Hack Proofing Windows 2000 Server - 1st Edition - ISBN: 9781931836494, 9780080478142

Hack Proofing Windows 2000 Server

1st Edition

Authors: Syngress
Paperback ISBN: 9781931836494
eBook ISBN: 9780080478142
Imprint: Syngress
Published Date: 1st November 2001
Page Count: 800
Tax/VAT will be calculated at check-out
51.95
39.95
31.99
51.95
Unavailable
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


Description

The complete, authoritative guide to protecting your Windows 2000 Network "Essential reading for your IT security organization." -Deena Joyce, Director of Information Technology and Network Security, Casino Magic Pick up a newspaper or watch the evening news and you will find a major news story involving a breech of network security. Windows 2000, as the premier network platform, has many important security features but they are difficult to configure and manage. Hack Proofing Windows 2000 Server has totally up-to-date coverage of Service Pack 2 (SP2), Kerberos and Public Key Infrastructure and also addresses newer topics such as Virtual Private Networks (VPNs), remote access and web site security. The book also has complete coverage of Internet Information Server (IIS) release 5.

Key Features

A great addition to the bestselling "Hack Proofing..." series Windows 2000 sales have surpassed those of Windows NT Critical topic. The security of an organization's data and communications is crucial to its survival and these topics are notoriously difficult to grasp Unrivalled web support at www.solutions@syngress.com

Table of Contents


Chapter 1 The Windows 2000 Server Security Migration Path

Introduction

Windows 2000 Server Security

Why the Change

Differences in Windows 2000 Server Security

Authentication Limitations

What Is the Same in Windows 2000 Server

Upgrading and Migrating Considerations

How to Begin the Process

Getting Started

Proper Analysis

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 2 Default Access Control Settings

Introduction

The Administrators Group

The Users Group

The Power Users Group

Configuring Security during Windows 2000 Setup

Default File System and Registry Permissions

Default User Rights

Exercise 2.1 Checking User Rights through the Microsoft Management Console

Default Group Membership

Pre-Windows 2000 Security

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3 Kerberos Server Authentication

Introduction

Authentication in Windows 2000

Benefits of Kerberos Authentication

Standards for Kerberos Authentication

Extensions to the Kerberos Protocol

Overview of the Kerberos Protocol

Basic Concepts

Subprotocols

Tickets

Kerberos and Windows 2000

Key Distribution Center

Kerberos Policy

Contents of a Microsoft Kerberos Ticket

Delegation of Authentication

Preauthentication

Security Support Providers

Credentials Cache

DNS Name Resolution

UDP and TCP Ports

Authorization Data

Kerberos Tools

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4 Secure NetworkingUsing Windows 2000 Distributed Security Services

Introduction

The Way We Were: Security in NT

A Whole New World: Distributed Security in Windows 2000

Windows 2000 Distributed Security Services

Active Directory and Security

Advantages of Active Directory Account Management

Relationship between Directory and Security Services

Security Protocols

NTLM Credentials

Kerberos Credentials

Private and Public Key Pairs and Certificates

Other Supported Protocols

Internet Single Sign-On

Internet Security for Windows 2000

Client Authentication with SSL 3.0

Authentication of External Users

Microsoft Certificate Server

CryptoAPI

Interbusiness Access: Distributed Partnership

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 5 Security Configuration Tool Set

Introduction

Security Configuration Tool Set

Security Configuration Tool Set Components

Security Configurations

Security Configuration and Analysis Database

Security Configuration and Analysis Areas

Security Configuration Tool Set User Interfaces

Configuring Security

Account Policies

Local Policies

Event Log

Restricted Groups

Registry Security

File System Security

System Services Security

Analyzing Security

Group Policy Integration

Security Configuration in Group Policy Objects

The Security Settings Extension to the Group Policy Editor

Additional Security Policies

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 6 Encrypting the File System for Windows 2000

Introduction

Using the Encrypting File System

Encryption Fundamentals

How EFS Works

User Operations

File Encryption

Assessing an Encrypted File

Copying an Encrypted File

Moving or Renaming an Encrypted File

Decrypting a File

Cipher Utility

Directory Encryption

Recovery Operations

EFS Architecture

EFS Components

The Encryption Process

The EFS File Information

The Decryption Process

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7 IP Security for Microsoft Windows 2000 Server

Introduction

Network Encroachment Methodologies

Snooping

Spoofing

Password Compromise

Denial-of-Service Attacks

Man-in-the-Middle Attacks

Application-Directed Attacks

Compromised Key Attacks

IPSec Architecture

Overview of IPSec Cryptographic Services

IPSec Security Services

Security Associations and IPSec Key Management Procedures

Deploying Windows IP Security

Evaluating Information

Determining Required Security Levels

Building Security Policies with Customized IPSec Consoles

Flexible Security Policies

Flexible Negotiation Policies

Filters

Creating a Security Policy

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 8 Smart Cards

Introduction

Interoperability

ISO 7816, EMV, and GSM

The PC/SC Workgroup

The Microsoft Approach

Smart Card Base Components

Service Providers

Enhanced Solutions

Client Authentication

Public Key Interactive Logon

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 9 Microsoft Windows 2000 Public Key Infrastructure

Introduction

Concepts

Public Key Cryptography

Public Key Functionality

Protecting and Trusting Cryptographic Keys

Windows 2000 PKI Components

Certificate Authorities

Certificate Hierarchies

Deploying an Enterprise CA

Trust in Multiple CA Hierarchies

Installing a Windows 2000 PKI

Exercise 9.1 Installing Certificate Services

Enabling Domain Clients

Generating Keys

Key Recovery

Certificate Enrollment

Renewal

Using Keys and Certificates

Roaming

Revocation

Trust

Public Key Security Policy in Windows 2000

Trusted CA Roots

Certificate Enrollment and Renewal

Smart Card Logon

Applications Overview

Web Security

Secure E-Mail

Digitally Signed Content

Encrypting File System

Smart-Card Logon

IP Security

Preparing for Windows 2000 PKI

Backing Up and Restoring Certificate Services

Exercise 9.9 Backing Up Certificate Services

Exercise 9.10 Restoring Certificate Services

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 10 Supporting Non-Windows 2000 Clients and Servers

Introduction

Authenticating Down-Level Clients

Defining Lan Manager and NT Lan Manager Authentication

Using the Directory Services Client

Deploying NTLM Version 2

Working with UNIX Clients

Installing Services for UNIX

NFS Software

Working with Novell Clients

Client Services for NetWare

Gateway Services for NetWare

Understanding Services for NetWare

Working with Macintosh Clients

Understanding Files Services for Macintosh

Understanding Print Services for Macintosh

Installing File and Print Services for Macintosh

Authenticating Macintosh Clients

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 11 Securing Internet Information Services 5.0

Introduction

Securing the Windows 2000 Server

Installing Internet Information Services 5.0

Exercise 11.1 Uninstalling IIS 5.0

Exercise 11.2 Creating an Answer File for Installing IIS

Securing Internet Information Services 5.0

Setting Web Site, FTP Site, and Folder Permissions

Restricting Access through IP Address and Domain Name Blocking

Configuring Authentication

Examining the IIS Security Tools

Using the Hotfix Checking Tool for IIS 5.0

Using the IIS Security Planning Tool

Using the Windows 2000 Internet Server Security Configuration Tool for IIS 5.0

Auditing IIS

Exercise 11.6 Configuring Auditing for an Organizational Unit

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 12 Using Security-Related Tools

Introduction

Installing the Support Tools

Exercise 12.1 Installing the Support Tools

Installing the Windows 2000 Server Resource Kit

Exercise 12.2 Installing the Windows 2000 Server Resource Kit

Using Application Tools

Using the Application Security Tool

Running the Applications as Services Utility

Using Service Tools

Running the Service Controller Tool

Using ScList

Using the Service Monitoring Tool

Using Registry Tools

Using Registry Backup

Using Registry Restoration

Running the Registry Console Tool

Using Process Tools

Running the Process Viewer

Running the Task List Viewer

Using the Task Killing Utility

Using Process Tree

Using Logging Tools

Using the Event Log Query Tool

Using Trace Logging

Using Trace Dump

Using Reduce Trace Data

Using Permission Tools

Using the Service ACL Editor

Using Permcopy

Running Access Control List Diagnostics

Running DsAcls

Using Group Management Tools

Show Groups

Using Show Members

Using Find Group

Using Miscellaneous Tools

Using Show Privilege

Running Uptime

Using Floppy Lock

Running System Scanner

Summary

Solutions Fast Track

Frequently Asked Questions

Appendix A Port Numbers

Index




Details

No. of pages:
800
Language:
English
Copyright:
© Syngress 2001
Published:
Imprint:
Syngress
eBook ISBN:
9780080478142

About the Author