Synopses & Reviews
Get the definitive reference for planning and implementing security features in Windows Server 2008—with expert insights from Microsoft Most Valuable Professionals (MVPs) and the Windows Server Security Team at Microsoft. This official Microsoft RESOURCE KIT delivers the in-depth, technical information and tools you need to help protect your Windows–based clients, server roles, networks, and Internet services. Leading security experts explain how to plan and implement comprehensive security with special emphasis on new Windows security tools, security objects, security services, user authentication and access control, network security, application security, Windows Firewall, Active Directory security, group policy, auditing, and patch management. The kit also provides best practices based on real-world implementations. You also get must-have tools, scripts, templates, and other key job aids, including an eBook of the entire RESOURCE KIT on CD.
For customers who purchase an ebook version of this title, instructions for downloading the CD files can be found in the ebook.
About the Author
Lead author Jesper M. Johansson, Ph.D., Enterprise Security MVP, CISSP, ISSAP, is a well-known Windows security expert and a former security manager at Microsoft.
Table of Contents
Acknowledgements; Introduction; Overview of the Book; Document Conventions; Companion CD; Resource Kit Support Policy; Part I: Windows Security Fundamentals; Chapter 1: Subjects, Users, and Other Actors; 1.1 The Subject/Object/Action-Tuple; 1.2 Types of Security Principals; 1.3 Security Identifiers; 1.4 Summary; 1.5 Additional Resources; Chapter 2: Authenticators and Authentication Protocols; 2.1 Something You Know, Something You Have; 2.2 Understanding Authenticator Storage; 2.3 Authentication Protocols; 2.4 Smart Card Authentication; 2.5 Attacks on Passwords; 2.6 Managing Passwords; 2.7 Summary; 2.8 Additional Resources; Chapter 3: Objects: The Stuff You Want; 3.1 Access Control Terminology; 3.2 Tools to Manage Permissions; 3.3 Major Access Control Changes in Windows Server 2008; 3.4 User Rights and Privileges; 3.5 RBAC/AZMAN; 3.6 Summary; 3.7 Additional Resources; Chapter 4: Understanding User Account Control (UAC); 4.1 What Is User Account Control?; 4.2 How Token Filtering Works; 4.3 Components of UAC; 4.4 UAC Group Policy Settings; 4.5 What's New in UAC in Windows Server 2008 and Windows Vista SP1; 4.6 UAC Best Practices; 4.7 Summary; 4.8 Additional Resources; Chapter 5: Firewall and Network Access Protection; 5.1 Windows Filtering Platform; 5.2 Windows Firewall with Advanced Security; 5.3 Routing and Remote Access Services; 5.4 Internet Protocol Security; 5.5 Network Access Protection; 5.6 Summary; 5.7 Additional Resources; Chapter 6: Services; 6.1 Introduction to Services; 6.2 Attacks on Services; 6.3 Service Hardening; 6.4 Securing Services; 6.5 Summary; 6.6 Additional Resources; Chapter 7: Group Policy; 7.1 What Is New in Windows Server 2008; 7.2 Group Policy Basics; 7.3 What Is New in Group Policy; 7.4 Managing Security Settings; 7.5 Summary; 7.6 Additional Resources; Chapter 8: Auditing; 8.1 Why Audit?; 8.2 How Windows Auditing Works; 8.3 Setting an Audit Policy; 8.4 Developing a Good Audit Policy; 8.5 New Events in Windows Server 2008; 8.6 Using the Built-In Tools to Analyze Events; 8.7 Summary; Part II: Implementing Identity and Access (IDA) Control Using Active Directory; Chapter 9: Designing Active Directory Domain Services for Security; 9.1 The New User Interface; 9.2 The New Active Directory Domain Services Installation Wizard; 9.3 Read-Only Domain Controllers; 9.4 Restartable Active Directory Domain Services; 9.5 Active Directory Database Mounting Tool; 9.6 AD DS Auditing; 9.7 Active Directory Lightweight Directory Services Overview; 9.8 Active Directory Federation Services Overview; 9.9 Summary; 9.10 Additional Resources; Chapter 10: Implementing Active Directory Certificate Services; 10.1 What Is New in Windows Server 2008 PKI; 10.2 Threats to Certificate Services and Mitigation Options; 10.3 Securing Certificate Services; 10.4 Best Practices; 10.5 Summary; 10.6 Additional Resources; Part III: Common Security Scenarios; Chapter 11: Securing Server Roles; 11.1 Roles vs. Features; 11.2 Your Server Before the Roles; 11.3 Server Core; 11.4 Tools to Manage Server Roles; 11.5 The Security Configuration Wizard; 11.6 Multi-Role Servers; 11.7 Summary; Chapter 12: Patch Management; 12.1 The Four Phases of Patch Management; 12.2 The Anatomy of a Security Update; 12.3 Tools for Your Patch Management Arsenal; 12.4 Summary; 12.5 Additional Resources; Chapter 13: Securing the Network; 13.1 Introduction to Security Dependencies; 13.2 Types of Dependencies; 13.3 Mitigating Dependencies; 13.4 Summary; 13.5 Additional Resources; Chapter 14: Securing the Branch Office; 14.1 An Introduction to Branch Office Issues; 14.2 Windows Server 2008 in the Branch Office; 14.3 Other Security Steps; 14.4 Summary; 14.5 Additional Resources; Chapter 15: Small Business Considerations; 15.1 Running Servers on a Shoestring; 15.2 Servers Designed for Small Firms; 15.3 Violating All the Principles with Multi-Role Servers; 15.4 Best Practices for Small Businesses; 15.5 Summary; 15.6 Additional Resources; Chapter 16: Securing Server Applications; 16.1 Introduction; 16.2 IIS 7: A Security Pedigree; 16.3 Configuring IIS 7; 16.4 TCP/IP-Based Security; 16.5 Simple Path-Based Security; 16.6 Authentication and Authorization; 16.7 Summary; 16.8 Additional Resources; System Requirements;