Description:
Help maximize security for Windows-based systems, services, and networks?with tools and resources direct from Microsoft.
Get the in-depth information and tools you need to help secure Microsoft®
Windows®–based clients, servers, networks, and Internet services with expertise
from those who know the technology best—the Microsoft Security Team. These
expert authors prescribe how to plan and implement a comprehensive
security-management strategy—from identifying risks to configuring security
technologies, applying security best practices, and monitoring and responding to
security incidents. The kit also provides essential security tools, scripts, and
other on-the-job resources—all designed to help maximize data and system
security while minimizing downtime and costs.
• Gain a framework for
understanding security threats and vulnerabilities and applying countermeasures
• Help protect servers, desktops, and laptops by configuring permissions,
security templates, TCP/IP settings, and application-level security
•
Implement security enhancements for domain controllers, Microsoft Internet
Information Services 5.0, Windows Terminal Services, and DNS, DHCP, WINS, RAS,
VPN, and certificate servers
• Help secure Active Directory® objects,
attributes, domains, and forests; use Group Policy; manage user accounts and
passwords
• Develop an auditing strategy and incident response team
•
Utilize security assessment tools, detect and respond to internal and external
security incidents, and recover services
• Create a process for deploying and
managing security updates
•Help establish your enterprise privacy
strategy
CD-ROM features:
50+ tools and scripts from the Microsoft
Security Team and the Microsoft Windows Resource Kits, including:
•
Subinacl.exe—view and help maintain security on files, registry keys, and
services from the command line or in batch files
• Ntrights.exe—set user
rights from the command line or in batch files
• EventcombMT.exe—collect and
search event logs from multiple computers through a GUI
• Scripts for
configuring security
Plus, a fully searchable eBook
Table of Contents:
| Foreword | xix |
| Acknowledgments | xxi |
| Introduction | xxiii |
| PART I APPLYING KEY PRINCIPLES OF SECURITY | |
| 1 Key Principles of Security | 3 |
| Understanding Risk Management | 3 |
| Learning to Manage Risk | 4 |
| Risk Management Strategies | 6 |
| Understanding Security | 8 |
| Granting the Least Privilege Required | 8 |
| Defending Each Network Layer | 8 |
| Reducing the Attack Surface | 8 |
| Avoiding Assumptions | 8 |
| Protecting, Detecting, and Responding | 9 |
| Securing by Design, Default, and Deployment | 9 |
| The 10 Immutable Laws of Security | 9 |
| The 10 Immutable Laws of Security Administration | 11 |
| 2 Understanding Your Enemy | 15 |
| Knowing Yourself | 16 |
| Accurately Assessing Your Own Skills | 16 |
| Possessing Detailed Documentation of Your Network | 16 |
| Understanding the Level of Organizational Support You Receive | 17 |
| Identifying Your Attacker | 17 |
| Understanding External Attackers | 19 |
| Understanding Internal Attackers | 20 |
| What Motivates Attackers? | 21 |
| Notoriety, Acceptance, and Ego | 22 |
| Financial Gain | 23 |
| Challenge | 24 |
| Activism | 25 |
| Revenge | 25 |
| Espionage | 25 |
Information
Warfare
Brand Slider |