Microsoft® Windows® 2000 Security Handbook

Table of contents

1. Copyright
2. About the Authors
3. Acknowledgments
4. Introduction
5. Windows 2000 System Basics
   1. Architecture
      1. A New Windows
      2. The Windows 2000 Operating System Model
      3. Windows 2000 System Processes and Files
      4. Memory
      5. Kernel Objects
      6. Exceptions and Interrupts
      7. Global Flags
      8. Summary
   2. Processes and Threads
      1. The Job Object
      2. Processes
      3. Threads
      4. Summary
   3. Security Model
      1. Securing Objects
      2. Components
      3. The Flow of a User Logon
      4. Summary
   4. NTFS 5.0
      1. The Master File Table (MFT)
      2. Files
      3. Streams
      4. Metadata
      5. Hard Links
      6. Reparse Points
      7. Quotas
      8. Summary
   5. Services
      1. What Is a Service?
      2. Service Control Manager (SCM)
      3. Service Object Security
      4. Service Startup
      5. Multiple Services in One Process
      6. General Service Security Considerations
      7. Service Security Considerations for Programmers
      8. Summary
   6. Drivers
      1. Windows 2000 I/O Model
      2. Kinds of Drivers
      3. The File System Stack of Drivers
      4. Kernel Mode Memory
      5. Coding Secure Drivers
      6. Driver Signing
      7. Malicious Drivers
      8. Summary
6. Computer Network Security Foundations
   1. The NetBIOS, NetBEUI, SMB, and TCP/IP Protocols
      1. History of TCP/IP
      2. The TCP/IP Suite
      3. The TCP/IP Protocol Stack
      4. Transport-Level Protocols
      5. Application-Level Protocols
      6. NetBIOS Interface
      7. NetBEUI
      8. Server Message Block (SMB)
      9. IP Addressing
      10. Name Resolution
      11. TCP/IP Improvements
      12. Dynamic Host Configuration Protocol
      13. Dynamic Bandwidth Allocation
      14. Quality of Service
      15. TCP/IP Troubleshooting Tools and Strategies
      16. Summary
   2. Cryptography
      1. History of Cryptography
      2. Keys and Key Length
      3. Types of Encryption
      4. Common Encryption Algorithms
      5. Applications that Use Encryption
      6. Future of Cryptography
      7. Summary
   3. Introduction to IPSec
      1. What's a VPN and Why Would You Use One?
      2. Common Information Security Issues
      3. IPSec: The Standards-based Solution to IP Security
      4. The IPSec Model
      5. Tunneling
      6. Summary
   4. PKI
      1. Certificate Authorities
      2. Digital Certificates
      3. PGP "Web of Trust"
      4. Digital Signatures
      5. Windows 2000 and Public-Key Infrastructure
      6. Why Use PKI with Windows 2000?
      7. Summary
   5. Kerberos Protocol
      1. Concepts of Kerberos
      2. Kerberos Components in Windows 2000
      3. What Does Kerberos Do for Windows 2000?
      4. Windows 2000 Authentication Process
      5. What Makes Kerberos Tick?
      6. Administration of Kerberos
      7. Summary
   6. X.500/LDAP
      1. Keeping Track of Information About the Network
      2. What Is X.500?
      3. LDAP
      4. Objects and Attributes
      5. The Directory Schema
      6. Summary
7. Network Security in Windows 2000
   1. Networking Model
      1. Networking Windows 2000: What's New
      2. Windows DNA
      3. Active Directory
      4. Network Services
      5. Communication Services and APIs
      6. Security in Windows 2000 Networks
      7. Summary
   2. Active Directory Services
      1. The Directory
      2. Active Directory Components
      3. Active Directory Open Design
      4. Concepts of Active Directory
      5. Naming Conventions in Active Directory
      6. Groups
      7. Active Directory Reliance
      8. Security
      9. Interoperability
      10. Active Directory Engine Components Microsoft
      11. Tools from the Windows 2000 Resource Kit
      12. Summary
   3. Authentication
      1. New Protocols
      2. The Key Element of Authentication—the User!
      3. The Windows 2000 Security Subsystem
      4. The Logon Process
      5. Understanding NTLM
      6. The Risks of Using NTLM
      7. Understanding SSL/TLS
      8. Summary
   4. SSPI
      1. Secure Networking Through the SSPI
      2. Developing Secure Applications
      3. Package Management API
      4. Credential Management API
      5. Context Management API
      6. Message Support API
      7. Summary
   5. CryptoAPI
      1. Secure Communication
      2. Cryptography and CryptoAPI
      3. CryptoAPI Administration
      4. Enabling Cryptography in Your Applications
      5. Summary
   6. Microsoft Certificate Services
      1. General Overview of Certificate Usage
      2. Public-Key Cryptography
      3. Digital Certificates
      4. Certificate Authorities and Public-Key Infrastructures
      5. The Certificate Services
      6. Installing Certificate Services
      7. Administering a CA
      8. Summary
   7. COM/DCOM/RPC
      1. RPC, COM, DCOM, COM+: What's the Difference?
      2. Administering COM+ Security
      3. Programmatic Implementation of COM+ Security Features
      4. How to Write Secure N-Tier Applications
      5. Summary
   8. VPNs
      1. Why Use a VPN?
      2. VPNs and Windows 2000
      3. Configuring the VPN Client
      4. Managing the VPN Server
      5. Summary
   9. EFS
      1. EFS Concepts
      2. EFS Architecture
      3. How EFS Uses PKI
      4. Certificate Services
      5. Encryption Process
      6. Decryption Process
      7. Using EFS
      8. Summary
   10. DNS/DDNS/WINS
       1. Domain Name System
       2. Dynamic DNS
       3. Security Issues with DNS
       4. WINS (Windows Internet Name Service) and Windows 2000
       5. Summary
8. Protecting Yourself and Your Network Services
   1. Secure Computing Practices
      1. Social Engineering
      2. Trojan Programs
      3. Switching Between Privileged and Non-Privileged Contexts
      4. Other Secure Practices
      5. Summary
   2. Building and Administering a Secure Server
      1. Creating the Secure Server
      2. Managing Auditing and Creating Resource Access Permissions
      3. What About System Services?
      4. The Security Configuration Tools
      5. Summary
   3. Security with High-Speed Full-Time Connections
      1. Dial-Up Connections
      2. Enter Broadband
      3. So, What to Do?
      4. Network Address Translation (NAT)
      5. General Broadband Security Tips
      6. Summary
   4. Detecting and Reacting to Intrusions
      1. Why You Need an Intrusion Response Team
      2. Building an Intrusion Response Team
      3. Detecting Intrusions
      4. Reacting to Intrusions
      5. Summary
   5. Recent Issues Explored
      1. Why You Will Never Be Completely Secure
      2. Keeping Track of New Security Issues from Microsoft
      3. Reviewing Applications Regularly
      4. Keeping Educated
      5. Educating Your User Community
      6. Checking Your Servers Regularly
      7. Summary
   6. Penetration Testing: Hack Your Own System
      1. Why Penetration Testing?
      2. External Consultants
      3. Getting Prepared for a Penetration Test
      4. Generating an Attack Plan
      5. Scouting the Site
      6. Collating and Evaluating Findings
      7. Exploiting the Site
      8. Reporting and Regimen
      9. Available Tools
      10. Summary
   7. Writing Secure Code
      1. Secure Coding Practices
      2. Software Security Explained
      3. Programming Problems Explained
      4. Auditing Code
      5. Resolving Problems in Code
      6. Buffer Overflows
      7. Language-Specific Implementations
      8. Web Application Programming Security
      9. Summary
9. Index