COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Hack Proofing Windows 2000 Server - 1st Edition - ISBN: 9781931836494, 9780080478142

Hack Proofing Windows 2000 Server

1st Edition

0.0 star rating Write a review
Author: Syngress
eBook ISBN: 9780080478142
Imprint: Syngress
Published Date: 1st November 2001
Page Count: 800
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


The complete, authoritative guide to protecting your Windows 2000 Network "Essential reading for your IT security organization." -Deena Joyce, Director of Information Technology and Network Security, Casino Magic Pick up a newspaper or watch the evening news and you will find a major news story involving a breech of network security. Windows 2000, as the premier network platform, has many important security features but they are difficult to configure and manage. Hack Proofing Windows 2000 Server has totally up-to-date coverage of Service Pack 2 (SP2), Kerberos and Public Key Infrastructure and also addresses newer topics such as Virtual Private Networks (VPNs), remote access and web site security. The book also has complete coverage of Internet Information Server (IIS) release 5.

Key Features

A great addition to the bestselling "Hack Proofing..." series Windows 2000 sales have surpassed those of Windows NT Critical topic. The security of an organization's data and communications is crucial to its survival and these topics are notoriously difficult to grasp Unrivalled web support at

Table of Contents

Chapter 1 The Windows 2000 Server Security Migration Path


Windows 2000 Server Security

Why the Change

Differences in Windows 2000 Server Security

Authentication Limitations

What Is the Same in Windows 2000 Server

Upgrading and Migrating Considerations

How to Begin the Process

Getting Started

Proper Analysis


Solutions Fast Track

Frequently Asked Questions

Chapter 2 Default Access Control Settings


The Administrators Group

The Users Group

The Power Users Group

Configuring Security during Windows 2000 Setup

Default File System and Registry Permissions

Default User Rights

Exercise 2.1 Checking User Rights through the Microsoft Management Console

Default Group Membership

Pre-Windows 2000 Security


Solutions Fast Track

Frequently Asked Questions

Chapter 3 Kerberos Server Authentication


Authentication in Windows 2000

Benefits of Kerberos Authentication

Standards for Kerberos Authentication

Extensions to the Kerberos Protocol

Overview of the Kerberos Protocol

Basic Concepts



Kerberos and Windows 2000

Key Distribution Center

Kerberos Policy

Contents of a Microsoft Kerberos Ticket

Delegation of Authentication


Security Support Providers

Credentials Cache

DNS Name Resolution

UDP and TCP Ports

Authorization Data

Kerberos Tools


Solutions Fast Track

Frequently Asked Questions

Chapter 4 Secure NetworkingUsing Windows 2000 Distributed Security Services


The Way We Were: Security in NT

A Whole New World: Distributed Security in Windows 2000

Windows 2000 Distributed Security Services

Active Directory and Security

Advantages of Active Directory Account Management

Relationship between Directory and Security Services

Security Protocols

NTLM Credentials

Kerberos Credentials

Private and Public Key Pairs and Certificates

Other Supported Protocols

Internet Single Sign-On

Internet Security for Windows 2000

Client Authentication with SSL 3.0

Authentication of External Users

Microsoft Certificate Server


Interbusiness Access: Distributed Partnership


Solutions Fast Track

Frequently Asked Questions

Chapter 5 Security Configuration Tool Set


Security Configuration Tool Set

Security Configuration Tool Set Components

Security Configurations

Security Configuration and Analysis Database

Security Configuration and Analysis Areas

Security Configuration Tool Set User Interfaces

Configuring Security

Account Policies

Local Policies

Event Log

Restricted Groups

Registry Security

File System Security

System Services Security

Analyzing Security

Group Policy Integration

Security Configuration in Group Policy Objects

The Security Settings Extension to the Group Policy Editor

Additional Security Policies


Solutions Fast Track

Frequently Asked Questions

Chapter 6 Encrypting the File System for Windows 2000


Using the Encrypting File System

Encryption Fundamentals

How EFS Works

User Operations

File Encryption

Assessing an Encrypted File

Copying an Encrypted File

Moving or Renaming an Encrypted File

Decrypting a File

Cipher Utility

Directory Encryption

Recovery Operations

EFS Architecture

EFS Components

The Encryption Process

The EFS File Information

The Decryption Process


Solutions Fast Track

Frequently Asked Questions

Chapter 7 IP Security for Microsoft Windows 2000 Server


Network Encroachment Methodologies



Password Compromise

Denial-of-Service Attacks

Man-in-the-Middle Attacks

Application-Directed Attacks

Compromised Key Attacks

IPSec Architecture

Overview of IPSec Cryptographic Services

IPSec Security Services

Security Associations and IPSec Key Management Procedures

Deploying Windows IP Security

Evaluating Information

Determining Required Security Levels

Building Security Policies with Customized IPSec Consoles

Flexible Security Policies

Flexible Negotiation Policies


Creating a Security Policy


Solutions Fast Track

Frequently Asked Questions

Chapter 8 Smart Cards



ISO 7816, EMV, and GSM

The PC/SC Workgroup

The Microsoft Approach

Smart Card Base Components

Service Providers

Enhanced Solutions

Client Authentication

Public Key Interactive Logon


Solutions Fast Track

Frequently Asked Questions

Chapter 9 Microsoft Windows 2000 Public Key Infrastructure



Public Key Cryptography

Public Key Functionality

Protecting and Trusting Cryptographic Keys

Windows 2000 PKI Components

Certificate Authorities

Certificate Hierarchies

Deploying an Enterprise CA

Trust in Multiple CA Hierarchies

Installing a Windows 2000 PKI

Exercise 9.1 Installing Certificate Services

Enabling Domain Clients

Generating Keys

Key Recovery

Certificate Enrollment


Using Keys and Certificates




Public Key Security Policy in Windows 2000

Trusted CA Roots

Certificate Enrollment and Renewal

Smart Card Logon

Applications Overview

Web Security

Secure E-Mail

Digitally Signed Content

Encrypting File System

Smart-Card Logon

IP Security

Preparing for Windows 2000 PKI

Backing Up and Restoring Certificate Services

Exercise 9.9 Backing Up Certificate Services

Exercise 9.10 Restoring Certificate Services


Solutions Fast Track

Frequently Asked Questions

Chapter 10 Supporting Non-Windows 2000 Clients and Servers


Authenticating Down-Level Clients

Defining Lan Manager and NT Lan Manager Authentication

Using the Directory Services Client

Deploying NTLM Version 2

Working with UNIX Clients

Installing Services for UNIX

NFS Software

Working with Novell Clients

Client Services for NetWare

Gateway Services for NetWare

Understanding Services for NetWare

Working with Macintosh Clients

Understanding Files Services for Macintosh

Understanding Print Services for Macintosh

Installing File and Print Services for Macintosh

Authenticating Macintosh Clients


Solutions Fast Track

Frequently Asked Questions

Chapter 11 Securing Internet Information Services 5.0


Securing the Windows 2000 Server

Installing Internet Information Services 5.0

Exercise 11.1 Uninstalling IIS 5.0

Exercise 11.2 Creating an Answer File for Installing IIS

Securing Internet Information Services 5.0

Setting Web Site, FTP Site, and Folder Permissions

Restricting Access through IP Address and Domain Name Blocking

Configuring Authentication

Examining the IIS Security Tools

Using the Hotfix Checking Tool for IIS 5.0

Using the IIS Security Planning Tool

Using the Windows 2000 Internet Server Security Configuration Tool for IIS 5.0

Auditing IIS

Exercise 11.6 Configuring Auditing for an Organizational Unit


Solutions Fast Track

Frequently Asked Questions

Chapter 12 Using Security-Related Tools


Installing the Support Tools

Exercise 12.1 Installing the Support Tools

Installing the Windows 2000 Server Resource Kit

Exercise 12.2 Installing the Windows 2000 Server Resource Kit

Using Application Tools

Using the Application Security Tool

Running the Applications as Services Utility

Using Service Tools

Running the Service Controller Tool

Using ScList

Using the Service Monitoring Tool

Using Registry Tools

Using Registry Backup

Using Registry Restoration

Running the Registry Console Tool

Using Process Tools

Running the Process Viewer

Running the Task List Viewer

Using the Task Killing Utility

Using Process Tree

Using Logging Tools

Using the Event Log Query Tool

Using Trace Logging

Using Trace Dump

Using Reduce Trace Data

Using Permission Tools

Using the Service ACL Editor

Using Permcopy

Running Access Control List Diagnostics

Running DsAcls

Using Group Management Tools

Show Groups

Using Show Members

Using Find Group

Using Miscellaneous Tools

Using Show Privilege

Running Uptime

Using Floppy Lock

Running System Scanner


Solutions Fast Track

Frequently Asked Questions

Appendix A Port Numbers



No. of pages:
© Syngress 2001
1st November 2001
eBook ISBN:

About the Author

Ratings and Reviews