book

Security Strategies in Windows Platforms and Applications, 3rd Edition

Name: Security Strategies in Windows Platforms and Applications, 3rd Edition
Author: Michael G. Solomon
ISBN: 9781284175639

by Michael G. Solomon

October 2019

Intermediate to advanced

374 pages

13h 10m

English

Jones & Bartlett Learning

Read now

Unlock full access

Cover
Title Page
Copyright Page
Contents
Preface
Acknowledgments
About the Author
CHAPTER 1 Microsoft Windows and the Threat Landscape
Information Systems Security
Tenets of Information Security: The C-I-A Triad
ConfidentialityIntegrityAvailability

Mapping Microsoft Windows and Applications into a Typical IT Infrastructure
Windows ClientsWindows Servers
Microsoft’s End-User License Agreement
Windows Threats and Vulnerabilities
Anatomy of Microsoft Windows Vulnerabilities
CryptoLockerLockyWannaCry
Discovery-Analysis-Remediation Cycle
DiscoveryAnalysisRemediation
Common Forms of Attack
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 1 ASSESSMENT
CHAPTER 2 Security in the Microsoft Windows Operating System
Operating System Components and Architecture
The KernelOperating System Components
Basic Windows Operating System Architecture
Windows Run ModesKernel ModeUser Mode
Access Controls and Authentication
Authentication MethodsAccess Control Methods
Security Access Tokens, Rights, and Permissions
Security IdentifierAccess Rules, Rights, and Permissions
Users, Groups, and Active Directory
WorkgroupsActive Directory
Windows Attack Surfaces and Mitigation
Multilayered DefenseMitigation
Fundamentals of Microsoft Windows Security Monitoring and Maintenance
Security MonitoringIdentify Vulnerabilities
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 2 ASSESSMENT
CHAPTER 3 Access Controls in Microsoft Windows
The Principle of Least Privilege
The Orange BookLeast Privilege and LUAsRights and Permissions
Access Models: Identification, Authentication, Authorization, ACLs, and More
Windows Server 2012, Windows Server 2016, and Windows Server 2019 Dynamic Access Control
User Account ControlSharing SIDs and SATsManaged Service AccountsKerberos
Windows Objects and Access Controls
Windows DACLsDACL Advanced Permissions
SIDs, Globally Unique Identifiers, and Class Identifiers
Calculating Microsoft Windows Access Permissions
Auditing and Tracking Windows Access
Expression-Based Security Audit Policy (Windows Server 2012 and Newer)
Microsoft Windows Access Management Tools
Cacls.exeIcacls.exe
Best Practices for Microsoft Windows Access Control
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 3 ASSESSMENT
CHAPTER 4 Microsoft Windows Encryption Tools and Technologies
Encryption Methods Microsoft Windows Supports
Encrypting File System, BitLocker, and BitLocker To Go
Encrypting File SystemBitLockerBitLocker To Go
Enabling File-, Folder-, and Volume-Level Encryption
Enabling EFSEnabling BitLockerEnabling BitLocker To Go
Encryption in Communications
Encryption Protocols in Microsoft Windows
TLSIPSecVirtual Private NetworkWireless Security
Microsoft Windows and Security Certificates
Public Key Infrastructure
Best Practices for Windows Encryption Techniques
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 4 ASSESSMENT
CHAPTER 5 Protecting Microsoft Windows against Malware
The Purpose of Malware
Types of Malware
VirusWormTrojan HorseRootkitSpywareRansomwareMalware Type Summary
Anti-Malware Software
Antivirus SoftwareAnti-Spyware Software
Malware Mitigation Techniques
Importance of Updating Your Software
Maintaining a Malware-Free Environment
Scanning and Auditing Malware
Tools and Techniques for Removing Malware
Malware Prevention Best Practices
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 5 ASSESSMENT
CHAPTER 6 Group Policy Control in Microsoft Windows
Group Policy and Group Policy Objects
Group Policy Settings
GPO Linking
Making Group Policy Conform to Security Policy
Security ResponsibilitySecurity Policy and Group PolicyGroup Policy Targets
Types of GPOs in the Registry
Local Group Policy EditorGPOs in the Registry Editor
Types of GPOs in Active Directory
Group Policy Management ConsoleGPOs on the Domain Controller
Designing, Deploying, and Tracking Group Policy Controls
GPO Application OrderSecurity FiltersGPO Windows Management Instrumentation FiltersDeploying Group Policy
Auditing and Managing Group Policy
Group Policy InventoryAnalyzing the Effect of GPOs
Best Practices for Microsoft Windows Group Policy and Processes
Group Policy Design Guidelines
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 6 ASSESSMENT
CHAPTER 7 Microsoft Windows Security Profile and Audit Tools
Profiling Microsoft Windows Security
ProfilingProfiling Windows Computers
Microsoft Baseline Security Analyzer
MBSA Graphical User InterfaceMBSA Command-Line Interface
OpenVAS
Nessus Essentials
Burp Suite Web Vulnerability Scanner
Microsoft Windows Security Audit
Microsoft Windows Security Audit Tools
Best Practices for Microsoft Windows Security Audits
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 7 ASSESSMENT
CHAPTER 8 Microsoft Windows Backup and Recovery Tools
Microsoft Windows Operating System and Application Backup and Recovery
The Need for BackupsThe Backup ProcessThe Restore Process
Workstation, Server, Network, and Cloud Backup Techniques
Workstation BackupsServer BackupsNetwork BackupsCloud Backups
Microsoft Windows and Application Backup and Recovery in a Business Continuity Setting
Disaster Recovery PlanBusiness Continuity PlanWhere a Restore Fits In
Microsoft Windows Backup and Restore Utility
Restoring with the Windows Backup and Restore Utility
Restoring with the Windows Server Recovery Utility
Rebuilding Systems from Bare Metal
Managing Backups with Virtual Machines
Best Practices for Microsoft Windows Backup and Recovery
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 8 ASSESSMENT
CHAPTER 9 Microsoft Windows Network Security
Network Security
Network Security Controls
Principles of Microsoft Windows Network Security
Common Network ComponentsConnection MediaNetworking DevicesServer Computers and Services Devices
Microsoft Windows Security Protocols and Services
Securing Microsoft Windows Environment Network Services
Service UpdatesService AccountsNecessary Services
Securing Microsoft Windows Wireless Networking
Microsoft Windows Workstation Network Security
User Authorization and AuthenticationMalicious Software ProtectionOutbound Traffic Filtering
Microsoft Windows Server Network Security
Authentication and AuthorizationMalicious Software ProtectionNetwork Traffic Filtering
Internal Network and Cloud Security
IPv4 versus IPv6Cloud Computing
Best Practices for Microsoft Windows Network Security
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 9 ASSESSMENT
CHAPTER 10 Microsoft Windows Security Administration
Security Administration Overview
The Security Administration CycleSecurity Administration Tasks
Maintaining the C-I-A Triad in the Microsoft Windows OS World
Maintaining ConfidentialityMaintaining IntegrityMaintaining Availability
Microsoft Windows OS Security Administration
Firewall AdministrationPerformance MonitorBackup AdministrationOperating System Service Pack AdministrationGroup Policy AdministrationDACL AdministrationEncryption AdministrationAnti-Malware Software Administration
Ensuring Due Diligence and Regulatory Compliance
Due Diligence
The Need for Security Policies, Standards, Procedures, and Guidelines
Best Practices for Microsoft Windows OS Security Administration
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 10 ASSESSMENT
CHAPTER 11 Hardening the Microsoft Windows Operating System
Understanding the Hardening Process and Mindset
Strategies to Secure Windows ComputersInstall Only What You NeedSecurity Compliance ToolkitManually Disabling and Removing Programs and Services
Hardening Microsoft Windows Operating System Authentication
Hardening the Network Infrastructure
Securing Directory Information and Operations
Hardening Microsoft Windows OS Administration
Hardening Microsoft Servers and Client Computers
Hardening Server Computers
Hardening Workstation Computers
Hardening Data Access and Controls
Hardening Communications and Remote Access
Authentication ServersVPNs and Encryption
Hardening PKI
User Security Training and Awareness
Best Practices for Hardening Microsoft Windows OS and Applications
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 11 ASSESSMENT
CHAPTER 12 Microsoft Application Security
Principles of Microsoft Application Security
Common Application Software AttacksHardening Applications
Securing Key Microsoft Client Applications
Web Browser
Email ClientProductivity SoftwareFile Transfer SoftwareAppLocker
Securing Key Microsoft Server Applications
Web ServerEmail ServerDatabase ServerEnterprise Resource Planning SoftwareLine of Business SoftwareCloud-Based Software
Case Studies in Microsoft Application Security
Best Practices for Securing Microsoft Windows Applications
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 12 ASSESSMENT
CHAPTER 13 Microsoft Windows Incident Handling and Management
Understanding and Handling Security Incidents Involving Microsoft Windows OS and Applications
Formulating an Incident Response Plan
Plan Like a Pilot
Plan for Anything that Could Cause Loss or Damage
Build the CSIRTPlan for CommunicationPlan SecurityRevision ProceduresPlan Testing
Handling Incident Response
PreparationIdentificationContainmentEradicationRecoveryLessons Learned
Incident Handling and Management Tools for Microsoft Windows and Applications
Investigating Microsoft Windows and Applications Incidents
Acquiring and Managing Incident Evidence
Types of EvidenceChain of CustodyEvidence Collection Rules
Best Practices for Handling Microsoft Windows OS and Applications Incidents and Investigations
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 13 ASSESSMENT
CHAPTER 14 Microsoft Windows and the Security Life Cycle
Understanding Traditional System Life Cycle Phases
Agile Software Development
Managing Microsoft Windows OS and Application Software Security
Developing Secure Microsoft Windows OS and Application Software
Implementing, Evaluating, and Testing Microsoft Windows OS and Application Software Security
Maintaining the Security of Microsoft Windows OS and Application Software
Microsoft Windows OS and Application Software Revision, Change Management, and End-of-Life Phaseout
Software Development Areas of DifficultySoftware ControlSoftware Configuration Management
Best Practices for Microsoft Windows and Application Software Development Security Investigations
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 14 ASSESSMENT
CHAPTER 15 Best Practices for Microsoft Windows and Application Security
Basic Rules of Microsoft Windows OS and Application Security
Administrative best practicesTechnical best practices
Audit and Remediation Cycles
Security Policy Conformance Checks
Security Baseline Analysis
OS and Application Checks and Upkeep
Network Management Tools and Policies
Software Testing, Staging, and Deployment
Compliance/Currency Tests on Network Entry
Trends in Microsoft Windows OS and Application Security Management
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 15 ASSESSMENT
APPENDIX A Answer Key
APPENDIX B Standard Acronyms
Glossary of Key Terms
References
Index

Content preview from Security Strategies in Windows Platforms and Applications, 3rd Edition

Audit and Remediation Cycles

Once you’ve covered the basics, you can move on to start addressing more advanced concerns. Don’t assume that covering the basics once is enough. Auditing the status of your security controls and planning to fix any problems you find is an ongoing, necessary process. The Deming cycle provides a simple model on which to base your security administration. Auditing is a critical part of the cycle. The Deming cycle is also known as the Plan-Do-Check-Act (PDCA) process. The name comes from each of the four steps in the process:

Plan—Establish your objectives and processes to meet a stated goal. In the context of routine auditing, the goal should be to assess specific security controls.
Do—Implement the process you ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

The .NET Developer's Guide to Windows Security

Publisher Resources

ISBN: 9781284175639

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Security Strategies in Windows Platforms and Applications, 3rd Edition

by Michael G. Solomon

Audit and Remediation Cycles

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

The .NET Developer's Guide to Windows Security

Access Control, Authentication, and Public Key Infrastructure, 2nd Edition

Cybersecurity - Attack and Defense Strategies

Microsoft System Center Endpoint Protection Cookbook - Second Edition

Publisher Resources