book

Security Strategies in Windows Platforms and Applications

by Michael G. Solomon

November 2010

Intermediate to advanced

384 pages

10h 21m

English

Jones & Bartlett Learning

Read now

Unlock full access

Purpose of This BookLearning FeaturesAudience
Information Systems SecurityTenets of Information Security: The A-I-C TriadAvailabilityIntegrityConfidentialityMapping Microsoft Windows and Applications Into a Typical IT InfrastructureWindows ClientsWindows ServersMicrosoft's End User Licensing Agreement (EULA)Windows Threats and VulnerabilitiesAnatomy of Microsoft Windows VulnerabilitiesCode RedSQL SlammerConfickerDiscovery-Analysis-Remediation CycleDiscoveryAnalysisRemediationCommon Forms of AttackCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 1 ASSESSMENT
Operating System Components and ArchitectureThe KernelOperating System ComponentsBasic Windows Operating System ArchitectureWindows Run ModesKernel ModeUser ModelAccess Controls and AuthenticationAuthentication MethodsAccess Control MethodsSecurity Access Tokens, Rights, and PermissionsSecurity IdentifierAccess Rules, Rights, and PermissionsUsers, Groups, and Active DirectoryWorkgroupsActive DirectoryWindows Attack Surfaces and MitigationMultilayered DefenseMitigationFundamentals of Microsoft Windows Security Monitoring and MaintenanceSecurity MonitoringIdentify VulnerabilitiesCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 2 ASSESSMENT
The Principle of Least PrivilegeThe Orange BookLeast Privilege and LUAsRights and PermissionsAccess Models: Identification, Authentication, Authorization, ACLs, and MoreUser Account Control (UAC)Sharing SIDs and SATsKerberosNT LAN ManagerWindows Objects and Access ControlsWindows DACLsDACL Advanced PermissionsSIDs, GUIDs, and CLSIDsCalculating Microsoft Windows Access PermissionsAuditing and Tracking Windows AccessMicrosoft Windows Access Management ToolsCacls.exeiCacls.exeRobocopyBest Practices for Microsoft Windows Access ControlCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 3 ASSESSMENT
Encryption Methods Microsoft Windows SupportsEncrypting File System, BitLocker, and BitLocker To GoEncrypting File SystemBitLockerBitLocker To GoEnabling File-, Folder-, and Volume-Level EncryptionEnabling EFSEnabling BitLockerEnabling BitLocker To GoEncryption in CommunicationsEncryption Protocols in Microsoft WindowsSSL/TLSVirtual Private NetworkWireless SecurityMicrosoft Windows and Security CertificatesPublic Key InfrastructureBest Practices for Windows Encryption TechniquesCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 4 ASSESSMENT
Types of MalwareVirusWormTrojan HorseRootkitSpywareMalware Type SummaryAntivirus and Anti-Spyware SoftwareAntivirus SoftwareAnti-Spyware SoftwareImportance of Updating Your SoftwareMaintaining a Malware-Free EnvironmentScanning and Auditing MalwareTools and Techniques for Removing MalwareMalware Prevention Best PracticesCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 5 ASSESSMENT

Group Policy and Group Policy ObjectsGroup Policy SettingsGPO LinkingMaking Group Policy Conform to Security PolicySecurity ResponsibilitySecurity Policy and Group PolicyGroup Policy TargetsTypes of GPOs in the RegistryLocal Group Policy EditorGPOs in the Registry EditorTypes of GPOs in Active DirectoryGroup Policy Management ConsoleGPOs on the Domain ControllerDesigning, Deploying, and Tracking Group Policy ControlsGPO Application OrderSecurity FiltersGPO Windows Management Instrumentation (WMI) FiltersDeploying Group PolicyAuditing and Managing Group PolicyGroup Policy InventoryAnalyzing the Effect of GPOsBest Practices for Microsoft Windows Group Policy and ProcessesGroup Policy Design GuidelinesCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 6 ASSESSMENT
Profiling Microsoft Windows SecurityProfilingProfiling Windows ComputersMicrosoft Baseline Security Analyzer (MBSA)MBSA GUIMBSA Command Line InterfaceShavlik Security AnalyzersNetChk Protect LimitedNetChk ProtectSecunia Personal and Corporate Security AnalyzersSecunia Personal ScannersSecunia Corporate ProductsMicrosoft Windows Security AuditMicrosoft Windows Security Audit ToolsBest Practices for Microsoft Windows Security AuditsCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 7 ASSESSMENT
Microsoft Windows Operating System (OS) and Application Backup and RecoveryThe Need for BackupsThe Backup ProcessThe Restore ProcessWorkstation, Server, Network, and Internet Backup TechniquesWorkstation BackupsOther Workstation Backup UtilitiesServer BackupsOther Server Backup UtilitiesNetwork BackupsInternet BackupsMicrosoft Windows and Application Backup and Recovery in a Business Continuity Recovery SettingDisaster Recovery PlanBusiness Continuity PlanWhere a Restore Fits InMicrosoft Windows Backup and Restore UtilityRestoring with the Windows Backup and Restore UtilityRestoring with the Windows Server 2008 Server Recovery UtilityRebuilding Systems from Bare MetalManaging Backups with Virtual MachinesBest Practices for Microsoft Windows Backup and RecoveryCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 8 ASSESSMENT
Network SecurityNetwork Security ControlsPrinciples of Microsoft Windows Network SecurityCommon Network ComponentsConnection MediaWired Network ConnectionsWireless Network ConnectionsNetworking DevicesHubSwitchRouterGatewayServer Computers and Services DevicesNetwork File ServerNetwork Print ServerData StorageApplication ServicesFirewallsMicrosoft Windows Security Protocols and ServicesSecuring Microsoft Windows Environment Network ServicesService UpdatesService AccountsNecessary ServicesSecuring Microsoft Windows Wireless NetworkingMicrosoft Windows Desktop Network SecurityUser Authorization and AuthenticationMalicious Software ProtectionOutbound Traffic FilteringMicrosoft Windows Server Network SecurityAuthentication and AuthorizationMalicious Software ProtectionNetwork Traffic FilteringBest Practices for Microsoft Windows Network SecurityCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 9 ASSESSMENT
Security Administration OverviewThe Security Administration CycleSecurity Administration TasksMaintaining the A-I-C Triad in the Microsoft Windows OS WorldMaintaining AvailabilityMaintaining IntegrityMaintaining ConfidentialityMicrosoft Windows OS Security AdministrationFirewall AdministrationPerformance MonitorBackup AdministrationWindows Workstation BackupsWindows Server BackupsOperating System Service Pack AdministrationGroup Policy AdministrationDACL AdministrationEncryption AdministrationEnabling EFSEnabling BitLocker or BitLocker To GoAnti-Malware Software AdministrationEnsuring Due Diligence and Regulatory ComplianceDue DiligenceThe Need for Security Policies, Standards, Procedures, and GuidelinesBest Practices for Microsoft Windows OS Security AdministrationCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 10 ASSESSMENT
Understanding the Hardening Process and MindsetStrategies to Secure Windows ComputersInstall Only What You NeedSecurity Configuration WizardManually Disabling and Removing Programs and ServicesHardening Microsoft Windows Operating System AuthenticationHardening the Network InfrastructureSecuring Directory Information and OperationsHardening Microsoft Windows OS AdministrationHardening Microsoft Servers and Client ComputersHardening Server ComputersHardening Workstation ComputersHardening Data Access and ControlsHardening Communications and Remote AccessAuthentication ServersRADIUSTACACS+VPNs and EncryptionHardening PKIUser Security Training and AwarenessBest Practices for Hardening Microsoft Windows OS and ApplicationsCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 11 ASSESSMENT
Principles of Microsoft Application SecurityCommon Application Software AttacksHardening ApplicationsSecuring Key Microsoft Client ApplicationsWeb BrowserE-mail ClientProductivity SoftwareFile Transfer SoftwareAppLockerSecuring Key Microsoft Server ApplicationsWeb ServerE-mail ServerDatabase ServerERP SoftwareLine of Business SoftwareCase Studies in Microsoft Application SecuritySporton InternationalMonroe CollegeDow CorningBest Practices for Securing Microsoft Windows ApplicationsCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 12 ASSESSMENT
Understanding and Handling Security Incidents Involving Microsoft Windows OS and ApplicationsFormulating an Incident Response PlanPlan Like a PilotPlan for Anything That Could Cause Loss or DamageBuild the CSIRTPlan for CommunicationPlan SecurityRevision ProceduresPlan TestingHandling Incident ResponsePreparationIdentificationContainmentEradicationRecoveryLessons LearnedIncident Handling and Management Tools for Microsoft Windows and ApplicationsInvestigating Microsoft Windows and Applications IncidentsAcquiring and Managing Incident EvidenceTypes of EvidenceChain of CustodyEvidence Collection RulesBest Practices for Handling Microsoft Windows OS and Applications Incidents and InvestigationsCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 13 ASSESSMENT
Understanding System Life Cycle PhasesManaging Microsoft Windows OS and Application Software SecurityDeveloping Secure Microsoft Windows OS and Application SoftwareImplementing, Evaluating, and Testing Microsoft Windows OS and Application Software SecurityMaintaining the Security of Microsoft Windows OS and Application SoftwareMicrosoft Windows OS and Application Software Revision, Change Management, and End-of-Life PhaseoutSoftware Development Areas of DifficultySoftware ControlSoftware Configuration Management (SCM)Best Practices for Microsoft Windows and Application Software Development Security InvestigationsCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 14 ASSESSMENT
Basic Rules of Microsoft Windows OS and Application SecurityAudit and Remediation CyclesSecurity Policy Conformance ChecksSecurity Baseline AnalysisOS and Application Checks and UpkeepNetwork Management Tools and PoliciesSoftware Testing, Staging, and DeploymentCompliance/Currency Tests on Network EntryTrends in Microsoft Windows OS and Application Security ManagementCHAPTER SUMMARYKEY CONCEPTS AND TERMSCHAPTER 15 ASSESSMENT

Content preview from Security Strategies in Windows Platforms and Applications

Chapter 13. Microsoft Windows Incident Handling and Management

DESPITE THE BEST EFFORTS to secure a computing environment, no organization is completely safe. Sooner or later you will encounter a security policy violation. It may be a minor violation such as a user attempting to log on too many times after forgetting a password. Or, it could be a major incident such as an attacker destroying your organization's primary database. Either way, learn how to react. When you discover a security violation, you have only one proper response—to follow your plan.

Map out your response to security violations before any occur. In this chapter, you'll find out how to plan for the inevitable actions that result in security violations. You'll learn how to recognize ...