Book description
Written by two veteran Windows security experts—one a Microsoft Security MVP and Foundstone Security Consultant, and the other a former senior member of Microsoft's Security Engineering Team—this essential resource prepares end users and technical administrators to handle various security problems that exist in Windows Vista as well as possible future threats. Offering in-depth coverage of all significant new security technologies in Windows Vista, this book addresses User Account Control, the new Firewall, Internet Explorer 7.0, Windows Defender, Service Hardening, and BitLocker.
Table of contents
- Copyright
- About the Authors
- Credits
- Foreword
- Acknowledgments
-
Introduction
- Overview of the Book and Technology
-
How This Book Is Organized
- Chapter 1, "New Security Features"
- Chapter 2, "How Hackers Attack"
- Chapter 3, "Windows Infrastructure"
- Chapter 4, "User Account Control"
- Chapter 5, "Managing Access Control"
- Chapter 6, "Application Security"
- Chapter 7, "Vista Client Protection"
- Chapter 8, "Securing Internet Explorer"
- Chapter 9, "Introducing IIS 7"
- Chapter 10, "Protecting E-mail"
- Chapter 11, "Managing Windows Firewall"
- Chapter 12, "Server and Domain Isolation"
- Chapter 13, "Wireless Security"
- Chapter 14, "Using Group Policy"
- Chapter 15 "Thinking About Security"
- Appendixes
- Who Should Read This Book
- Tools You Will Need
- What's on the Web Site
- Summary
-
I. Introducing Windows Vista
-
1. New Security Features
- 1.1. Security Development Lifecycle
- 1.2. Improved C++ Security
- 1.3. Address Space Layout Randomization
- 1.4. Data Execution Protection
- 1.5. Protected Processes
- 1.6. Windows Vista User Experience
-
1.7. Host-Based Security
- 1.7.1. Boot Changes
- 1.7.2. Security Defaults
- 1.7.3. Windows Defender
- 1.7.4. Malicious Software Removal Tool
- 1.7.5. Improved Logon Architecture
- 1.7.6. Service Hardening
- 1.7.7. Enhanced Device Driver Experience
- 1.7.8. User Account Control
- 1.7.9. Secure Desktop
- 1.7.10. Mandatory Integrity Control
- 1.7.11. Improved File, Folder, and Registry Protection
- 1.7.12. Encryption Enhancements
- 1.7.13. Improved Patch Management
- 1.7.14. Hot Patching and Restart Manager
- 1.7.15. Improved Event Logs
- 1.7.16. Subscription and Forwarded Events
- 1.7.17. Task Manager
- 1.7.18. Increased Emphasis on Backup
- 1.8. Securing E-mail and the Internet
- 1.9. Securing Windows Networks
- 1.10. Group Policy
- 1.11. 64-bit Only Improvements
- 1.12. Future Improvements
- 1.13. Summary
- 1.14. Best Practices
-
2. How Hackers Attack
-
2.1. Malicious Exploitation
- 2.1.1. Eight Exploitation Techniques
- 2.1.2. Logon Credential Guessing/Cracking
- 2.1.3. Buffer Overflow
- 2.1.4. Metasploit Framework
- 2.1.5. OS or Application Vulnerability
- 2.1.6. OS or Application Misconfiguration
- 2.1.7. Eavesdropping/Man-in-the-Middle Attack
- 2.1.8. Denial of Service Attack
- 2.1.9. Client-Side Attack
- 2.1.10. Social Engineering
- 2.1.11. Dedicated Hacker Methodology
- 2.1.12. Automated Malware
- 2.2. Where Windows Malware Hides
- 2.3. Why Malicious Hackers Hack
- 2.4. Summary
-
2.1. Malicious Exploitation
- 3. Windows Infrastructure
-
1. New Security Features
-
II. Host-Based Security
-
4. User Account Control
- 4.1. Introduction
- 4.2. Basics
- 4.3. The Case for Least Privilege
- 4.4. Admins Are Omnipotent
- 4.5. User Account Control Is More Than You Think
- 4.6. UAC and Remote Access
-
4.7. UAC Policy Configuration
- 4.7.1. User Account Control: AdminApproval Mode for the Built-in Administrator Account
- 4.7.2. User Account Control: Behavior of the Elevation Prompt for Administrators in Admin Approval Mode
- 4.7.3. User Account Control: Behavior of the Elevation Prompt for Standard Users
- 4.7.4. User Account Control: Detect Application Installations and Prompt for Elevation
- 4.7.5. User Account Control: Only Elevate Executables that Are Signed and Validated
- 4.7.6. User Account Control: Only Elevate UIAccess Applications that Are Installed in Secure Locations
- 4.7.7. User Account Control: Run All Administrators in Admin Approval Mode
- 4.7.8. User Account Control: Switch to the Secure Desktop when Prompting for Elevation
- 4.7.9. User Account Control: Virtualize File and Registry Write Failures to Per-User Locations
-
4.8. Frequently Asked Questions About UAC
- 4.8.1. Why Can't I Access My Files?
- 4.8.2. Why Can't I Delete Stuff If I Elevate Windows Explorer?
- 4.8.3. How Do I Disable UAC?
- 4.8.4. What Happens If I Turn Off UAC?
- 4.8.5. What Access Do Low Processes Have to High Processes?
- 4.8.6. Why Does the Screen Have to Go Black?
- 4.8.7. I Don't Need UAC; Can I Just Enable It for Other Users?
- 4.8.8. What About Remote Access?
- 4.8.9. Why Isn't UAC More Like Sudo?
- 4.8.10. How Do I Audit Elevation?
- 4.9. Leveraging User Account Control in Applications
- 4.10. Summary
- 4.11. Best Practices
-
5. Managing Access Control
- 5.1. Access Control Terminology
- 5.2. How an Access Control List Is Used
- 5.3. Major Access Control List Changes in Vista
- 5.4. Tools to Manage Access Control Lists
- 5.5. Registry ACLs
- 5.6. Summary
- 5.7. Best Practices
- 6. Application Security
- 7. Vista Client Protection
-
4. User Account Control
-
III. Securing Internet and E-mail Access
-
8. Securing Internet Explorer
- 8.1. Should You Use Another Browser?
- 8.2. New IE 7.0 Security Features
-
8.3. Internet Explorer Security Settings
- 8.3.1. Security Zones
-
8.3.2. Zone Security Settings
- 8.3.2.1. .NET Framework – Loose XAML
- 8.3.2.2. .NET Framework – XAML Browser Applications
- 8.3.2.3. .NET Framework – XPS Documents
- 8.3.2.4. .NET Framework–Reliant Components – Run Components Not Signed with Authenticode
- 8.3.2.5. .NET Framework–Reliant Components – Run Components Signed with Authenticode
- 8.3.2.6. ActiveX Controls and Plug-Ins – Allow Previously Unused ActiveX Controls to Run Without Prompting
- 8.3.2.7. ActiveX Controls and Plug-Ins – Allow Scriptlets
- 8.3.2.8. ActiveX Controls and Plug-Ins – Automatic Prompting for ActiveX Controls
- 8.3.2.9. ActiveX Controls and Plug-Ins – Binary and Script Behaviors
- 8.3.2.10. ActiveX Controls and Plug-Ins – Display Video and Animation on a Web Page That Does Not Use External Media Player
- 8.3.2.11. ActiveX Controls and Plug-Ins – Download Signed ActiveX Controls
- 8.3.2.12. ActiveX Controls and Plug-Ins – Download Unsigned ActiveX Controls
- 8.3.2.13. ActiveX Controls and Plug-Ins – Initialize and Script ActiveX Controls Not Marked as Safe for Scripting
- 8.3.2.14. ActiveX Controls and Plug-Ins – Run ActiveX Controls and Plug-Ins
- 8.3.2.15. ActiveX Controls and Plug-Ins – Script ActiveX Controls Marked Safe for Scripting
- 8.3.2.16. Downloads – Automatic Prompting for File Downloads
- 8.3.2.17. Downloads – File Download
- 8.3.2.18. Downloads – Font Download
- 8.3.2.19. Enable .Net Framework Setup
- 8.3.2.20. Java VM-Java Permissions
- 8.3.2.21. Miscellaneous – Access Data Sources Across Domains
- 8.3.2.22. Miscellaneous – Allow META REFRESH
- 8.3.2.23. Miscellaneous – Allow Scripting of Internet Explorer Web Browser Control
- 8.3.2.24. Miscellaneous – Allow Script-Initiated Windows Without Size or Position Constraints
- 8.3.2.25. Miscellaneous – Allow Web Pages to Use Restricted Protocols for Active Content
- 8.3.2.26. Miscellaneous – Allow Websites to Open Windows Without Address or Status Bars
- 8.3.2.27. Miscellaneous – Display Mixed Content
- 8.3.2.28. Miscellaneous – Don't Prompt for Client Certificate Selection When No Certificates or Only One Certificate Exists
- 8.3.2.29. Miscellaneous – Drag and Drop or Copy and Paste Files
- 8.3.2.30. Miscellaneous – Include Local Directory Path When Uploading Files to a Server
- 8.3.2.31. Miscellaneous – Installation of Desktop Items
- 8.3.2.32. Miscellaneous – Launching Applications and Unsafe Files
- 8.3.2.33. Miscellaneous – Launching Programs and Files in an Iframe
- 8.3.2.34. Miscellaneous – Navigate Sub-Frames Across Different Domains
- 8.3.2.35. Miscellaneous – Open Files Based on Content, Not File Extension
- 8.3.2.36. Miscellaneous – Software Channel Permissions
- 8.3.2.37. Miscellaneous – Submit Non-Encrypted Form Data
- 8.3.2.38. Miscellaneous – Use Phishing Filter
- 8.3.2.39. Miscellaneous – Use Pop-Up Blocker
- 8.3.2.40. Miscellaneous – Userdata Persistence
- 8.3.2.41. Miscellaneous – Web Sites in Less Privileged Web Content Zone Can Navigate into This Zone
- 8.3.2.42. Scripting – Active Scripting
- 8.3.2.43. Scripting – Allow Programmatic Clipboard Access
- 8.3.2.44. Scripting – Allow Status Bar Updates Via Script
- 8.3.2.45. Scripting – Allow Websites to Prompt for Information Using Scripted Window
- 8.3.2.46. Scripting – Scripting of Java Applets
- 8.3.2.47. User Authentication
-
8.3.3. IE Advanced Settings
- 8.3.3.1. Browsing – Disable Script Debugging (Internet Explorer or Other)
- 8.3.3.2. Browsing – Display a Notification About Every Script Error
- 8.3.3.3. Browsing – Enable Third-Party Extensions
- 8.3.3.4. Browsing – Use Inline Autocomplete
- 8.3.3.5. International – Send UTF-8 URLS
- 8.3.3.6. Java (or Java-Sun) – Use JRE x.x for <applet>
- 8.3.3.7. Security – Allow Active Content from CDs to Run on My Computer
- 8.3.3.8. Security – Allow Active Content to Run in Files on My Computer
- 8.3.3.9. Security – Allow Software to Run or Install Even If the Signature Is Invalid
- 8.3.3.10. Security – Check for Publisher's Certificate Revocation
- 8.3.3.11. Security – Check for Server Certificate Revocation
- 8.3.3.12. Security – Check for Signatures on Downloaded Programs
- 8.3.3.13. Security – Do Not Save Encrypted Pages to Disk
- 8.3.3.14. Security – Empty Temporary Internet Files Folder When Browser Is Closed
- 8.3.3.15. Enable Memory Protection to Help Mitigate Online Attacks
- 8.3.3.16. Security – Enable Integrated Windows Authentication
- 8.3.3.17. Security – Phishing Filter Settings
- 8.3.3.18. Security – Use SSL 2.0, SSL 3.0, TLS 1.0
- 8.3.3.19. Security – Warn About Invalid Site Certificates
- 8.3.3.20. Security – Warn If Changing Between Secure and Not Secure Mode
- 8.3.3.21. Security – Warn If Forms Submittal Is Being Redirected
- 8.3.4. Other Browser Recommendations
- 8.4. Will Internet Explorer 7 Be Hacked A Lot?
- 8.5. Summary
- 8.6. Best Practices
-
9. Introducing IIS 7
- 9.1. Web Server Threats
- 9.2. Introduction to IIS
- 9.3. New IIS Features
- 9.4. Installing IIS 7
- 9.5. IIS Components
- 9.6. IIS Protocol Listeners
- 9.7. Worker Processes, Application Pools, and Identities
- 9.8. IUSR and IIS_USRS
- 9.9. IIS Administration
- 9.10. IIS Authentication
- 9.11. Web Server Access Control Permissions
-
9.12. Defending IIS
- 9.12.1. Step Summary
- 9.12.2. Configuring Network/Perimeter Security
- 9.12.3. Ensuring Physical Security
- 9.12.4. Installing Updated Hardware Drivers
- 9.12.5. Installing an Operating System
- 9.12.6. Configuring a Host Firewall
- 9.12.7. Configuring Remote Administration
- 9.12.8. Installing IIS in a Minimal Configuration
- 9.12.9. Installing Patches
- 9.12.10. Hardening the Operating System
- 9.12.11. Configuring and Tightening IIS
- 9.12.12. Securing Web Sites
- 9.12.13. Cleaning and Testing
- 9.12.14. Installing and Securing Applications
- 9.12.15. Conducting Penetration Tests
- 9.12.16. Deploying to Production
- 9.12.17. Monitoring Log Files
- 9.13. Summary
- 10. Protecting E-mail
-
8. Securing Internet Explorer
-
IV. Securing Windows Networks
- 11. Managing Windows Firewall
- 12. Server and Domain Isolation
-
13. Wireless Security
- 13.1. Wi-Fi Terminology and Technologies
- 13.2. Wireless Threats
- 13.3. New Wireless Improvements in Vista
- 13.4. Securing Wireless Networks
- 13.5. Summary
- 13.6. Best Practices
-
V. Group Policy and Best Practices
-
14. Using Group Policy
- 14.1. New Group Policy Features
- 14.2. Updated Group Policy Features
- 14.3. New or Updated Group Policy Settings
- 14.4. Settings That Require Reboot or Logon
- 14.5. Windows Vista Security Guide
- 14.6. Active Directory Schema Updates
- 14.7. Managing Group Policy in a Mixed Environment
- 14.8. Rollout Strategy
- 14.9. Summary
- 14.10. Best Practices
-
15. Thinking about Security
- 15.1. It Still Comes Down to Risk Management
- 15.2. The Three-Step Approach to Security
- 15.3. Wetware
- 15.4. Summary
- 15.5. Best Practices
-
14. Using Group Policy
- A. Building a Windows PE Boot Disk
-
B. References
Product information
- Title: WINDOWS VISTA™ SECURITY: Securing Vista Against Malicious Attacks
- Author(s):
- Release date: July 2007
- Publisher(s): Wiley
- ISBN: 9780470101551
You might also like
book
Windows Server® 2008 Security Resource Kit
Visit the catalog page for Microsoft® Windows Server 2008™ Security Resource KitVisit the errata page for …
book
Microsoft® Windows® 2000 Security Handbook
Windows 2000 Security Handbook covers NTFS fault tolerance, Kerberos authentication, Windows 2000 intruder detection and writing …
book
Windows 7 Portable Command Guide: MCTS 70-680, and MCITP 70-685 and 70-686
With hundreds of Windows 7 OS commands, options, and command arguments to remember, a MCTS 70-680, …
book
Microsoft® Windows® Internals: Microsoft Windows Server™ 2003, Windows XP, and Windows 2000, 4th Edition
The premier guide to the Windows kernel now covers Windows Server 2003, Windows XP, and Windows …