Book description
Revised and updated to keep pace with this ever changing field, Security Strategies in Windows Platforms and Applications, Third Edition focuses on new risks, threats, and vulnerabilities associated with the Microsoft Windows operating system, placing a particular emphasis on Windows 10, and Windows Server 2016 and 2019. The Third Edition highlights how to use tools and techniques to decrease risks arising from vulnerabilities in Microsoft Windows operating systems and applications. The book also includes a resource for readers desiring more information on Microsoft Windows OS hardening, application security, and incident management. With its accessible writing style, and step-by-step examples, this must-have resource will ensure readers are educated on the latest Windows security strategies and techniques.
Table of contents
- Cover
- Title Page
- Copyright Page
- Contents
- Preface
- Acknowledgments
- About the Author
-
CHAPTER 1 Microsoft Windows and the Threat Landscape
- Information Systems Security
- Tenets of Information Security: The C-I-A Triad
- Mapping Microsoft Windows and Applications into a Typical IT Infrastructure
- Microsoft’s End-User License Agreement
- Windows Threats and Vulnerabilities
- Anatomy of Microsoft Windows Vulnerabilities
- Discovery-Analysis-Remediation Cycle
- Common Forms of Attack
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 1 ASSESSMENT
-
CHAPTER 2 Security in the Microsoft Windows Operating System
- Operating System Components and Architecture
- Basic Windows Operating System Architecture
- Access Controls and Authentication
- Security Access Tokens, Rights, and Permissions
- Users, Groups, and Active Directory
- Windows Attack Surfaces and Mitigation
- Fundamentals of Microsoft Windows Security Monitoring and Maintenance
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 2 ASSESSMENT
-
CHAPTER 3 Access Controls in Microsoft Windows
- The Principle of Least Privilege
- Access Models: Identification, Authentication, Authorization, ACLs, and More
- Windows Server 2012, Windows Server 2016, and Windows Server 2019 Dynamic Access Control
- Windows Objects and Access Controls
- SIDs, Globally Unique Identifiers, and Class Identifiers
- Calculating Microsoft Windows Access Permissions
- Auditing and Tracking Windows Access
- Microsoft Windows Access Management Tools
- Best Practices for Microsoft Windows Access Control
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 3 ASSESSMENT
-
CHAPTER 4 Microsoft Windows Encryption Tools and Technologies
- Encryption Methods Microsoft Windows Supports
- Encrypting File System, BitLocker, and BitLocker To Go
- Enabling File-, Folder-, and Volume-Level Encryption
- Encryption in Communications
- Encryption Protocols in Microsoft Windows
- Microsoft Windows and Security Certificates
- Public Key Infrastructure
- Best Practices for Windows Encryption Techniques
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 4 ASSESSMENT
-
CHAPTER 5 Protecting Microsoft Windows against Malware
- The Purpose of Malware
- Types of Malware
- Anti-Malware Software
- Malware Mitigation Techniques
- Importance of Updating Your Software
- Maintaining a Malware-Free Environment
- Scanning and Auditing Malware
- Tools and Techniques for Removing Malware
- Malware Prevention Best Practices
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 5 ASSESSMENT
-
CHAPTER 6 Group Policy Control in Microsoft Windows
- Group Policy and Group Policy Objects
- Group Policy Settings
- Making Group Policy Conform to Security Policy
- Types of GPOs in the Registry
- Types of GPOs in Active Directory
- Designing, Deploying, and Tracking Group Policy Controls
- Auditing and Managing Group Policy
- Best Practices for Microsoft Windows Group Policy and Processes
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 6 ASSESSMENT
-
CHAPTER 7 Microsoft Windows Security Profile and Audit Tools
- Profiling Microsoft Windows Security
- Microsoft Baseline Security Analyzer
- OpenVAS
- Nessus Essentials
- Burp Suite Web Vulnerability Scanner
- Microsoft Windows Security Audit
- Microsoft Windows Security Audit Tools
- Best Practices for Microsoft Windows Security Audits
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 7 ASSESSMENT
-
CHAPTER 8 Microsoft Windows Backup and Recovery Tools
- Microsoft Windows Operating System and Application Backup and Recovery
- Workstation, Server, Network, and Cloud Backup Techniques
- Microsoft Windows and Application Backup and Recovery in a Business Continuity Setting
- Microsoft Windows Backup and Restore Utility
- Restoring with the Windows Backup and Restore Utility
- Rebuilding Systems from Bare Metal
- Managing Backups with Virtual Machines
- Best Practices for Microsoft Windows Backup and Recovery
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 8 ASSESSMENT
-
CHAPTER 9 Microsoft Windows Network Security
- Network Security
- Principles of Microsoft Windows Network Security
- Microsoft Windows Security Protocols and Services
- Securing Microsoft Windows Environment Network Services
- Securing Microsoft Windows Wireless Networking
- Microsoft Windows Workstation Network Security
- Microsoft Windows Server Network Security
- Internal Network and Cloud Security
- Best Practices for Microsoft Windows Network Security
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 9 ASSESSMENT
-
CHAPTER 10 Microsoft Windows Security Administration
- Security Administration Overview
- Maintaining the C-I-A Triad in the Microsoft Windows OS World
- Microsoft Windows OS Security Administration
- Ensuring Due Diligence and Regulatory Compliance
- The Need for Security Policies, Standards, Procedures, and Guidelines
- Best Practices for Microsoft Windows OS Security Administration
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 10 ASSESSMENT
-
CHAPTER 11 Hardening the Microsoft Windows Operating System
- Understanding the Hardening Process and Mindset
- Hardening Microsoft Windows Operating System Authentication
- Hardening the Network Infrastructure
- Securing Directory Information and Operations
- Hardening Microsoft Windows OS Administration
- Hardening Microsoft Servers and Client Computers
- Hardening Workstation Computers
- Hardening Data Access and Controls
- Hardening Communications and Remote Access
- Hardening PKI
- User Security Training and Awareness
- Best Practices for Hardening Microsoft Windows OS and Applications
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 11 ASSESSMENT
-
CHAPTER 12 Microsoft Application Security
- Principles of Microsoft Application Security
- Securing Key Microsoft Client Applications
- Web Browser
- Securing Key Microsoft Server Applications
- Case Studies in Microsoft Application Security
- Best Practices for Securing Microsoft Windows Applications
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 12 ASSESSMENT
-
CHAPTER 13 Microsoft Windows Incident Handling and Management
- Understanding and Handling Security Incidents Involving Microsoft Windows OS and Applications
- Formulating an Incident Response Plan
- Plan for Anything that Could Cause Loss or Damage
- Handling Incident Response
- Incident Handling and Management Tools for Microsoft Windows and Applications
- Investigating Microsoft Windows and Applications Incidents
- Acquiring and Managing Incident Evidence
- Best Practices for Handling Microsoft Windows OS and Applications Incidents and Investigations
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 13 ASSESSMENT
-
CHAPTER 14 Microsoft Windows and the Security Life Cycle
- Understanding Traditional System Life Cycle Phases
- Agile Software Development
- Managing Microsoft Windows OS and Application Software Security
- Developing Secure Microsoft Windows OS and Application Software
- Implementing, Evaluating, and Testing Microsoft Windows OS and Application Software Security
- Maintaining the Security of Microsoft Windows OS and Application Software
- Microsoft Windows OS and Application Software Revision, Change Management, and End-of-Life Phaseout
- Best Practices for Microsoft Windows and Application Software Development Security Investigations
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 14 ASSESSMENT
-
CHAPTER 15 Best Practices for Microsoft Windows and Application Security
- Basic Rules of Microsoft Windows OS and Application Security
- Audit and Remediation Cycles
- Security Policy Conformance Checks
- Security Baseline Analysis
- OS and Application Checks and Upkeep
- Network Management Tools and Policies
- Software Testing, Staging, and Deployment
- Compliance/Currency Tests on Network Entry
- Trends in Microsoft Windows OS and Application Security Management
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 15 ASSESSMENT
- APPENDIX A Answer Key
- APPENDIX B Standard Acronyms
- Glossary of Key Terms
- References
- Index
Product information
- Title: Security Strategies in Windows Platforms and Applications, 3rd Edition
- Author(s):
- Release date: October 2019
- Publisher(s): Jones & Bartlett Learning
- ISBN: 9781284175639
You might also like
book
Windows Security Monitoring
Go deep into Windows security tools to implement more robust protocols and processes Windows Security Monitoring …
book
The .NET Developer's Guide to Windows Security
"As usual, Keith masterfully explains complex security issues in down-to-earth and easy-to-understand language. I bet you'll …
book
Windows Operating System Fundamentals
A clear and concise resource, the ideal guide to Windows for IT beginners Windows Operating System …
book
Legal and Privacy Issues in Information Security, 3rd Edition
Thoroughly revised and updated to address the many changes in this evolving field, the third edition …