Muutke küpsiste eelistusi

Windows Server 2008 Security Resource Kit [Multiple-component retail product]

3.60/5 (10 hinnangut Goodreads-ist)
  • Formaat: Multiple-component retail product, 512 pages, kõrgus x laius: 229x187 mm, Contains 1 Paperback / softback and 1 CD-ROM
  • Ilmumisaeg: 27-Feb-2008
  • Kirjastus: Microsoft Press,U.S.
  • ISBN-10: 0735625042
  • ISBN-13: 9780735625044
Teised raamatud teemal:
  • Multiple-component retail product
  • Hind: 51,01 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
Windows Server 2008 Security Resource KitSuurem pilt
  • Formaat: Multiple-component retail product, 512 pages, kõrgus x laius: 229x187 mm, Contains 1 Paperback / softback and 1 CD-ROM
  • Ilmumisaeg: 27-Feb-2008
  • Kirjastus: Microsoft Press,U.S.
  • ISBN-10: 0735625042
  • ISBN-13: 9780735625044
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780735625044.html
Märksõnad:
Get the definitive reference for planning and implementing security features in Windows Server 2008with expert insights from Microsoft Most Valuable Professionals (MVPs) and the Windows Server Security Team at Microsoft. This official Microsoft RESOURCE KIT delivers the in-depth, technical information and tools you need to help protect your Windowsbased clients, server roles, networks, and Internet services. Leading security experts explain how to plan and implement comprehensive security with special emphasis on new Windows security tools, security objects, security services, user authentication and access control, network security, application security, Windows Firewall, Active Directory security, group policy, auditing, and patch management. The kit also provides best practices based on real-world implementations. You also get must-have tools, scripts, templates, and other key job aids, including an eBook of the entire RESOURCE KIT on CD.

For customers who purchase an ebook version of this title, instructions for downloading the CD files can be found in the ebook.
Acknowledgements xv
Introduction xvii
Part I Windows Security Fundamentals
Subjects, Users, and Other Actors
3(14)
The Subject/Object/Action-Tuple
3(1)
Types of Security Principals
4(8)
Users
4(3)
Computers
7(1)
Groups
7(3)
Abstract Concepts (Log-on Groups)
10(1)
Services
11(1)
Security Identifiers
12(4)
SID Components
12(1)
SID Authorities
13(1)
Service SIDs
14(1)
Well-Known SIDs
15(1)
Summary
16(1)
Additional Resources
16(1)
Authenticators and Authentication Protocols
17(38)
Something You Know, Something You Have
17(2)
Something You Know
18(1)
Something You Have
18(1)
Something You Are
18(1)
Understanding Authenticator Storage
19(10)
LM Hash
21(2)
NT Hash
23(1)
Password Verifier
24(1)
In Memory
25(2)
Reversibly Encrypted
27(2)
Authentication Protocols
29(8)
Basic Authentication
29(1)
Challenge-Response Protocols
30(7)
Smart Card Authentication
37(1)
Smart Cards and Passwords
38(1)
Attacks on Passwords
38(8)
Obtaining Passwords
38(4)
Using the Captured Information
42(2)
Protecting Your Passwords
44(2)
Managing Passwords
46(8)
Use Other Authenticators
46(1)
Record Passwords, Safely
46(1)
Stop Thinking About Words
47(1)
Set Password Policies
47(2)
Fine-Grained Password Policies
49(5)
Summary
54(1)
Additional Resources
54(1)
Objects: The Stuff You Want
55(36)
Access Control Terminology
55(24)
Securable Objects
56(1)
Security Descriptors
56(2)
Access Control List
58(1)
Access Control List Entry
59(2)
Access Masks
61(5)
Relationship Between Access Control Structures
66(1)
Inheritance
66(4)
Security Tokens
70(2)
Access Check Process
72(2)
Integrity Labels
74(1)
Empty and NULL DACLs
75(1)
Security Descriptor Definition Language
75(4)
Tools to Manage Permissions
79(2)
cacls and icacls
79(2)
SC
81(1)
subinacl
81(1)
Major Access Control Changes in Windows Server 2008
81(2)
Trustedlnstaller Permissions
81(1)
Network Location SIDs
82(1)
File System Name Space Changes
82(1)
Power User Permissions Removed
82(1)
Owner_Right and Owner Rights
82(1)
User Rights and Privileges
83(5)
RBAC/AZMAN
88(1)
Summary
88(1)
Additional Resources
89(2)
Understanding User Account Control (UAC)
91(24)
What Is User Account Control?
92(1)
How Token Filtering Works
92(2)
Components of UAC
94(14)
UAC Elevation User Experience
94(4)
Application Information Service
98(1)
File and Registry Virtualization
98(2)
Manifests and Requested Execution Levels
100(1)
Installer Detection Technology
101(1)
User Interface Privilege Isolation
102(1)
Secure Desktop Elevation Prompts
102(1)
Using Remote Assistance
103(1)
UAC Remote Administrative Restrictions
103(1)
Mapping Network Drives When Running in Admin Approval Mode
104(2)
Application Elevations Blocked at Logon
106(1)
Configuring Pre-Windows Vista Applications for Compatibility with UAC
107(1)
UAC Group Policy Settings
108(3)
UAC Policy Settings Found Under Security Options
108(2)
Related UAC policies
110(1)
What's New in UAC in Windows Server 2008 and Windows Vista SP1
111(1)
New Group Policy Setting: UlAccess Applications to Prompt for Elevation without Using the Secure Desktop
112(1)
UAC Prompt Reduction When Performing File Operations in Windows Explorer
112(1)
More Than 40 Additional UAC-Related Application Compatibility Shims
112(1)
UAC Best Practices
112(1)
Good Practice
112(1)
Better Practice
113(1)
Best Practice
113(1)
Summary
113(1)
Additional Resources
114(1)
Firewall and Network Access Protection
115(36)
Windows Filtering Platform
116(2)
Windows Firewall with Advanced Security
118(12)
Improvements in the Windows Firewall
118(4)
Managing the Windows Firewall
122(8)
Routing and Remote Access Services
130(3)
Improvements in RRAS
131(2)
Internet Protocol Security
133(6)
IPsec Basics
133(3)
New Capabilities in Windows Server 2008
136(3)
Network Access Protection
139(11)
Architecture
140(3)
NAP Implementation
143(3)
NAP Scenarios
146(4)
Summary
150(1)
Additional Resources
150(1)
Services
151(32)
Introduction to Services
151(10)
What Is a Service?
152(1)
Service Logon Account
152(2)
Service Listener Ports
154(1)
Configuring Services
155(6)
Windows Server 2008 Services by Role
161(1)
Attacks on Services
161(4)
Blaster Worm
161(2)
Common Service Attack Vectors
163(2)
Service Hardening
165(13)
Least Privilege
165(5)
Service SIDs
170(2)
Write Restricted SIDs
172(2)
Restricted Network Access
174(2)
Session O Isolation
176(1)
Mandatory Integrity Levels
176(1)
Data Execution Prevention
176(1)
Other New SCM Features
177(1)
Securing Services
178(4)
Inventory Services
178(1)
Minimize Running Services
178(1)
Apply a Least-Privilege Model to Remaining Services
179(1)
Keep Your Updates Up To Date
179(1)
Creating and Using Custom Service Accounts
180(1)
Use Windows Firewall and IPsec for Network Isolation
181(1)
Auditing Service Failures
181(1)
Develop and Use Secure Services
182(1)
Summary
182(1)
Additional Resources
182(1)
Group Policy
183(30)
What Is New in Windows Server 2008
183(1)
Group Policy Basics
184(10)
The Local GPO
184(1)
Active Directory-Based GPOs
185(5)
Group Policy Processing
190(4)
What Is New in Group Policy
194(14)
Group Policy Service
194(1)
ADMX Templates and the Central Store
194(3)
Starter GPOs
197(1)
GPO Comments
198(1)
Filtering Improvements
199(2)
New Security Policy Management Support
201(3)
Windows Firewall with Advanced Security
204(2)
Wired and Wireless Network Policy
206(2)
Managing Security Settings
208(4)
Summary
212(1)
Additional Resources
212(1)
Auditing
213(28)
Why Audit?
213(1)
How Windows Auditing Works
214(2)
Setting an Audit Policy
216(8)
Audit Policy Options
221(3)
Developing a Good Audit Policy
224(2)
New Events in Windows Server 2008
226(4)
Using the Built-in Tools to Analyze Events
230(7)
Event Viewer
231(5)
WEvtUtil.exe
236(1)
Summary
237(4)
Part II Implementing Identity and Access (IDA) Control Using Active Directory
Designing Active Directory Domain Services for Security
241(24)
The New User Interface
241(2)
The New Active Directory Domain Services Installation Wizard
243(2)
Read-Only Domain Controllers
245(6)
Read-Only AD DS Database
246(1)
RODC Filtered Attribute Set
246(1)
Unidirectional Replication
247(1)
Credential Caching
247(2)
Read-Only DNS
249(1)
Staged installation for Read-Only Domain Controllers
250(1)
Restartable Active Directory Domain Services
251(1)
Active Directory Database Mounting Tool
252(2)
AD DS Auditing
254(4)
Auditing AD DS Access
255(3)
Active Directory Lightweight Directory Services Overview
258(3)
New Features in Windows Server 2008 for AD LDS
261(1)
Active Directory Federation Services Overview
261(3)
What Is AD FS?
262(1)
What Is New in Windows Server 2008?
263(1)
Summary
264(1)
Additional Resources
264(1)
Implementing Active Directory Certificate Services
265(20)
What Is New in Windows Server 2008 PKI
266(1)
Threats to Certificate Services and Mitigation Options
267(10)
Compromise of a CA's Key Pair
267(1)
Preventing Revocation Checking
268(3)
Attempts to Modify the CA Configuration
271(1)
Attempts to Modify Certificate Templates
272(1)
Addition of Nontrusted CAs to the Trusted Root CA Store
273(1)
Enrollment Agents Issuing Unauthorized Certificates
274(1)
Compromise of a CA by a Single Administrator
275(2)
Unauthorized Recovery of a User's Private Key from the CA Database
277(1)
Securing Certificate Services
277(2)
Implementing Physical Security Measures
278(1)
Best Practices
279(1)
Summary
280(1)
Additional Resources
280(5)
Part III Common Security Scenarios
Securing Server Roles
285(28)
Roles vs. Features
286(8)
Default Roles and Features
287(7)
Your Server Before the Roles
294(1)
Default Service Footprint
294(1)
Server Core
294(4)
Roles Supported by Server Core
296(1)
Features Supported by Server Core
297(1)
What Is Not Included in Server Core
297(1)
Tools to Manage Server Roles
298(4)
Initial Configuration Tasks
299(1)
Add Roles and Add Features Wizards
299(1)
Server Manager
300(2)
The Security Configuration Wizard
302(9)
Multi-Role Servers
311(1)
Summary
312(1)
Patch Management
313(28)
The Four Phases of Patch Management
313(7)
Phase 1: Assess
314(1)
Phase 2: Identify
315(3)
Phase 3: Evaluate and Plan
318(1)
Phase 4: Deploy
319(1)
The Anatomy of a Security Update
320(2)
Supported Command-Line Parameters
321(1)
Integrating MSU Files into a Windows Image File
321(1)
Tools for Your Patch Management Arsenal
322(17)
Microsoft Download Center
322(1)
Microsoft Update Catalog
322(1)
Windows Update and Microsoft Update
323(1)
Windows Automatic Updating
324(2)
Microsoft Baseline Security Analyzer
326(4)
Windows Server Update Services
330(8)
System Center Essentials 2007
338(1)
Summary
339(1)
Additional Resources
340(1)
Securing the Network
341(28)
Introduction to Security Dependencies
344(4)
Acceptable Dependencies
345(1)
Unacceptable Dependencies
345(2)
Dependency Analysis of an Attack
347(1)
Types of Dependencies
348(5)
Usage Dependencies
349(1)
Access-Based Dependencies
349(3)
Administrative Dependencies
352(1)
Service Account Dependencies
352(1)
Operational Dependencies
352(1)
Mitigating Dependencies
353(13)
Step 1: Create a Classification Scheme
354(3)
Steps 2 and 3: Network Threat Modeling
357(3)
Step 4: Analyze, Rinse, and Repeat as Needed
360(1)
Step 5: Design the Isolation Strategy
361(2)
Step 6: Derive Operational Strategy
363(1)
Step 7: Implement Restrictions
363(3)
Summary
366(1)
Additional Resources
367(2)
Securing the Branch Office
369(22)
An Introduction to Branch Office Issues
369(4)
Why Do Branch Offices Matter?
370(1)
What Is Different in a Branch Office?
370(1)
Building Branch Offices
371(2)
Windows Server 2008 in the Branch Office
373(16)
Nonsecurity Features
373(3)
Security Features for the Branch Office
376(13)
Other Security Steps
389(1)
Summary
390(1)
Additional Resources
390(1)
Small Business Considerations
391(40)
Running Servers on a Shoestring
392(3)
Choosing the Right Platforms and Roles
393(2)
Servers Designed for Small Firms
395(6)
Windows Server 2008 Web Edition
395(1)
Windows Server Code Name ``Cougar''
395(4)
Windows Essential Business Server
399(1)
Hosted Servers
400(1)
Virtualization
400(1)
Violating All the Principles with Multi-Role Servers
401(8)
Acceptable Roles
402(1)
Server Components
402(1)
Risk Considerations
403(2)
Edge Server Issues
405(1)
Supportability and Updating
406(1)
Server Recoverability
407(2)
Best Practices for Small Businesses
409(19)
Following Hardening Guidance
409(4)
Policies
413(2)
Vendor Best Practices
415(2)
Remote Access Issues
417(1)
Monitoring and Management Add-ons
418(2)
The Server's Role in Desktop Control and Management
420(3)
Recommendations for Additional Server Settings and Configurations
423(5)
Summary
428(1)
Additional Resources
428(3)
Securing Server Applications
431(32)
Introduction
431(2)
IIS 7: A Security Pedigree
433(1)
Configuring IIS 7
433(3)
Feature Delegation
434(2)
TCP/IP-Based Security
436(3)
IP Address Security
436(2)
Port Security
438(1)
Host-Header Security
439(1)
Simple Path-Based Security
439(5)
Defining and Restricting the Physical Path
440(3)
Default Document or Directory Browsing?
443(1)
Authentication and Authorization
444(16)
Anonymous Authentication
445(1)
Basic Authentication
446(1)
Client Certificate Mapping
447(3)
Digest Authentication
450(1)
ASP.Net Impersonation
451(1)
Forms Authentication
451(1)
Windows Authentication
452(1)
Trusting the Server
453(2)
Further Security Considerations for IIS
455(5)
Summary
460(1)
Additional Resources
461(2)
Index 463


Lead author Jesper M. Johansson, Ph.D., Enterprise Security MVP, CISSP, ISSAP, is a well-known Windows security expert and a former security manager at Microsoft.