Back to School Savings: Save up to 30% on print books and eBooks. No promo code needed.

Back to School Savings: Save up to 30%

Seven Deadliest Microsoft Attacks

1st Edition - March 1, 2010

Authors: Rob Kraus, Naomi Alpern, Brian Barber, Mike Borkin

Paperback ISBN:

9 7 8 - 1 - 5 9 7 4 9 - 5 5 1 - 6

eBook ISBN:

9 7 8 - 1 - 5 9 7 4 9 - 5 5 2 - 3

Seven Deadliest Microsoft Attacks explores some of the deadliest attacks made against Microsoft software and networks and how these attacks can impact the confidentiality,… Read more

Image - Seven Deadliest Microsoft Attacks

Purchase Options

Save 50% on book bundles

Immediately download your ebook while waiting for your print delivery. No promo code is needed.

Seven Deadliest Microsoft Attacks explores some of the deadliest attacks made against Microsoft software and networks and how these attacks can impact the confidentiality, integrity, and availability of the most closely guarded company secrets. If you need to keep up with the latest hacks, attacks, and exploits effecting Microsoft products, this book is for you. It pinpoints the most dangerous hacks and exploits specific to Microsoft applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable.The book consists of seven chapters that cover the seven deadliest attacks against Microsoft software and networks: attacks against Windows passwords; escalation attacks; stored procedure attacks; mail service attacks; client-side ActiveX and macro attacks; Web service attacks; and multi-tier attacks. Each chapter provides an overview of a single Microsoft software product, how it is used, and some of the core functionality behind the software. Furthermore, each chapter explores the anatomy of attacks against the software, the dangers of an attack, and possible defenses to help prevent the attacks described in the scenarios.This book will be a valuable resource for those responsible for oversight of network security for either small or large organizations. It will also benefit those interested in learning the details behind attacks against Microsoft infrastructure, products, and services; and how to defend against them. Network administrators and integrators will find value in learning how attacks can be executed, and transfer knowledge gained from this book into improving existing deployment and integration practices.

Acknowledgments

About the Authors

Introduction

Chapter 1 Windows Operating System – Password Attacks

    Windows Passwords Overview

         Security Accounts Manager

         System Key (SYSKEY)

         LAN Manager Hash

         NT Hash

         LSA Secrets

         Password and Lockout Policies

    How Windows Password Attacks Work

    Dangers with Windows Password Attacks

         Scenario 1: Obtaining Password Hashes

         Scenario 2: Pass the Hash

         Scenario 3: Timed Attacks to Circumvent Lockouts

         Scenario 4: LSA Secrets

    Future of Windows Password Attacks

    Defenses against Windows Password Attacks

         Defense-in-Depth Approach

         Microsoft and Third-Party Software Patching

         Logical Access Controls

         Logging Security Events

         Implementing Password and Lockout Policies

         Disable LM Hash Storage for Domain and Local Systems

         SYSKEY Considerations

    Summary

Chapter 2 Active Directory – Escalation of Privilege

    Escalation of Privileges Attack Anatomy

    Dangers with Privilege Escalation Attacks

         Scenario 1: Escalation through Batch Scripts

         Scenario 2: Attacking Customer Confidence

         Scenario 3: Horizontal Escalation

    Future of Privilege Escalation Attacks

    Defenses against Escalation of Privilege Attacks

         First Defensive Layer: Stop the Enemy at the Gate

         Second Defensive Layer: Privileges Must Be Earned

         Third Defensive Layer: Set the Rules for the Playground

         Fourth Defensive Layer: You’ll Need That Secret Decoder Ring

    Summary

    Endnotes

Chapter 3 SQL Server – Stored Procedure Attacks

    How Stored Procedure Attacks Work

         Initiating Access

         Accessing Stored Procedures

    Dangers Associated with a Stored Procedure Attack

         Understanding Stored Procedure Vulnerabilities

         Scenario 1: Adding a Local Administrator

         Scenario 2: Keeping Sysadmin-Level Access

         Scenario 3: Attacking with SQL Injection

    The Future of Stored Procedure Attacks

    Defenses against Stored Procedure Attacks

         First Defensive Layer: Eliminating First-Layer Attacks

         Second Defensive Layer: Reduce the First-Layer Attack Surface

         Third Defensive Layer: Reducing Second-Layer Attacks

         Fourth Defensive Layer: Logging, Monitoring, and Alerting

         Identifying Vital Attack Events

         Fifth Defensive Layer: Limiting the Impacts of Attacks

    Summary

    Endnotes

Chapter 4 Exchange Server – Mail Service Attacks

    How Mail Service Attacks Work

         Mail Flow Architecture

         Attack Points

    Dangers Associated with Mail Service Attacks

         Scenario 1: Directory Harvest Attacks

         Scenario 2: SMTP Auth Attacks

         Scenario 3: Mail Relay Attacks

    The Future of Mail Service Attacks

    Defenses against Mail Service Attacks

         Defense in the Perimeter Network

         Defense on the Internal Network

         Supporting Services

    Summary

Chapter 5 Office – Macros and ActiveX

    Macro and Client-Side Attack Anatomy

         Macro Attacks

         ActiveX Attacks

    Dangers Associated with Macros and ActiveX

         Scenario 1: Metasploit Reverse TCP Connection

         Scenario 2: ActiveX Attack via Malicious Website

    Future of Macro and ActiveX Attacks

    Macro and ActiveX Defenses

         Deploy Network Edge Strategies

         Using Antivirus and Antimalware

         Update Frequently

         Using Office Security Settings

         Working Smart

    Summary

    Endnote

Chapter 6 Internet Information Services – Web Service Attacks

    Microsoft IIS Overview

         File Transfer Protocol Publishing Service

         WebDAV Extension

         ISAPI

    How IIS Attacks Work

    Dangers with IIS Attacks

         Scenario 1: Dangerous HTTP Methods

         Scenario 2: FTP Anonymous Access

         Scenario 3: Directory Browsing

    Future of IIS Attacks

    Defenses Against IIS Attacks

         Disable Unused Services

         Default Configurations

         Account Security

         Patch Management

         Logging

         Segregate IIS

         Penetration Testing

         URLScan

         IIS Lockdown

    Summary

Chapter 7 SharePoint – Multi-tier Attacks

    How Multi-tier Attacks Work

    Multi-tier Attack Anatomy

    Dangers with Multi-tier Attacks

         Scenario 1: Leveraging Operating System Vulnerabilities

         Scenario 2: Indirect Attacks

    How Multi-tier Attacks Will Be Used in the Future

    Defenses against Multi-tier Attacks

         First Defensive Layer: Failure to Plan = Plan to Fail

         Second Defensive Layer: Leave No Hole Unpatched

         Third Defensive Layer: Form the Protective Circle

    Summary

    Endnotes

Index

Rob Kraus

Rob Kraus (CISSP, C|EH, MCSE) is a Senior Security Consultant for Solutionary, Inc. Rob is responsible for organizing customer requirements, on-site project management and client support while ensuring quality and timeliness of Solutionary's products and services.

Rob was previously a Remote Security Services Supervisor with Digital Defense, Inc. He performed offensive-based security assessments consisting of penetration testing, vulnerability assessment, social engineering, wireless and VoIP penetration testing, web application penetration tests and vulnerability research. As a supervisor, Rob was also responsible for leading and managing a team of penetration testers who performed assessment services for Digital Defense's customers.

Rob's background also includes contracting as a security analyst for AT&T during the early stages of the AT&T U-verse service as well as provisioning, optimizing, and testing OC-192 fiber-optic networks while employed with Nortel Networks.

Rob also speaks at information security conferences and universities in an effort to keep the information security community informed of current security trends and attack methodologies.

Affiliations and expertise

CISSP, C|EH, MCSE; Senior Security Consultant for Solutionary, Inc.

Naomi Alpern

Naomi Alpern currently works for Microsoft as a consultant specializing in unified communications. She holds many Microsoft certifications, including an MCSE and MCT, as well as additional industry certifications such as Citrix Certified Enterprise Administrator, Security+, Network+, and A+. Since the start of her technical career she has worked in many facets of the technology world, including IT administration, technical training, and most recently, full-time consulting.

Affiliations and expertise

Consultant, Unified Communications, Microsoft, USA, Citrix Certified Enterprise Administrator, Security+, Network+, A+, MCSE, MCT

Brian Barber

Brian Barber (Linux+, MCSE, MCSA, MCP+I, CNE, CNA-GW) works for the Canada Deposit Insurance Corporation (CDIC) as a project manager and architect for CDIC's IT service management program. He first started using Linux at home with Red Hat 5.1 and since then he has been a staunch advocate of open source software, belonging to the Ottawa Canada Linux User Group (OCLUG) since 2001 and the Ottawa Python Authors Group. His primary areas of interest are operating systems, infrastructure design, multiplatform integration, directory services, and enterprise messaging. In the past he has held the positions of Principal Consultant with Sierra Systems Group Inc., Senior Technical Coordinator at the LGS Group Inc. (now a part of IBM Global Services) and Senior Technical Analyst at MetLife Canada.

Affiliations and expertise

works for the Canada Deposit Insurance Corporation (CDIC) as a project manager and architect for CDIC's IT service management program.

Mike Borkin

Mike Borkin (MCSE, GSEC Gold) is an internationally recognized author and speaker in the area of IT security where he focuses mostly on data protection strategies, Microsoft security, and security architecture/engineering best practices. In addition to contributing articles related to security to magazines and speaking engagements for groups such as SANS and The Open Group in both the US and Europe, Mike is also the Co-Author of Vista Security for Dummies.

Affiliations and expertise

MCSE, GSEC Gold