Hack Proofing Windows 2000 Server
- 1st Edition - December 1, 2001
- Author: Syngress
- Language: English
- Paperback ISBN:9 7 8 - 1 - 9 3 1 8 3 6 - 4 9 - 4
- eBook ISBN:9 7 8 - 0 - 0 8 - 0 4 7 8 1 4 - 2
The complete, authoritative guide to protecting your Windows 2000 Network"Essential reading for your IT security organization." -Deena Joyce, Director of Information Technology and… Read more
The complete, authoritative guide to protecting your Windows 2000 Network
"Essential reading for your IT security organization." -Deena Joyce, Director of Information Technology and Network Security, Casino Magic
Pick up a newspaper or watch the evening news and you will find a major news story involving a breech of network security. Windows 2000, as the premier network platform, has many important security features but they are difficult to configure and manage. Hack Proofing Windows 2000 Server has totally up-to-date coverage of Service Pack 2 (SP2), Kerberos and Public Key Infrastructure and also addresses newer topics such as Virtual Private Networks (VPNs), remote access and web site security. The book also has complete coverage of Internet Information Server (IIS) release 5.
"Essential reading for your IT security organization." -Deena Joyce, Director of Information Technology and Network Security, Casino Magic
Pick up a newspaper or watch the evening news and you will find a major news story involving a breech of network security. Windows 2000, as the premier network platform, has many important security features but they are difficult to configure and manage. Hack Proofing Windows 2000 Server has totally up-to-date coverage of Service Pack 2 (SP2), Kerberos and Public Key Infrastructure and also addresses newer topics such as Virtual Private Networks (VPNs), remote access and web site security. The book also has complete coverage of Internet Information Server (IIS) release 5.
A great addition to the bestselling "Hack Proofing..." series
Windows 2000 sales have surpassed those of Windows NT
Critical topic. The security of an organization's data and communications is crucial to its survival and these topics are notoriously difficult to grasp
Unrivalled web support at [email protected]
Windows 2000 sales have surpassed those of Windows NT
Critical topic. The security of an organization's data and communications is crucial to its survival and these topics are notoriously difficult to grasp
Unrivalled web support at [email protected]
Windows NT administrators, including MCSEs who will be upgrading their skills to Windows 2000, independent network consultants and small businesses running NT networks
Chapter 1 The Windows 2000 Server Security Migration Path
Introduction
Windows 2000 Server Security
Why the Change
Differences in Windows 2000 Server Security
Authentication Limitations
What Is the Same in Windows 2000 Server
Upgrading and Migrating Considerations
How to Begin the Process
Getting Started
Proper Analysis
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 Default Access Control Settings
Introduction
The Administrators Group
The Users Group
The Power Users Group
Configuring Security during Windows 2000 Setup
Default File System and Registry Permissions
Default User Rights
Exercise 2.1 Checking User Rights through the Microsoft Management Console
Default Group Membership
Pre-Windows 2000 Security
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Kerberos Server Authentication
Introduction
Authentication in Windows 2000
Benefits of Kerberos Authentication
Standards for Kerberos Authentication
Extensions to the Kerberos Protocol
Overview of the Kerberos Protocol
Basic Concepts
Subprotocols
Tickets
Kerberos and Windows 2000
Key Distribution Center
Kerberos Policy
Contents of a Microsoft Kerberos Ticket
Delegation of Authentication
Preauthentication
Security Support Providers
Credentials Cache
DNS Name Resolution
UDP and TCP Ports
Authorization Data
Kerberos Tools
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Secure NetworkingUsing Windows 2000 Distributed Security Services
Introduction
The Way We Were: Security in NT
A Whole New World: Distributed Security in Windows 2000
Windows 2000 Distributed Security Services
Active Directory and Security
Advantages of Active Directory Account Management
Relationship between Directory and Security Services
Security Protocols
NTLM Credentials
Kerberos Credentials
Private and Public Key Pairs and Certificates
Other Supported Protocols
Internet Single Sign-On
Internet Security for Windows 2000
Client Authentication with SSL 3.0
Authentication of External Users
Microsoft Certificate Server
CryptoAPI
Interbusiness Access: Distributed Partnership
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 Security Configuration Tool Set
Introduction
Security Configuration Tool Set
Security Configuration Tool Set Components
Security Configurations
Security Configuration and Analysis Database
Security Configuration and Analysis Areas
Security Configuration Tool Set User Interfaces
Configuring Security
Account Policies
Local Policies
Event Log
Restricted Groups
Registry Security
File System Security
System Services Security
Analyzing Security
Group Policy Integration
Security Configuration in Group Policy Objects
The Security Settings Extension to the Group Policy Editor
Additional Security Policies
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 Encrypting the File System for Windows 2000
Introduction
Using the Encrypting File System
Encryption Fundamentals
How EFS Works
User Operations
File Encryption
Assessing an Encrypted File
Copying an Encrypted File
Moving or Renaming an Encrypted File
Decrypting a File
Cipher Utility
Directory Encryption
Recovery Operations
EFS Architecture
EFS Components
The Encryption Process
The EFS File Information
The Decryption Process
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 IP Security for Microsoft Windows 2000 Server
Introduction
Network Encroachment Methodologies
Snooping
Spoofing
Password Compromise
Denial-of-Service Attacks
Man-in-the-Middle Attacks
Application-Directed Attacks
Compromised Key Attacks
IPSec Architecture
Overview of IPSec Cryptographic Services
IPSec Security Services
Security Associations and IPSec Key Management Procedures
Deploying Windows IP Security
Evaluating Information
Determining Required Security Levels
Building Security Policies with Customized IPSec Consoles
Flexible Security Policies
Flexible Negotiation Policies
Filters
Creating a Security Policy
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8 Smart Cards
Introduction
Interoperability
ISO 7816, EMV, and GSM
The PC/SC Workgroup
The Microsoft Approach
Smart Card Base Components
Service Providers
Enhanced Solutions
Client Authentication
Public Key Interactive Logon
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9 Microsoft Windows 2000 Public Key Infrastructure
Introduction
Concepts
Public Key Cryptography
Public Key Functionality
Protecting and Trusting Cryptographic Keys
Windows 2000 PKI Components
Certificate Authorities
Certificate Hierarchies
Deploying an Enterprise CA
Trust in Multiple CA Hierarchies
Installing a Windows 2000 PKI
Exercise 9.1 Installing Certificate Services
Enabling Domain Clients
Generating Keys
Key Recovery
Certificate Enrollment
Renewal
Using Keys and Certificates
Roaming
Revocation
Trust
Public Key Security Policy in Windows 2000
Trusted CA Roots
Certificate Enrollment and Renewal
Smart Card Logon
Applications Overview
Web Security
Secure E-Mail
Digitally Signed Content
Encrypting File System
Smart-Card Logon
IP Security
Preparing for Windows 2000 PKI
Backing Up and Restoring Certificate Services
Exercise 9.9 Backing Up Certificate Services
Exercise 9.10 Restoring Certificate Services
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 10 Supporting Non-Windows 2000 Clients and Servers
Introduction
Authenticating Down-Level Clients
Defining Lan Manager and NT Lan Manager Authentication
Using the Directory Services Client
Deploying NTLM Version 2
Working with UNIX Clients
Installing Services for UNIX
NFS Software
Working with Novell Clients
Client Services for NetWare
Gateway Services for NetWare
Understanding Services for NetWare
Working with Macintosh Clients
Understanding Files Services for Macintosh
Understanding Print Services for Macintosh
Installing File and Print Services for Macintosh
Authenticating Macintosh Clients
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 11 Securing Internet Information Services 5.0
Introduction
Securing the Windows 2000 Server
Installing Internet Information Services 5.0
Exercise 11.1 Uninstalling IIS 5.0
Exercise 11.2 Creating an Answer File for Installing IIS
Securing Internet Information Services 5.0
Setting Web Site, FTP Site, and Folder Permissions
Restricting Access through IP Address and Domain Name Blocking
Configuring Authentication
Examining the IIS Security Tools
Using the Hotfix Checking Tool for IIS 5.0
Using the IIS Security Planning Tool
Using the Windows 2000 Internet Server Security Configuration Tool for IIS 5.0
Auditing IIS
Exercise 11.6 Configuring Auditing for an Organizational Unit
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 12 Using Security-Related Tools
Introduction
Installing the Support Tools
Exercise 12.1 Installing the Support Tools
Installing the Windows 2000 Server Resource Kit
Exercise 12.2 Installing the Windows 2000 Server Resource Kit
Using Application Tools
Using the Application Security Tool
Running the Applications as Services Utility
Using Service Tools
Running the Service Controller Tool
Using ScList
Using the Service Monitoring Tool
Using Registry Tools
Using Registry Backup
Using Registry Restoration
Running the Registry Console Tool
Using Process Tools
Running the Process Viewer
Running the Task List Viewer
Using the Task Killing Utility
Using Process Tree
Using Logging Tools
Using the Event Log Query Tool
Using Trace Logging
Using Trace Dump
Using Reduce Trace Data
Using Permission Tools
Using the Service ACL Editor
Using Permcopy
Running Access Control List Diagnostics
Running DsAcls
Using Group Management Tools
Show Groups
Using Show Members
Using Find Group
Using Miscellaneous Tools
Using Show Privilege
Running Uptime
Using Floppy Lock
Running System Scanner
Summary
Solutions Fast Track
Frequently Asked Questions
Appendix A Port Numbers
Index
- Edition: 1
- Published: December 1, 2001
- Language: English
Read Hack Proofing Windows 2000 Server on ScienceDirect