Security Strategies in Windows Platforms and Applications, 3rd Edition

Security Strategies in Windows Platforms and Applications, 3rd Edition

by Michael G. Solomon
Released October 2019
Publisher(s): Jones & Bartlett Learning
ISBN: 9781284175639

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description


Revised and updated to keep pace with this ever changing field, Security Strategies in Windows Platforms and Applications, Third Edition focuses on new risks, threats, and vulnerabilities associated with the Microsoft Windows operating system, placing a particular emphasis on Windows 10, and Windows Server 2016 and 2019. The Third Edition highlights how to use tools and techniques to decrease risks arising from vulnerabilities in Microsoft Windows operating systems and applications. The book also includes a resource for readers desiring more information on Microsoft Windows OS hardening, application security, and incident management. With its accessible writing style, and step-by-step examples, this must-have resource will ensure readers are educated on the latest Windows security strategies and techniques.

Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Contents
  5. Preface
  6. Acknowledgments
  7. About the Author
  8. CHAPTER 1 Microsoft Windows and the Threat Landscape
    1. Information Systems Security
    2. Tenets of Information Security: The C-I-A Triad
      1. Confidentiality
      2. Integrity
      3. Availability
    3. Mapping Microsoft Windows and Applications into a Typical IT Infrastructure
      1. Windows Clients
      2. Windows Servers
    4. Microsoft’s End-User License Agreement
    5. Windows Threats and Vulnerabilities
    6. Anatomy of Microsoft Windows Vulnerabilities
      1. CryptoLocker
      2. Locky
      3. WannaCry
    7. Discovery-Analysis-Remediation Cycle
      1. Discovery
      2. Analysis
      3. Remediation
    8. Common Forms of Attack
    9. CHAPTER SUMMARY
    10. KEY CONCEPTS AND TERMS
    11. CHAPTER 1 ASSESSMENT
  9. CHAPTER 2 Security in the Microsoft Windows Operating System
    1. Operating System Components and Architecture
      1. The Kernel
      2. Operating System Components
    2. Basic Windows Operating System Architecture
      1. Windows Run Modes
      2. Kernel Mode
      3. User Mode
    3. Access Controls and Authentication
      1. Authentication Methods
      2. Access Control Methods
    4. Security Access Tokens, Rights, and Permissions
      1. Security Identifier
      2. Access Rules, Rights, and Permissions
    5. Users, Groups, and Active Directory
      1. Workgroups
      2. Active Directory
    6. Windows Attack Surfaces and Mitigation
      1. Multilayered Defense
      2. Mitigation
    7. Fundamentals of Microsoft Windows Security Monitoring and Maintenance
      1. Security Monitoring
      2. Identify Vulnerabilities
    8. CHAPTER SUMMARY
    9. KEY CONCEPTS AND TERMS
    10. CHAPTER 2 ASSESSMENT
  10. CHAPTER 3 Access Controls in Microsoft Windows
    1. The Principle of Least Privilege
      1. The Orange Book
      2. Least Privilege and LUAs
      3. Rights and Permissions
    2. Access Models: Identification, Authentication, Authorization, ACLs, and More
    3. Windows Server 2012, Windows Server 2016, and Windows Server 2019 Dynamic Access Control
      1. User Account Control
      2. Sharing SIDs and SATs
      3. Managed Service Accounts
      4. Kerberos
    4. Windows Objects and Access Controls
      1. Windows DACLs
      2. DACL Advanced Permissions
    5. SIDs, Globally Unique Identifiers, and Class Identifiers
    6. Calculating Microsoft Windows Access Permissions
    7. Auditing and Tracking Windows Access
      1. Expression-Based Security Audit Policy (Windows Server 2012 and Newer)
    8. Microsoft Windows Access Management Tools
      1. Cacls.exe
      2. Icacls.exe
    9. Best Practices for Microsoft Windows Access Control
    10. CHAPTER SUMMARY
    11. KEY CONCEPTS AND TERMS
    12. CHAPTER 3 ASSESSMENT
  11. CHAPTER 4 Microsoft Windows Encryption Tools and Technologies
    1. Encryption Methods Microsoft Windows Supports
    2. Encrypting File System, BitLocker, and BitLocker To Go
      1. Encrypting File System
      2. BitLocker
      3. BitLocker To Go
    3. Enabling File-, Folder-, and Volume-Level Encryption
      1. Enabling EFS
      2. Enabling BitLocker
      3. Enabling BitLocker To Go
    4. Encryption in Communications
    5. Encryption Protocols in Microsoft Windows
      1. TLS
      2. IPSec
      3. Virtual Private Network
      4. Wireless Security
    6. Microsoft Windows and Security Certificates
    7. Public Key Infrastructure
    8. Best Practices for Windows Encryption Techniques
    9. CHAPTER SUMMARY
    10. KEY CONCEPTS AND TERMS
    11. CHAPTER 4 ASSESSMENT
  12. CHAPTER 5 Protecting Microsoft Windows against Malware
    1. The Purpose of Malware
    2. Types of Malware
      1. Virus
      2. Worm
      3. Trojan Horse
      4. Rootkit
      5. Spyware
      6. Ransomware
      7. Malware Type Summary
    3. Anti-Malware Software
      1. Antivirus Software
      2. Anti-Spyware Software
    4. Malware Mitigation Techniques
    5. Importance of Updating Your Software
    6. Maintaining a Malware-Free Environment
    7. Scanning and Auditing Malware
    8. Tools and Techniques for Removing Malware
    9. Malware Prevention Best Practices
    10. CHAPTER SUMMARY
    11. KEY CONCEPTS AND TERMS
    12. CHAPTER 5 ASSESSMENT
  13. CHAPTER 6 Group Policy Control in Microsoft Windows
    1. Group Policy and Group Policy Objects
    2. Group Policy Settings
      1. GPO Linking
    3. Making Group Policy Conform to Security Policy
      1. Security Responsibility
      2. Security Policy and Group Policy
      3. Group Policy Targets
    4. Types of GPOs in the Registry
      1. Local Group Policy Editor
      2. GPOs in the Registry Editor
    5. Types of GPOs in Active Directory
      1. Group Policy Management Console
      2. GPOs on the Domain Controller
    6. Designing, Deploying, and Tracking Group Policy Controls
      1. GPO Application Order
      2. Security Filters
      3. GPO Windows Management Instrumentation Filters
      4. Deploying Group Policy
    7. Auditing and Managing Group Policy
      1. Group Policy Inventory
      2. Analyzing the Effect of GPOs
    8. Best Practices for Microsoft Windows Group Policy and Processes
      1. Group Policy Design Guidelines
    9. CHAPTER SUMMARY
    10. KEY CONCEPTS AND TERMS
    11. CHAPTER 6 ASSESSMENT
  14. CHAPTER 7 Microsoft Windows Security Profile and Audit Tools
    1. Profiling Microsoft Windows Security
      1. Profiling
      2. Profiling Windows Computers
    2. Microsoft Baseline Security Analyzer
      1. MBSA Graphical User Interface
      2. MBSA Command-Line Interface
    3. OpenVAS
    4. Nessus Essentials
    5. Burp Suite Web Vulnerability Scanner
    6. Microsoft Windows Security Audit
    7. Microsoft Windows Security Audit Tools
    8. Best Practices for Microsoft Windows Security Audits
    9. CHAPTER SUMMARY
    10. KEY CONCEPTS AND TERMS
    11. CHAPTER 7 ASSESSMENT
  15. CHAPTER 8 Microsoft Windows Backup and Recovery Tools
    1. Microsoft Windows Operating System and Application Backup and Recovery
      1. The Need for Backups
      2. The Backup Process
      3. The Restore Process
    2. Workstation, Server, Network, and Cloud Backup Techniques
      1. Workstation Backups
      2. Server Backups
      3. Network Backups
      4. Cloud Backups
    3. Microsoft Windows and Application Backup and Recovery in a Business Continuity Setting
      1. Disaster Recovery Plan
      2. Business Continuity Plan
      3. Where a Restore Fits In
    4. Microsoft Windows Backup and Restore Utility
    5. Restoring with the Windows Backup and Restore Utility
      1. Restoring with the Windows Server Recovery Utility
    6. Rebuilding Systems from Bare Metal
    7. Managing Backups with Virtual Machines
    8. Best Practices for Microsoft Windows Backup and Recovery
    9. CHAPTER SUMMARY
    10. KEY CONCEPTS AND TERMS
    11. CHAPTER 8 ASSESSMENT
  16. CHAPTER 9 Microsoft Windows Network Security
    1. Network Security
      1. Network Security Controls
    2. Principles of Microsoft Windows Network Security
      1. Common Network Components
      2. Connection Media
      3. Networking Devices
      4. Server Computers and Services Devices
    3. Microsoft Windows Security Protocols and Services
    4. Securing Microsoft Windows Environment Network Services
      1. Service Updates
      2. Service Accounts
      3. Necessary Services
    5. Securing Microsoft Windows Wireless Networking
    6. Microsoft Windows Workstation Network Security
      1. User Authorization and Authentication
      2. Malicious Software Protection
      3. Outbound Traffic Filtering
    7. Microsoft Windows Server Network Security
      1. Authentication and Authorization
      2. Malicious Software Protection
      3. Network Traffic Filtering
    8. Internal Network and Cloud Security
      1. IPv4 versus IPv6
      2. Cloud Computing
    9. Best Practices for Microsoft Windows Network Security
    10. CHAPTER SUMMARY
    11. KEY CONCEPTS AND TERMS
    12. CHAPTER 9 ASSESSMENT
  17. CHAPTER 10 Microsoft Windows Security Administration
    1. Security Administration Overview
      1. The Security Administration Cycle
      2. Security Administration Tasks
    2. Maintaining the C-I-A Triad in the Microsoft Windows OS World
      1. Maintaining Confidentiality
      2. Maintaining Integrity
      3. Maintaining Availability
    3. Microsoft Windows OS Security Administration
      1. Firewall Administration
      2. Performance Monitor
      3. Backup Administration
      4. Operating System Service Pack Administration
      5. Group Policy Administration
      6. DACL Administration
      7. Encryption Administration
      8. Anti-Malware Software Administration
    4. Ensuring Due Diligence and Regulatory Compliance
      1. Due Diligence
    5. The Need for Security Policies, Standards, Procedures, and Guidelines
    6. Best Practices for Microsoft Windows OS Security Administration
    7. CHAPTER SUMMARY
    8. KEY CONCEPTS AND TERMS
    9. CHAPTER 10 ASSESSMENT
  18. CHAPTER 11 Hardening the Microsoft Windows Operating System
    1. Understanding the Hardening Process and Mindset
      1. Strategies to Secure Windows Computers
      2. Install Only What You Need
      3. Security Compliance Toolkit
      4. Manually Disabling and Removing Programs and Services
    2. Hardening Microsoft Windows Operating System Authentication
    3. Hardening the Network Infrastructure
    4. Securing Directory Information and Operations
    5. Hardening Microsoft Windows OS Administration
    6. Hardening Microsoft Servers and Client Computers
      1. Hardening Server Computers
    7. Hardening Workstation Computers
    8. Hardening Data Access and Controls
    9. Hardening Communications and Remote Access
      1. Authentication Servers
      2. VPNs and Encryption
    10. Hardening PKI
    11. User Security Training and Awareness
    12. Best Practices for Hardening Microsoft Windows OS and Applications
    13. CHAPTER SUMMARY
    14. KEY CONCEPTS AND TERMS
    15. CHAPTER 11 ASSESSMENT
  19. CHAPTER 12 Microsoft Application Security
    1. Principles of Microsoft Application Security
      1. Common Application Software Attacks
      2. Hardening Applications
    2. Securing Key Microsoft Client Applications
    3. Web Browser
      1. Email Client
      2. Productivity Software
      3. File Transfer Software
      4. AppLocker
    4. Securing Key Microsoft Server Applications
      1. Web Server
      2. Email Server
      3. Database Server
      4. Enterprise Resource Planning Software
      5. Line of Business Software
      6. Cloud-Based Software
    5. Case Studies in Microsoft Application Security
    6. Best Practices for Securing Microsoft Windows Applications
    7. CHAPTER SUMMARY
    8. KEY CONCEPTS AND TERMS
    9. CHAPTER 12 ASSESSMENT
  20. CHAPTER 13 Microsoft Windows Incident Handling and Management
    1. Understanding and Handling Security Incidents Involving Microsoft Windows OS and Applications
    2. Formulating an Incident Response Plan
      1. Plan Like a Pilot
    3. Plan for Anything that Could Cause Loss or Damage
      1. Build the CSIRT
      2. Plan for Communication
      3. Plan Security
      4. Revision Procedures
      5. Plan Testing
    4. Handling Incident Response
      1. Preparation
      2. Identification
      3. Containment
      4. Eradication
      5. Recovery
      6. Lessons Learned
    5. Incident Handling and Management Tools for Microsoft Windows and Applications
    6. Investigating Microsoft Windows and Applications Incidents
    7. Acquiring and Managing Incident Evidence
      1. Types of Evidence
      2. Chain of Custody
      3. Evidence Collection Rules
    8. Best Practices for Handling Microsoft Windows OS and Applications Incidents and Investigations
    9. CHAPTER SUMMARY
    10. KEY CONCEPTS AND TERMS
    11. CHAPTER 13 ASSESSMENT
  21. CHAPTER 14 Microsoft Windows and the Security Life Cycle
    1. Understanding Traditional System Life Cycle Phases
    2. Agile Software Development
    3. Managing Microsoft Windows OS and Application Software Security
    4. Developing Secure Microsoft Windows OS and Application Software
    5. Implementing, Evaluating, and Testing Microsoft Windows OS and Application Software Security
    6. Maintaining the Security of Microsoft Windows OS and Application Software
    7. Microsoft Windows OS and Application Software Revision, Change Management, and End-of-Life Phaseout
      1. Software Development Areas of Difficulty
      2. Software Control
      3. Software Configuration Management
    8. Best Practices for Microsoft Windows and Application Software Development Security Investigations
    9. CHAPTER SUMMARY
    10. KEY CONCEPTS AND TERMS
    11. CHAPTER 14 ASSESSMENT
  22. CHAPTER 15 Best Practices for Microsoft Windows and Application Security
    1. Basic Rules of Microsoft Windows OS and Application Security
      1. Administrative best practices
      2. Technical best practices
    2. Audit and Remediation Cycles
    3. Security Policy Conformance Checks
    4. Security Baseline Analysis
    5. OS and Application Checks and Upkeep
    6. Network Management Tools and Policies
    7. Software Testing, Staging, and Deployment
    8. Compliance/Currency Tests on Network Entry
    9. Trends in Microsoft Windows OS and Application Security Management
    10. CHAPTER SUMMARY
    11. KEY CONCEPTS AND TERMS
    12. CHAPTER 15 ASSESSMENT
  23. APPENDIX A Answer Key
  24. APPENDIX B Standard Acronyms
  25. Glossary of Key Terms
  26. References
  27. Index

Product information

  • Title: Security Strategies in Windows Platforms and Applications, 3rd Edition
  • Author(s): Michael G. Solomon
  • Release date: October 2019
  • Publisher(s): Jones & Bartlett Learning
  • ISBN: 9781284175639