Synopses & Reviews
The latest Windows security attack and defense strategies"Securing Windows begins with reading this book." --James Costello (CISSP) IT Security Specialist, Honeywell
Meet the challenges of Windows security with the exclusive Hacking Exposed "attack-countermeasure" approach. Learn how real-world malicious hackers conduct reconnaissance of targets and then exploit common misconfigurations and software flaws on both clients and servers. See leading-edge exploitation techniques demonstrated, and learn how the latest countermeasures in Windows XP, Vista, and Server 2003/2008 can mitigate these attacks. Get practical advice based on the authors' and contributors' many years as security professionals hired to break into the world's largest IT infrastructures. Dramatically improve the security of Microsoft technology deployments of all sizes when you learn to:
- Establish business relevance and context for security by highlighting real-world risks
- Take a tour of the Windows security architecture from the hacker's perspective, exposing old and new vulnerabilities that can easily be avoided
- Understand how hackers use reconnaissance techniques such as footprinting, scanning, banner grabbing, DNS queries, and Google searches to locate vulnerable Windows systems
- Learn how information is extracted anonymously from Windows using simple NetBIOS, SMB, MSRPC, SNMP, and Active Directory enumeration techniques
- Prevent the latest remote network exploits such as password grinding via WMI and Terminal Server, passive Kerberos logon sniffing, rogue server/man-in-the-middle attacks, and cracking vulnerable services
- See up close how professional hackers reverse engineer and develop new Windows exploits
- Identify and eliminate rootkits, malware, and stealth software
- Fortify SQL Server against external and insider attacks
- Harden your clients and users against the latest e-mail phishing, spyware, adware, and Internet Explorer threats
- Deploy and configure the latest Windows security countermeasures, including BitLocker, Integrity Levels, User Account Control, the updated Windows Firewall, Group Policy, Vista Service Refactoring/Hardening, SafeSEH, GS, DEP, Patchguard, and Address Space Layout Randomization
Synopsis
Why to BuyComplete coverage of the new security features in Windows Server 2003--all in the best-selling Hacking Exposed format.
Synopsis
"The most demystifying source of information since Toto exposed the Wizard. Hacking Exposed Windows Server 2003 eliminates the mystique and levels the playing field by revealing the science behind the curtain." --Greg Wood, General Manager, Information Security, Microsoft CorporationFrom the best-selling co-authors of the world-renowned book, Hacking Exposed, comes Hacking Exposed Windows Server 2003. Youll learn, step-by-step, how to defend against the latest attacks by understanding how intruders enter and pilfer compromised networks and weaknesses. All the new security features and exploits in Windows Server 2003 are covered.
About the Author
Joel Scambray is Chief Strategy Officer for Leviathan Security Group, an information security consultancy located in Seattle and Denver. As a member of Leviathans board and executive management team, Joel guides the evolution and execution of Leviathans business and technical strategy.Prior to Leviathan, Joel was a Senior Director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform and services division to focus on security technology architecture. Before joining Microsoft, Joel co-founded security software and services startup Foundstone Inc. and helped lead it to acquisition by McAfee for $86M. He previously held positions as a Manager for Ernst and Young, security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and Director of IT for a major commercial real estate firm. Joel is widely recognized as co-author of the original Hacking Exposed: Network Security Secrets and Solutions, the international best-selling computer security book that reached its Fifth Edition in April 2005. He is also lead author of the Hacking Exposed: Windows and Hacking Exposed: Web Applications series.Joel's writing draws primarily on his experiences in security technology development, IT operations security, and consulting. He has worked with organizations ranging in size from worlds largest enterprises to small startups. He has spoken widely on information security at forums including Black Hat, I-4, and The Asia Europe Meeting (ASEM), as well as organizations including CERT, The Computer Security Institute (CSI), ISSA, ISACA, SANS, private corporations, and government agencies such as the Korean Information Security Agency (KISA), FBI, and the RCMP.Joel holds a BS from the University of California at Davis, a MA from UCLA, and he is a Certified Information Systems Security Professional (CISSP).Stuart McClure is the co-author of all four editions of Hacking Exposed as well as Hacking Exposed Windows 2000. Stuart co-authored "Security Watch," a weekly column in InfoWorld addressing topical security issues, exploits, and vulnerabilities. He is the President/CTO of Foundstone, Inc. Prior to co-founding Foundstone, Stuart was a Senior Manager with Ernst and Young's Security Profiling Services Group, responsible for project management, attack and penetration reviews, and technology evaluations. Stuart trains Foundstone's Ultimate Hacking course, and Hacking Exposed Live for conferences such as Networld + InterOp, Black Hat, RSA, CSI, among others.
Table of Contents
Part I: Foundations 1: Information Security Basics 2: The Windows Server 2003 Security Architecture from the Hackers Perspective Part II: Profiling 3: Footprinting and Scanning 4: Enumeration Part III: Divide and Conquer 5: Hacking Windows-Specific Services 6: Privilege Escalation 7: Getting Interactive 8: Expanding Influence 9: Cleanup Part IV: Exploiting Vulnerable Services and Clients 10: Hacking IIS 11: Hacking SQL Server 12: Hacking Terminal Server 13: Hacking Microsoft Internet Clients 14: Physical Attacks 15: Denial of Service Part V: Playing Defense 16: NT Family Security Features and Tools 17: The Future of Windows Security Part VI: Appendixes A: Windows Server 2003 Security Checklist B: About the Companion Web Site