+612 9045 4394
Hardening Windows Systems : Hardening - Roberta Bragg

Hardening Windows Systems


Paperback Published: 7th May 2004
ISBN: 9780072253542
Number Of Pages: 548

Share This Book:


RRP $98.00
Ships in 7 to 10 business days

This title meets the need for decisive, concise action hardening networks before they get hacked. It is poised to prevent almost every type of security breach by providing the correct security configurations, patches, designs, and maintenance plans. Its huge market includes thousands of network administrators and IT pros managing Windows, Linux, mixed, and mainframe systems. It also offers on-the-job guidance - written for those responsible for creating, deploying, and maintaining system security for their organization or company.

Forewordp. xiii
Acknowledgments and Introductionp. xv
Do This Now!
An Immediate Call to Actionp. 3
Strengthen the Password Policyp. 5
Create Logical Policiesp. 7
Change Policy for Local Accountsp. 7
Change Policy for Individual Accountsp. 8
Lock Down Remote Administrationp. 8
Lock Down Administrative Workstationsp. 11
Physically Secure All Systemsp. 12
Keep Secretsp. 12
Disable EFSp. 13
Ban Wireless Networks That Don't Meet Tough Security Policy Requirementsp. 13
Don't Allow Unprotected Laptops and Desktops to Connect to the LANp. 14
Use Runas or Sup. 14
Disable Infrared File Transferp. 15
Take It from the Top: Systematic Harden
Harden Authentication--You Are Who You Can Prove You Arep. 19
What Is Authentication?p. 20
When Is Authentication Required?p. 20
Where Does Authentication Fit in the Windows Security Framework?p. 21
Authentication Credentials Choicesp. 22
Harden User Logonp. 24
Logon Typesp. 25
Harden Accountsp. 25
Harden the Account Policyp. 27
Harden WetWarep. 40
Kill Autologonp. 42
Restrict Anonymous Accessp. 43
Protect Passwords on Windows 2000p. 45
Harden Network Authenticationp. 45
LM, NTLM, NTLMv2p. 46
Kerberosp. 49
Remote Access Authentication Protocolsp. 49
Web Server Authentication Choicesp. 51
Harden Wireless Authenticationp. 53
Harden Computer and Services Authentication Processesp. 54
Assign Strong Passwords for Service Accounts and Never Allow Users to Log On Using Service Accountsp. 54
Use Local Service Accounts and Do Not Allow Service Accounts Access via the Networkp. 55
Use Less Privileged Accounts for Service Accountsp. 55
Harden Computer Accountsp. 56
Harden Network Physical Infrastructurep. 57
Segment Networksp. 58
Examplesp. 58
Best Practices for Determining Appropriate Network Segmentsp. 61
Provide Protection and Detection at Segment Boundariesp. 64
Protective Controlsp. 64
Detective Controlsp. 71
Best Practices for Border Controlsp. 72
Provide Protection for Critical Trafficp. 85
Protect Active Directory and Other Domain Trafficp. 86
Protect Web Trafficp. 96
Protect E-Mailp. 96
Provide Protection for Critical Serversp. 96
Protect Domain Controllersp. 96
Protect Infrastructure Serversp. 100
Secure Network Infrastructurep. 100
Protect Access to Client Systemsp. 100
Use Computer-Resident Firewallsp. 101
Physical Security Options for Clientsp. 102
Harden Logical Network Infrastructurep. 105
Secure Foundations for Workgroup Computersp. 106
Workgroup Rationalep. 106
User Accounts in Workgroupsp. 107
Network Resources in Workgroupsp. 107
Harden Workgroupsp. 109
Secure Foundations for Windows NT 4.0-Style Domainsp. 113
Central Administrationp. 113
Security Boundaryp. 114
NT 4.0-Style Trustsp. 114
Harden Windows NT 4.0 Domainsp. 117
Secure Foundations for the Active Directory Forestp. 118
Benefits of Centralized Administrationp. 119
Autonomy and Isolation: The Domain Is Not a Security Boundaryp. 120
Establish Domains Based on Security Needsp. 122
Establish OUs Based on Security and Administrative Needsp. 122
Locate Domain Controllers and Global Catalog Servers Only Where Requiredp. 123
Configure Remote Windows Server 2003 DCs to Use Universal Group Cachingp. 123
Establish the Minimum Number of Additional Domain Trustsp. 125
Raise Domain and Forest Functional Levels to Windows Server 2003p. 128
Use Selective Authenticationp. 131
How to Establish an External Trustp. 134
Checklist for Hardening the Logical Network Infrastructurep. 139
Harden Network Infrastructure Rolesp. 141
Develop Security Baselinesp. 143
Limit User Rightsp. 144
Baseline Modifications for User Rightsp. 144
Modify User Rights Using the Local Security Policyp. 146
Modify User Rights Using User Manager for NT 4.0p. 147
Disable Optional Subsystemsp. 148
Disable or Remove Unnecessary Servicesp. 149
Implement Miscellaneous Security Configurationp. 156
Do Not Display Last User Namep. 157
Add a Logon Noticep. 157
Develop Incremental Security Stepsp. 157
Harden the Infrastructure Groupp. 157
Harden DHCPp. 158
Harden DNSp. 162
Harden WINSp. 171
Select Methods and Models for Security Deploymentp. 172
Use Tools to Set General Security Settings in Windows NT 4.0p. 173
Use Security Templates to Define Security Settingsp. 177
Use Security Configuration and Analysis or Security Managerp. 182
Use Seceditp. 183
Secure Windows Directory Information and Operationsp. 185
Secure DNSp. 187
Place AD Database and SYSVOL on a Drive Separate from the System Partitionp. 188
Physically Secure Domain Controllersp. 189
Monitor and Protect Active Directory Healthp. 192
Monitor DNSp. 192
Monitor Replicationp. 201
Monitor Group Policy Operationp. 207
Provide a Strong Domain and Domain Controller Security Policyp. 212
Local Group Policy vs. Domain Group Policyp. 213
Protect Active Directory Communicationsp. 218
Manage Administrative Authorityp. 218
Secure Active Directory Data--Understand Active Directory Object Permissionsp. 219
Harden Administrative Authority and Practicep. 221
Delegate and Control Administrative Authorityp. 222
Define User Rolesp. 223
Define Technical Controlsp. 234
Define Secure Administrative Practicesp. 243
Very High-Risk Administrationp. 244
High-Risk Data Center Administrationp. 253
High-Risk Non-Data Center Administrationp. 258
Medium-Risk Administrationp. 258
Low-Risk Administrationp. 261
Harden Servers and Client Computers by Rolep. 263
The Role-Based Hardening Processp. 264
Determine Computer Rolesp. 265
Top-Level Computer Rolesp. 266
Second- and Third-Tier Computer Rolesp. 267
Design Role-Based Hardening Infrastructurep. 267
Automate the Use of Multiple Templates via Scriptingp. 268
Use an Active Directory Hierarchy and Group Policy Approachp. 270
Use Windows NT 4.0 System Policyp. 275
Adapt Security Templatesp. 283
Examine and Modify Baseline Templatesp. 284
Examine and Modify Role-Based Templatesp. 288
Implement the Hardening Plan Using Group Policyp. 289
Create a Back-Out Planp. 290
Import Templates into Appropriate GPOsp. 290
Harden Application Access and Usep. 295
Restrict Access with Administrative Templatesp. 296
Harden Operating System Configurationp. 298
Harden User Settingsp. 303
Use Additional .adm Filesp. 307
Harden Applicationsp. 308
Restrict Access with Software Restriction Policiesp. 321
Set Security Level to Disallowedp. 322
Set Policy Optionsp. 323
Write Rules to Allow and Restrict Softwarep. 326
Develop and Implement Desktop Computer and User Rolesp. 329
Study Common Desktop Scenariosp. 330
Use Group Policy Management Console to Copy GPOsp. 331
Harden Data Accessp. 333
Use the NTFS File Systemp. 334
Use DACLs to Secure Datap. 335
Use Inheritance to Manage Permissionsp. 337
Assign Permissions Based on User Rolep. 339
Maintain Proper Permissionsp. 343
Secure File Systems and Datap. 344
Harden File System Sharesp. 346
Secure Printersp. 351
Secure Registry Keysp. 352
Secure Directory Objectsp. 355
Secure Servicesp. 355
Use EFS to Secure Datap. 357
Disable EFS Until You Can Securely Implement Itp. 357
Harden EFS Practicesp. 360
Harden Communicationsp. 365
Protect LAN Communicationsp. 366
Use SMB Message Signing and Session Security for NTLMp. 366
Use IPSec Policiesp. 368
Protect WAN Communicationsp. 378
Harden the Remote Access Serverp. 378
Harden NT 4.0 Remote Access Server Configurationp. 381
Harden Windows Server 2000 and Windows Server 2003 RRAS Configurationp. 384
Use L2TP/IPSec VPNsp. 387
Use Remote Access Policiesp. 389
Harden Remote Access Clientsp. 391
Use IAS to Centralize Authentication, Accounting, and Authorizationp. 392
Secure Wireless Accessp. 392
Protect Web Communications with SSLp. 398
Harden Windows Using PKI and Harden PKIp. 399
Harden Windows Using PKIp. 400
Harden Authentication Using PKIp. 400
Protect Data with Certificatesp. 407
Harden PKIp. 408
Harden Certificate Authority Computersp. 408
Implement a CA Hierarchyp. 408
Protect the Root CAp. 409
Use Intermediate CAs to Increase Reliabilityp. 415
Split Certificate Purposes Between Multiple Issuing CAsp. 417
Provide Physical Protection for Subordinate CAsp. 418
Require Certificate Approvalp. 418
Limit Certificate Issuancep. 420
Establish Role Separationp. 422
Enforce Role Separationp. 423
Configure Autoenrollmentp. 424
Train Users In Certificate Request Proceduresp. 427
Harden PKI Policies, Procedures, and Practicesp. 428
Once Is Never Enough!
Harden the Security Lifecyclep. 433
Create a Business Continuity Planp. 434
Determine Plan Scopep. 435
Perform Business Impact Assessmentp. 435
Perform Risk Analysisp. 437
Develop Plansp. 438
Testp. 439
Implement Plansp. 439
Maintain Plansp. 439
Generate a Security Policyp. 439
Perform Hardened Operating System Installationp. 440
Prepare Default Security Templatesp. 440
Use Slipstreamingp. 440
Use RIS to Add Service Packs During Installationp. 441
Install Hotfixes During Installationp. 441
Harden Operating System, Application, and Data Protectionp. 444
Manage Changes with a Formal Change Management Programp. 444
Upgrades, Migration, Replacements, and New Installationsp. 445
Security Configuration Changep. 446
Patchp. 446
Be Prepared for Disaster Recoveryp. 459
Use Fault-Tolerant Configurationsp. 459
Schedule and Perform Backupsp. 459
Plan and Perform Special Backup Operationsp. 463
Practice Recovery Operationsp. 464
Monitor and Auditp. 466
Configure System Auditingp. 467
Configure Audit Logsp. 470
Archive Audit Logsp. 472
Use Security Events for Intrusion Detection and Forensicsp. 472
Audit Security Configurationp. 474
Audit Patch Statusp. 477
How to Succeed at Hardening Your Windows Systems
Harden WetWarep. 481
Vet and Improve Security Policyp. 482
Determine Current Information System Security Policyp. 483
Evaluate Policyp. 483
Participate in Security Policy Creation and Maintenancep. 484
Learn to Speak Businessp. 487
Take the First Stepp. 488
Understand Current Lawsp. 488
Rules to Live Byp. 489
Current Legislation Snapshotsp. 490
Understand Vulnerabilities of Windows and Other OSsp. 494
Know and Incorporate Voluntary Standardsp. 495
ISO 17799p. 495
The National Strategy to Secure Cyberspacep. 496
Start or Participate in Security Awareness Educationp. 496
Security Awareness Objectivesp. 496
Operationsp. 497
Resourcesp. 499
Required Readingp. 500
Tool Downloadsp. 502
Security Bulletins and Discussion Listsp. 502
Indexp. 505
Table of Contents provided by Rittenhouse. All Rights Reserved.

ISBN: 9780072253542
ISBN-10: 0072253541
Series: Hardening
Audience: Professional
Format: Paperback
Language: English
Number Of Pages: 548
Published: 7th May 2004
Publisher: McGraw-Hill Education - Europe
Country of Publication: US
Dimensions (cm): 23.5 x 19.0  x 2.8
Weight (kg): 0.93