.3. Buffer Overflow
        4. 2.1.4. Metasploit Framework
        5. 2.1.5. OS or Application Vulnerability
          1. 2.1.5.1. Privilege Escalation
          2. 2.1.5.2. Information Disclosure
          3. 2.1.5.3. Data Malformation
          4. 2.1.5.4. Unintended Consequences
        6. 2.1.6. OS or Application Misconfiguration
        7. 2.1.7. Eavesdropping/Man-in-the-Middle Attack
        8. 2.1.8. Denial of Service Attack
        9. 2.1.9. Client-Side Attack
        10. 2.1.10. Social Engineering
        11. 2.1.11. Dedicated Hacker Methodology
        12. 2.1.12. Automated Malware
          1. 2.1.12.1. Computer Virus
          2. 2.1.12.2. Computer Worm
          3. 2.1.12.3. Trojan Horse Program
          4. 2.1.12.4. Bot
          5. 2.1.12.5. Spyware
          6. 2.1.12.6. Adware
      2. 2.2. Where Windows Malware Hides
      3. 2.3. Why Malicious Hackers Hack
      4. 2.4. Summary
    3. 3. Windows Infrastructure
      1. 3.1. Boot Sequence
        1. 3.1.1. Boot Viruses No Longer a Threat
        2. 3.1.2. BitLocker Volume Encryption
        3. 3.1.3. Enabling TPM and BitLocker
      2. 3.2. Post-Boot Startup
        1. 3.2.1. Applying Security Policy
        2. 3.2.2. Name Resolution
          1. 3.2.2.1. NetBIOS Name Resolution Is Often Required
          2. 3.2.2.2. User Profiles
        3. 3.2.3. Services
      3. 3.3. Services You Need To Understand
        1. 3.3.1. Svchost
        2. 3.3.2. RPC
        3. 3.3.3. SMB/CIFS
        4. 3.3.4. Computer Browser, Workstation, and Server Service
        5. 3.3.5. Autorun Programs
      4. 3.4. Registry
        1. 3.4.1. Registry Structure
          1. 3.4.1.1. HKey_Local_Machine Hive
          2. 3.4.1.2. HKey_Classes_Root
          3. 3.4.1.3. HKey_Current_Users
          4. 3.4.1.4. HKey_Users
          5. 3.4.1.5. HK_Current Config
      5. 3.5. Logon Authentication
        1. 3.5.1. Identity
        2. 3.5.2. Authentication
        3. 3.5.3. Computer Accounts
        4. 3.5.4. Password Storage
        5. 3.5.5. Authentication Protocols
        6. 3.5.6. SAM Versus Active Directory
        7. 3.5.7. Cache Credentials
      6. 3.6. Access Control
        1. 3.6.1. Share Versus NTFS Permissions
        2. 3.6.2. Impersonation Versus Delegation
        3. 3.6.3. Integrity Controls
      7. 3.7. Summary
  8. II. Host-Based Security
    1. 4. User Account Control
      1. 4.1. Introduction
      2. 4.2. Basics
        1. 4.2.1. Security Identifiers
        2. 4.2.2. Security Token
      3. 4.3. The Case for Least Privilege
      4. 4.4. Admins Are Omnipotent
      5. 4.5. User Account Control Is More Than You Think
        1. 4.5.1. Elevation
          1. 4.5.1.1. Non-Admin Elevation
          2. 4.5.1.2. Special Topics in Elevation
        2. 4.5.2. New Privileges to Delegate Common Tasks
        3. 4.5.3. Application Factoring
        4. 4.5.4. Virtualization
        5. 4.5.5. Integrity Labels and Low Rights Apps
        6. 4.5.6. Special Treatment of Built-in Administrator
        7. 4.5.7. No More Power Users
      6. 4.6. UAC and Remote Access
        1. 4.6.1. SMB Access
        2. 4.6.2. Remote Desktop and Remote Assistance
      7. 4.7. UAC Policy Configuration
        1. 4.7.1. User Account Control: AdminApproval Mode for the Built-in Administrator Account
        2. 4.7.2. User Account Control: Behavior of the Elevation Prompt for Administrators in Admin Approval Mode
        3. 4.7.3. User Account Control: Behavior of the Elevation Prompt for Standard Users
        4. 4.7.4. User Account Control: Detect Application Installations and Prompt for Elevation
        5. 4.7.5. User Account Control: Only Elevate Executables that Are Signed and Validated
        6. 4.7.6. User Account Control: Only Elevate UIAccess Applications that Are Installed in Secure Locations
        7. 4.7.7. User Account Control: Run All Administrators in Admin Approval Mode
        8. 4.7.8. User Account Control: Switch to the Secure Desktop when Prompting for Elevation
        9. 4.7.9. User Account Control: Virtualize File and Registry Write Failures to Per-User Locations
      8. 4.8. Frequently Asked Questions About UAC
        1. 4.8.1. Why Can't I Access My Files?
        2. 4.8.2. Why Can't I Delete Stuff If I Elevate Windows Explorer?
        3. 4.8.3. How Do I Disable UAC?
        4. 4.8.4. What Happens If I Turn Off UAC?
        5. 4.8.5. What Access Do Low Processes Have to High Processes?
        6. 4.8.6. Why Does the Screen Have to Go Black?
        7. 4.8.7. I Don't Need UAC; Can I Just Enable It for Other Users?
        8. 4.8.8. What About Remote Access?
        9. 4.8.9. Why Isn't UAC More Like Sudo?
        10. 4.8.10. How Do I Audit Elevation?
      9. 4.9. Leveraging User Account Control in Applications
        1. 4.9.1. Application Manifests
        2. 4.9.2. Elevating Installers
        3. 4.9.3. Elevating in Scripts
        4. 4.9.4. The Elevate Tool
        5. 4.9.5. Elevated Command Prompt
      10. 4.10. Summary
      11. 4.11. Best Practices
    2. 5. Managing Access Control
      1. 5.1. Access Control Terminology
        1. 5.1.1. Securable Object
        2. 5.1.2. Access Control List
        3. 5.1.3. Security Descriptor
        4. 5.1.4. Access Control List Entry
        5. 5.1.5. ACL Representations
        6. 5.1.6. Inheritance
      2. 5.2. How an Access Control List Is Used
      3. 5.3. Major Access Control List Changes in Vista
        1. 5.3.1. Least Privilege
        2. 5.3.2. New and Modified Users and Groups
          1. 5.3.2.1. Administrator — Disabled By Default
          2. 5.3.2.2. Power Users Permissions Removed
          3. 5.3.2.3. Trusted Installer
          4. 5.3.2.4. Help and Support Accounts Removed
          5. 5.3.2.5. New Network Location SIDs
          6. 5.3.2.6. OWNER_RIGHT and Owner Rights
        3. 5.3.3. Default ACLs
          1. 5.3.3.1. Trusted Installer
          2. 5.3.3.2. Deny ACEs
          3. 5.3.3.3. Default Permissions
        4. 5.3.4. Share Security
        5. 5.3.5. Changes to Token
        6. 5.3.6. Integrity Levels
      4. 5.4. Tools to Manage Access Control Lists
        1. 5.4.1. Cacls and Icacls
          1. 5.4.1.1. Save ACLs
          2. 5.4.1.2. Restore ACLs
          3. 5.4.1.3. Substitute SIDs
          4. 5.4.1.4. Change Owner
          5. 5.4.1.5. Find All Aces Granted to a Particular User
          6. 5.4.1.6. Resetting ACLs
          7. 5.4.1.7. Grant/Deny/Remove
          8. 5.4.1.8. Set Integrity Level
        2. 5.4.2. ACL UI
        3. 5.4.3. Other Tools
      5. 5.5. Registry ACLs
      6. 5.6. Summary
      7. 5.7. Best Practices
    3. 6. Application Security
      1. 6.1. Client Security
        1. 6.1.1. Service Hardening
          1. 6.1.1.1. Service SID
          2. 6.1.1.2. Services Running with Less Privilege
          3. 6.1.1.3. Reduction of Privileges in Services
          4. 6.1.1.4. Write Restricted Tokens
          5. 6.1.1.5. Firewall Policies Restricting Services
        2. 6.1.2. Named Pipes Hardening
        3. 6.1.3. Windows Resource Protection
        4. 6.1.4. Session 0 Isolation
          1. 6.1.4.1. Sessions
          2. 6.1.4.2. Window Stations
          3. 6.1.4.3. Desktops
          4. 6.1.4.4. Why Session Isolation Is Needed
          5. 6.1.4.5. How Session 0 Isolation Works
        5. 6.1.5. Reducing the Footprint
          1. 6.1.5.1. No Longer Installed by Default
          2. 6.1.5.2. Gone Altogether
          3. 6.1.5.3. Added Instead
          4. 6.1.5.4. It Should Have Been Gone
      2. 6.2. Restart Manager
      3. 6.3. ActiveX Installer Service
      4. 6.4. Antivirus
      5. 6.5. Desktop Optimization Pack
      6. 6.6. Summary
      7. 6.7. Best Practices
    4. 7. Vista Client Protection
      1. 7.1. Popularity of Client-Side Attacks
      2. 7.2. Malicious Software Removal Tool
      3. 7.3. Security Center
      4. 7.4. Windows Defender
      5. 7.5. Windows Live OneCare
      6. 7.6. Microsoft Forefront Client Security
      7. 7.7. Should Microsoft Be in the Anti-Malware Business?
      8. 7.8. Summary
      9. 7.9. Best Practices
  9. III. Securing Internet and E-mail Access
    1. 8. Securing Internet Explorer
      1. 8.1. Should You Use Another Browser?
      2. 8.2. New IE 7.0 Security Features
        1. 8.2.1. Protected Mode
          1. 8.2.1.1. New Low Integrity Folders and Registry Keys
          2. 8.2.1.2. IE Compatibility Shims
          3. 8.2.1.3. Protected Mode's Impact on Malware and Hackers
        2. 8.2.2. Anti-Phishing Filter
        3. 8.2.3. Add-on Management
        4. 8.2.4. Improved ActiveX Control Handling
        5. 8.2.5. Improved Digital Certificate Handling and Encryption
        6. 8.2.6. Improved URL Handling Protections
        7. 8.2.7. CardSpace
      3. 8.3. Internet Explorer Security Settings
        1. 8.3.1. Security Zones
          1. 8.3.1.1. Local Computer Zone
          2. 8.3.1.2. Internet Site Zone
          3. 8.3.1.3. Local Intranet Zone
          4. 8.3.1.4. Trusted Sites Zone
          5. 8.3.1.5. Restricted Sites Zone
        2. 8.3.2. Zone Security Settings
          1. 8.3.2.1. .NET Framework – Loose XAML
          2. 8.3.2.2. .NET Framework – XAML Browser Applications
          3. 8.3.2.3. .NET Framework – XPS Documents
          4. 8.3.2.4. .NET Framework–Reliant Components – Run Components Not Signed with Authenticode
          5. 8.3.2.5. .NET Framework–Reliant Components – Run Components Signed with Authenticode
          6. 8.3.2.6. ActiveX Controls and Plug-Ins – Allow Previously Unused ActiveX Controls to Run Without Prompting
          7. 8.3.2.7. ActiveX Controls and Plug-Ins – Allow Scriptlets
          8. 8.3.2.8. ActiveX Controls and Plug-Ins – Automatic Prompting for ActiveX Controls
          9. 8.3.2.9. ActiveX Controls and Plug-Ins – Binary and Script Behaviors
          10. 8.3.2.10. ActiveX Controls and Plug-Ins – Display Video and Animation on a Web Page That Does Not Use External Media Player
          11. 8.3.2.11. ActiveX Controls and Plug-Ins – Download Signed ActiveX Controls
          12. 8.3.2.12. ActiveX Controls and Plug-Ins – Download Unsigned ActiveX Controls
          13. 8.3.2.13. ActiveX Controls and Plug-Ins – Initialize and Script ActiveX Controls Not Marked as Safe for Scripting
          14. 8.3.2.14. ActiveX Controls and Plug-Ins – Run ActiveX Controls and Plug-Ins
          15. 8.3.2.15. ActiveX Controls and Plug-Ins – Script ActiveX Controls Marked Safe for Scripting
          16. 8.3.2.16. Downloads – Automatic Prompting for File Downloads
          17. 8.3.2.17. Downloads – File Download
          18. 8.3.2.18. Downloads – Font Download
          19. 8.3.2.19. Enable .Net Framework Setup
          20. 8.3.2.20. Java VM-Java Permissions
          21. 8.3.2.21. Miscellaneous – Access Data Sources Across Domains
          22. 8.3.2.22. Miscellaneous – Allow META REFRESH
          23. 8.3.2.23. Miscellaneous – Allow Scripting of Internet Explorer Web Browser Control
          24. 8.3.2.24. Miscellaneous – Allow Script-Initiated Windows Without Size or Position Constraints
          25. 8.3.2.25. Miscellaneous – Allow Web Pages to Use Restricted Protocols for Active Content
          26. 8.3.2.26. Miscellaneous – Allow Websites to Open Windows Without Address or Status Bars
          27. 8.3.2.27. Miscellaneous – Display Mixed Content
          28. 8.3.2.28. Miscellaneous – Don't Prompt for Client Certificate Selection When No Certificates or Only One Certificate Exists
          29. 8.3.2.29. Miscellaneous – Drag and Drop or Copy and Paste Files
          30. 8.3.2.30. Miscellaneous – Include Local Directory Path When Uploading Files to a Server
          31. 8.3.2.31. Miscellaneous – Installation of Desktop Items
          32. 8.3.2.32. Miscellaneous – Launching Applications and Unsafe Files
          33. 8.3.2.33. Miscellaneous – Launching Programs and Files in an Iframe
          34. 8.3.2.34. Miscellaneous – Navigate Sub-Frames Across Different Domains
          35. 8.3.2.35. Miscellaneous – Open Files Based on Content, Not File Extension
          36. 8.3.2.36. Miscellaneous – Software Channel Permissions
          37. 8.3.2.37. Miscellaneous – Submit Non-Encrypted Form Data
          38. 8.3.2.38. Miscellaneous – Use Phishing Filter
          39. 8.3.2.39. Miscellaneous – Use Pop-Up Blocker
          40. 8.3.2.40. Miscellaneous – Userdata Persistence
          41. 8.3.2.41. Miscellaneous – Web Sites in Less Privileged Web Content Zone Can Navigate into This Zone
          42. 8.3.2.42. Scripting – Active Scripting
          43. 8.3.2.43. Scripting – Allow Programmatic Clipboard Access
          44. 8.3.2.44. Scripting – Allow Status Bar Updates Via Script
          45. 8.3.2.45. Scripting – Allow Websites to Prompt for Information Using Scripted Window
          46. 8.3.2.46. Scripting – Scripting of Java Applets
          47. 8.3.2.47. User Authentication
        3. 8.3.3. IE Advanced Settings
          1. 8.3.3.1. Browsing – Disable Script Debugging (Internet Explorer or Other)
          2. 8.3.3.2. Browsing – Display a Notification About Every Script Error
          3. 8.3.3.3. Browsing – Enable Third-Party Extensions
          4. 8.3.3.4. Browsing – Use Inline Autocomplete
          5. 8.3.3.5. International – Send UTF-8 URLS
          6. 8.3.3.6. Java (or Java-Sun) – Use JRE x.x for <applet>
          7. 8.3.3.7. Security – Allow Active Content from CDs to Run on My Computer
          8. 8.3.3.8. Security – Allow Active Content to Run in Files on My Computer
          9. 8.3.3.9. Security – Allow Software to Run or Install Even If the Signature Is Invalid
          10. 8.3.3.10. Security – Check for Publisher's Certificate Revocation
          11. 8.3.3.11. Security – Check for Server Certificate Revocation
          12. 8.3.3.12. Security – Check for Signatures on Downloaded Programs
          13. 8.3.3.13. Security – Do Not Save Encrypted Pages to Disk
          14. 8.3.3.14. Security – Empty Temporary Internet Files Folder When Browser Is Closed
          15. 8.3.3.15. Enable Memory Protection to Help Mitigate Online Attacks
          16. 8.3.3.16. Security – Enable Integrated Windows Authentication
          17. 8.3.3.17. Security – Phishing Filter Settings
          18. 8.3.3.18. Security – Use SSL 2.0, SSL 3.0, TLS 1.0
          19. 8.3.3.19. Security – Warn About Invalid Site Certificates
          20. 8.3.3.20. Security – Warn If Changing Between Secure and Not Secure Mode
          21. 8.3.3.21. Security – Warn If Forms Submittal Is Being Redirected
        4. 8.3.4. Other Browser Recommendations
          1. 8.3.4.1. Don't Browse Untrusted Web Sites
          2. 8.3.4.2. Keep IE Patches Updated
      4. 8.4. Will Internet Explorer 7 Be Hacked A Lot?
      5. 8.5. Summary
      6. 8.6. Best Practices
    2. 9. Introducing IIS 7
      1. 9.1. Web Server Threats
        1. 9.1.1. Application Vulnerabilities
        2. 9.1.2. OS Vulnerabilities
        3. 9.1.3. Back-End Database Issues
        4. 9.1.4. Protocol Vulnerabilities
        5. 9.1.5. Buffer Overflows
        6. 9.1.6. Directory Traversal Attacks
        7. 9.1.7. Sniffing Attacks
        8. 9.1.8. Denial of Service
        9. 9.1.9. Password Guessing Attacks
      2. 9.2. Introduction to IIS
      3. 9.3. New IIS Features
      4. 9.4. Installing IIS 7
      5. 9.5. IIS Components
      6. 9.6. IIS Protocol Listeners
        1. 9.6.1. HTTP.SYS
        2. 9.6.2. Net.TCP
        3. 9.6.3. Net.Pipe
        4. 9.6.4. Net.P2P
        5. 9.6.5. Net.MSMQ
      7. 9.7. Worker Processes, Application Pools, and Identities
        1. 9.7.1. Worker Processes
        2. 9.7.2. Application Pools
        3. 9.7.3. Application Pool Identities
      8. 9.8. IUSR and IIS_USRS
      9. 9.9. IIS Administration
        1. 9.9.1. Feature Delegation
      10. 9.10. IIS Authentication
        1. 9.10.1. Anonymous Authentication
        2. 9.10.2. ASP.NET Impersonation
        3. 9.10.3. Basic Authentication
        4. 9.10.4. Digest Authentication
        5. 9.10.5. Forms Authentication
        6. 9.10.6. Windows Authentication
        7. 9.10.7. Client Side Mapping
      11. 9.11. Web Server Access Control Permissions
        1. 9.11.1. IIS Handler Permissions
        2. 9.11.2. NTFS Permissions
      12. 9.12. Defending IIS
        1. 9.12.1. Step Summary
        2. 9.12.2. Configuring Network/Perimeter Security
        3. 9.12.3. Ensuring Physical Security
        4. 9.12.4. Installing Updated Hardware Drivers
        5. 9.12.5. Installing an Operating System
        6. 9.12.6. Configuring a Host Firewall
        7. 9.12.7. Configuring Remote Administration
        8. 9.12.8. Installing IIS in a Minimal Configuration
        9. 9.12.9. Installing Patches
        10. 9.12.10. Hardening the Operating System
        11. 9.12.11. Configuring and Tightening IIS
          1. 9.12.11.1. Installing Additional IIS Features
          2. 9.12.11.2. IIS 7 Modules
          3. 9.12.11.3. Minimizing Web Components Even Further
          4. 9.12.11.4. Feature Delegation
          5. 9.12.11.5. Strengthening NTFS Permissions
          6. 9.12.11.6. Configuring Request Filtering
        12. 9.12.12. Securing Web Sites
          1. 9.12.12.1. Hardening NTFS Permissions
          2. 9.12.12.2. Web Site IP Settings
          3. 9.12.12.3. Application Pool Changes
        13. 9.12.13. Cleaning and Testing
        14. 9.12.14. Installing and Securing Applications
        15. 9.12.15. Conducting Penetration Tests
        16. 9.12.16. Deploying to Production
        17. 9.12.17. Monitoring Log Files
      13. 9.13. Summary
    3. 10. Protecting E-mail
      1. 10.1. E-mail Threats
        1. 10.1.1. Malicious File Attachments
          1. 10.1.1.1. File Extension Tricks
        2. 10.1.2. Embedded Content
        3. 10.1.3. Embedded Links
        4. 10.1.4. Leaked Passwords
        5. 10.1.5. Other Miscellaneous E-mail Threats
      2. 10.2. Introducing Windows Mail
        1. 10.2.1. Phishing Detection
        2. 10.2.2. Improved Junk Mail Detection
        3. 10.2.3. Sender White Lists and Black Lists
        4. 10.2.4. Top-Level Domain Blocking
        5. 10.2.5. Simplified E-mail Storage
      3. 10.3. E-mail Defenses
        1. 10.3.1. Convert All E-mail to Plain-text
        2. 10.3.2. Execute All HTML Content in the Restricted Zone
        3. 10.3.3. Disable Automatic Downloading of HTML Content
        4. 10.3.4. Filter Out Dangerous File Attachments
        5. 10.3.5. Install Anti-Malware Software
        6. 10.3.6. Disable Plain-Text Passwords
      4. 10.4. Summary
      5. 10.5. Best Practices
  10. IV. Securing Windows Networks
    1. 11. Managing Windows Firewall
      1. 11.1. New Features
        1. 11.1.1. Windows Filtering Platform
          1. 11.1.1.1. IPv6
        2. 11.1.2. Integration with IPsec
        3. 11.1.3. Stealth
        4. 11.1.4. Boot Time Filtering
        5. 11.1.5. Strict Source Mapping
        6. 11.1.6. Service Hardening and the Firewall
        7. 11.1.7. IPv6
        8. 11.1.8. Outbound Filtering
        9. 11.1.9. How Much Security Can Outbound Filtering Provide?
      2. 11.2. Firewall Management
        1. 11.2.1. Firewall Profiles
        2. 11.2.2. Management Interfaces
          1. 11.2.2.1. Windows Firewall Control Panel
          2. 11.2.2.2. Security Center
          3. 11.2.2.3. Windows Firewall with Advanced Security
          4. 11.2.2.4. Group Policy Editor
          5. 11.2.2.5. Netsh
          6. 11.2.2.6. Application Programming Interfaces
        3. 11.2.3. Rule Types
          1. 11.2.3.1. Directional Rules
          2. 11.2.3.2. Connection Security Rules
          3. 11.2.3.3. When to Use Which Rules
        4. 11.2.4. Rule Precedence
        5. 11.2.5. Firewall Scenarios
          1. 11.2.5.1. Restricting Access Based on End-Point
          2. 11.2.5.2. Blocking Outbound SMB in Public Profile
          3. 11.2.5.3. Allowing Management Traffic via VPN
        6. 11.2.6. Managing Firewall in a Mixed or Down-Level Environment
        7. 11.2.7. RPC
      3. 11.3. Summary
      4. 11.4. Best Practices
    2. 12. Server and Domain Isolation
      1. 12.1. Server and Domain Isolation Overview
        1. 12.1.1. Domain Isolation
        2. 12.1.2. Server Isolation
      2. 12.2. Forget About the Perimeter
      3. 12.3. Network Threat Modeling
      4. 12.4. Changes in Windows Vista Affecting SDI
        1. 12.4.1. AuthIP
          1. 12.4.1.1. Client-to-DC IPsec
          2. 12.4.1.2. Authentication with Multiple Credentials
        2. 12.4.2. Improved Negotiation Flow
        3. 12.4.3. Vastly Improved Configuration User Interface
          1. 12.4.3.1. Domain Isolation Rules
          2. 12.4.3.2. Server Isolation Rules
      5. 12.5. Summary
      6. 12.6. Best Practices
    3. 13. Wireless Security
      1. 13.1. Wi-Fi Terminology and Technologies
        1. 13.1.1. Wi-Fi Standards
          1. 13.1.1.1. Infrastructure versus Ad-Hoc Mode
          2. 13.1.1.2. Wi-Fi Standards
        2. 13.1.2. Wi-Fi Security Standards
          1. 13.1.2.1. Wired Equivalent Privacy
          2. 13.1.2.2. Wi-Fi Protected Access/802.11i
      2. 13.2. Wireless Threats
        1. 13.2.1. Eavesdropping
        2. 13.2.2. Unauthorized Access
        3. 13.2.3. Bypassing of Traditional Defenses
        4. 13.2.4. Malware Injection
        5. 13.2.5. Denial of Service Attacks
      3. 13.3. New Wireless Improvements in Vista
      4. 13.4. Securing Wireless Networks
        1. 13.4.1. 802.11 Legacy Wireless Security Recommendations
          1. 13.4.1.1. Changing Access Point's Default SSID
          2. 13.4.1.2. Enabling MAC Filtering
          3. 13.4.1.3. Disabling DHCP on the Access Point
          4. 13.4.1.4. Requiring User Authentication Passwords
          5. 13.4.1.5. Turning Off SSID Broadcasting
          6. 13.4.1.6. Changing an Access Point's Default Administrator Password
        2. 13.4.2. WEP
        3. 13.4.3. VPN Protocols
        4. 13.4.4. Using WPA
        5. 13.4.5. Using WPA2/802.11i
      5. 13.5. Summary
      6. 13.6. Best Practices
  11. V. Group Policy and Best Practices
    1. 14. Using Group Policy
      1. 14.1. New Group Policy Features
        1. 14.1.1. Multiple Local Group Policies
          1. 14.1.1.1. Group Policy Precedence
          2. 14.1.1.2. Using MLGPOs in a Domain Environment
          3. 14.1.1.3. Difference between Local GPOs and Domain GPOs
        2. 14.1.2. New Administrative Template Format
          1. 14.1.2.1. Template Embedding
          2. 14.1.2.2. Migrating to ADMX
        3. 14.1.3. Client-Side Pulling and Network Location Awareness
      2. 14.2. Updated Group Policy Features
        1. 14.2.1. Group Policy Management Console v. 2.0
        2. 14.2.2. Internet Explorer Management Without IEAK
        3. 14.2.3. Group Policy Application Factored from Winlogon
          1. 14.2.3.1. Group Policy Logging Moved to System Event Log
      3. 14.3. New or Updated Group Policy Settings
        1. 14.3.1. New Security Options
        2. 14.3.2. Security Options with Modified Defaults
        3. 14.3.3. Removed Security Options
        4. 14.3.4. New Administrative Template Settings
      4. 14.4. Settings That Require Reboot or Logon
      5. 14.5. Windows Vista Security Guide
        1. 14.5.1. Do You Need the Vista Security Guide?
          1. 14.5.1.1. What Is Good in the Vista Security Guide
          2. 14.5.1.2. What Could Have Been Better in the Vista Security Guide
          3. 14.5.1.3. Importance of the Guide
      6. 14.6. Active Directory Schema Updates
      7. 14.7. Managing Group Policy in a Mixed Environment
      8. 14.8. Rollout Strategy
        1. 14.8.1. Logon Scripts Fail Because of UAC
        2. 14.8.2. Using Group Policy in a NAP Environment
      9. 14.9. Summary
      10. 14.10. Best Practices
    2. 15. Thinking about Security
      1. 15.1. It Still Comes Down to Risk Management
        1. 15.1.1. Jesper's Position
        2. 15.1.2. Roger's Position
        3. 15.1.3. Enterprise Risk Management
      2. 15.2. The Three-Step Approach to Security
        1. 15.2.1. Keep 'em Off the Box
        2. 15.2.2. Keep 'em from Running
        3. 15.2.3. Keep 'em from Communicating
        4. 15.2.4. Thinking Differently about Security
        5. 15.2.5. The Top 2 (+ or – 1, or so) Client Security Hacks
          1. 15.2.5.1. Jesper's Thoughts
          2. 15.2.5.2. Roger's Thoughts
        6. 15.2.6. Anti-Malware Is Not a Panacea
          1. 15.2.6.1. Jesper's Thoughts
          2. 15.2.6.2. Roger's Thoughts
        7. 15.2.7. Tweaking It
          1. 15.2.7.1. Security Tweaks You Should Make
          2. 15.2.7.2. Turn on DEP for Internet Explorer
          3. 15.2.7.3. Security Tweaks You Shouldn't Make
        8. 15.2.8. Agreeing to Disagree
          1. 15.2.8.1. Jesper's Position
          2. 15.2.8.2. Roger's Position
      3. 15.3. Wetware
      4. 15.4. Summary
      5. 15.5. Best Practices
  12. A. Building a Windows PE Boot Disk
    1. A.1. Building a WinPE Bootable USB Flash Drive
    2. A.2. Downloading WAIK
    3. A.3. Building the WinPE Image
  13. B. References