ISO27001 in a Windows® Environment: The best practice handbook for a Microsoft® Windows® environment, Second Edition

Table of contents

1. Copyright
2. Foreword
3. Preface
4. About the Author
5. Acknowledgements
6. Introduction
7. 1. Information and Information Security
   1. Information security concepts
   2. Other information security concepts
   3. The importance of information security
8. 2. Using an Isms to Counter the Threats
   1. System security versus information security
   2. The structure of an ISMS
      1. Information security policy
      2. Acceptable usage policy
      3. Remote access policy
      4. Information management policy
      5. Computer malware prevention and protection policy
      6. Password policy
   3. Managing exceptions to the policy
9. 3. An Introduction To ISO27001
   1. The ISO27000 standards family
   2. History of ISO27001
   3. What is in the ISO27001 standard?
   4. The plan, do, check and act cycle (PDCA)
      1. Plan
      2. Do
      3. Check
      4. Act
   5. What are the benefits of ISO27001?
10. 4. Identify Your Information Assets
    1. Define the scope of the ISMS
    2. Identifying your information security assets
       1. Information asset classification
       2. The value of information assets
11. 5. Conducting A Risk Assessment
    1. What is risk?
       1. Vulnerability
       2. Threats to information
       3. Theft
       4. Loss
       5. Intrusion
       6. Corruption
       7. Denial of service
       8. Natural threats
    2. Managing risks
       1. Risk acceptance
       2. Risk mitigation
       3. Risk avoidance
       4. Risk transfer
       5. Risk deference
    3. The different types of risk analysis
       1. Quantitative risk analysis
          1. The advantages of quantitative risk analysis
          2. The disadvantages of quantitative risk management
       2. Qualitative risk management
          1. The advantages of qualitative risk management
          2. The disadvantages of qualitative risk management
       3. The quantitative versus qualitative approach
    4. Risk management tools
       1. Microsoft Security Risk Management Guide
12. 6. An Overview of Microsoft Technologies
    1. Microsoft® Windows Server® 2008
       1. Security features of Microsoft® Windows Server® 2008
          1. Read-only domain controller
          2. BitLocker™ drive encryption
          3. Server Core
          4. Network Access Protection
          5. Routing and Remote Access service
          6. Windows® Firewall with Advanced Security
          7. Active Directory® Certificate Services
          8. Active Directory® Rights Management Services
          9. Group Policies
    2. Microsoft® Windows® 7
       1. Windows® Backup and Restore Center
          1. Automatic Backup
          2. Complete Backup
       2. BitLocker™
       3. DirectAccess
       4. AppLocker™
       5. Windows® Firewall
       6. Windows® Defender
       7. User Account Control
       8. Windows® Security Center
    3. Microsoft® Forefront™
    4. Microsoft® Systems Center
    5. Microsoft® Windows Server® Update Services
    6. Microsoft® Baseline Security Analyzer
    7. Microsoft Security Risk Management Guide
    8. Microsoft® Threat Analysis and Modeling Enterprise Edition
    9. Microsoft® CAT.NET
    10. Microsoft® Source Code Analyzer for SQL Injection
13. 7. Implementing ISO27001 in a Microsoft Environment
    1. Section 4 Information security management system
    2. Section A.5 Security policy
    3. Section A.6 Organisational security
    4. Section A.7 Asset management
    5. Section A.8 Human resource security
    6. Section A.9 Physical and environmental security
    7. Section A.10 Communications and operations management
    8. Section A.11 Access control
    9. Section A.12 Information systems acquisition development and maintenance
    10. Section A.13 Information security incident management
    11. Section A.14 Business continuity management
    12. Section A.15 Compliance
14. 8. Securing the Windows® Environment
    1. Windows Server® 2008 architecture
       1. Structured naming convention
       2. Domain name
       3. Windows® server naming conventions
       4. Client workstation names
       5. Printer names
    2. Domain user accounts naming standards
       1. User accounts
       2. Windows Server® 2008 domain administrator account
       3. Service-desk administration
       4. Guest account
       5. Everyone group
15. 9. Securing the Microsoft® Windows Server® Platform
    1. Domain controllers
       1. Read-only domain controller
    2. Member servers
       1. Standard servers
       2. Sensitive servers
    3. Recommended settings
16. 10. Auditing and Monitoring
    1. Configuring auditing of file and resource access
    2. Event log settings
    3. Events to record
       1. Local logon attempt failures
       2. Domain logon account failures
       3. Account misuse
       4. Account lockout
       5. Terminal services
       6. Creation of a user account
       7. User account password change
       8. User account status change
       9. Modification of security groups
       10. Modification of security log
       11. Policy change
       12. Process tracking
17. 11. Securing Your Servers
    1. Setting file system permissions
    2. Configuring registry permissions
    3. Protecting files and directories
18. 1. Overview of Security Settings for Windows Server® 2008 Servers and Domain Controllers
    1. Service pack and hotfixes
       1. Current service pack installed
       2. Software patches
    2. Account and audit policies
       1. Account policies
          1. Minimum password length
          2. Maximum password age
          3. Minimum password age
          4. Password complexity
          5. Password history
          6. Store passwords using reversible encryption
       2. Audit policy
       3. Account lockout policy
    3. Event log settings
       1. Application log settings
       2. Security log settings
       3. System log settings
    4. Security settings
       1. Allow anonymous SID/Name translation
       2. Do not allow anonymous enumeration of SAM accounts
       3. Do not allow anonymous enumeration of SAM accounts and shares
       4. Administrator account status
       5. Guest account status
       6. Limit local account use of blank passwords to console only
       7. Rename administrator account
       8. Rename guest account
       9. Audit the access of global system objects
       10. Audit the use of back-up and restore privileges
       11. Shut down system immediately if unable to log security events
       12. Allowed to format and eject removable media
       13. Prevent users from installing print drivers
       14. Restrict CD-ROM access to locally logged-on users only
       15. Restrict floppy disk access to locally logged-on users only
       16. Unsigned device driver behavior
       17. Allow server operators to schedule tasks
       18. LDAP server signing requirements
       19. Refuse Machine account password changes
       20. Digitally encrypt or sign secure channel data (always)
       21. Digitally encrypt secure channel data
       22. Digitally sign secure channel data
       23. Disable Machine account password changes
       24. Maximum Machine account password age
       25. Require strong (Windows® 2000 or later) session key
       26. Do not display last user name for interactive logon
       27. Do not require Ctrl+Alt+Del
       28. Message text for users attempting to log on
       29. Message title for users attempting to log on
       30. Number of previous logons to cache
       31. Require domain controller authentication to unlock workstation
       32. Require smart cards
       33. Smart card removal behavior
       34. Amount of idle time required before disconnecting session for Microsoft® Network Server
       35. Digitally sign communications for Microsoft® Network Server (always)
       36. Digitally sign communications for Microsoft® Network Server (if client agrees)
       37. Do not allow storage of credentials or .NET passports for network authentication
       38. Let Everyone permissions apply to anonymous users
       39. Named pipes that can be accessed anonymously
       40. Remotely accessible registry paths
       41. Restrict anonymous access to named shares and pipes
       42. Shares that can be accessed anonymously
       43. Sharing and security model for local accounts
       44. Do not store LAN Manager hash value on next password change
       45. LAN Manager authentication level
       46. LDAP client signing requirements
       47. Minimum session security for NTLM SSP-based (including secure RPC) clients
       48. Allow automatic administrative logon as part of recovery console
       49. Allow floppy copy and access to all drives and all folders for recovery console
       50. Allow system to be shut down without having to log on
       51. Clear virtual memory page file
       52. Default owner for objects created by members of the Administrators group
       53. Require case insensitivity for non-Windows® subsystems
       54. Strengthen default permissions of internal system objects
       55. Optional subsystems
       56. Use certificate rules on Windows® executables for software restriction policies
       57. (AFD DynamicBacklogGrowthDelta) Number of connections to create when additional connections are necessary for Winsock applications (10 recommended)
       58. (AFD EnableDynamicBacklog) Enable dynamic backlog for Winsock applications (recommended)
       59. (AFDMaximumDynamicBacklog) Maximum number of ‘quasi-free’ connections for Winsock applications
       60. (AFD MinimumDynamicBacklog) Minimum number of free connections for Winsock applications (20 recommended for systems under attack, 10 otherwise)
       61. (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)
       62. (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to denial of service)
       63. (EnableICMPRedirect) Allow ICMP redirects to override OSPF-generated routes
       64. (EnablePMTUDiscovery) Allow automatic detection of MTU size (possible denial of service by an attacker using a small MTU)
       65. (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name-release requests except from WINS servers
       66. (PerformRouterDiscovery) Allow IRDP to detect and configure DefaultGateway addresses (could lead to denial of service)
       67. (SynAttackProtect) Syn attack protection level (protects against denial of service)
       68. (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged
       69. (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (three recommended, five is default)
       70. (TCPMaxPortsExhausted) How many dropped connect requests to initiate SYN attack protection (five is recommended)
       71. Disable autorun for all drives
       72. Enable safe DLL search mode
       73. Enable the server to stop generating 8.3 file names
       74. How often keep-alive packets are send in milliseconds
       75. Percentage threshold at which the security event log will generate an alert
       76. The time in seconds before the screensaver grace period expires
    5. Service settings
       1. Permissions on services
       2. Alerter
       3. Clipbook
       4. Fax service
       5. File replication
       6. FTP publishing service
       7. Help and support
       8. HTTP SSL
       9. IIS admin service
       10. Indexing service
       11. License logging server
       12. Messenger
       13. Microsoft® POP3 service
       14. NetMeeting remote desktop management service
       15. Network connections
       16. Network news transport protocol (NNTP)
       17. Print spooler
       18. Remote access connection manager
       19. Remote access auto-connection manager
       20. Remote administration service
       21. Remote desktop help session manager
       22. Remote installation
       23. Remote procedure call (RPC) locator
       24. Remote registry service
       25. Remote server manager
       26. Remote server monitor
       27. Remote storage notification
       28. Remote storage server
       29. Simple mail transfer protocol
       30. Simple network management protocol (SNMP) service
       31. Simple network management protocol (SNMP) traps
       32. Telephony
       33. Telnet
       34. Terminal services
       35. Trivial FTP service
       36. Wireless configuration
       37. World Wide Web publishing rights
    6. User rights
       1. Access this computer from the network
       2. Act as part of the operating system
       3. Add workstations to the domain
       4. Adjust memory quota for a process
       5. Allow to log on locally
       6. Allow to log on through terminal services
       7. Back up files and directories
       8. Bypass traverse tracking
       9. Change the system time
       10. Create a pagefile
       11. Create a token object
       12. Create global objects
       13. Create permanent shared objects
       14. Debug programs
       15. Deny access to this computer from the network (minimum)
       16. Deny logon as a batch job
       17. Deny logon as a service
       18. Deny logon locally
       19. Deny logon through terminal services (minimum)
       20. Enable computer and user accounts to be trusted for delegation
       21. Force shutdown from a remote system
       22. Generate security audits
       23. Impersonate client after authentication
       24. Increase scheduling priority
       25. Load and unload device drivers
       26. Lock pages in memory
       27. Log on as a batch job
       28. Log on as a service
       29. Manage audit and security logs
       30. Modify firmware environment values
       31. Perform volume maintenance tasks
       32. Profile system performance
       33. Replace a process level token
       34. Restore files and directories
       35. Shut down the system
       36. Synchronise directory service data
       37. Take ownership of file or other object
       38. File system permissions
    7. Registry permissions
    8. File and registry auditing
19. 2. Bibliography, Reference and Further Reading
    1. ISO27001 resources
    2. Microsoft resources
    3. Microsoft products
    4. Other resources
20. ITG Resources
    1. Other Websites
    2. Pocket Guides
    3. Toolkits
    4. Best Practice Reports
    5. Training and Consultancy
    6. Newsletter