McGraw-Hill - 2004 - Hardening Windows Systems
Table of Contents
BackCover
Hardening Windows Systems
Foreword
Introduction
Part I: Do This Now!
Chapter 1: An Immediate Call to Action
Strengthen the Password Policy
Lock Down Remote Administration
Lock Down Administrative Workstations
Physically Secure All Systems
Keep Secrets
Disable EFS
Ban Wireless Networks That Don't Meet Tough Security Policy Requirements
Don't Allow Unprotected Laptops and Desktops to Connect to the LAN
Use Runas or Su
Disable Infrared File Transfer
Part II: Take It from the Top: Systematic Harden
Chapter 2: Harden Authentication - You Are Who You Can Prove You Are
What Is Authentication?
Authentication Credentials Choices
Harden User Logon
Harden Network Authentication
Harden Computer and Services Authentication Processes
Chapter 3: Harden Network Physical Infrastructure
Segment Networks
Provide Protection and Detection at Segment Boundaries
Provide Protection for Critical Traffic
Provide Protection for Critical Servers
Secure Network Infrastructure
Protect Access to Client Systems
Chapter 4: Harden Logical Network Infrastructure
Secure Foundations for Workgroup Computers
Secure Foundations for Windows NT 4.0 - Style Domains
Secure Foundations for the Active Directory Forest
Autonomy and Isolation: The Domain Is Not a Security Boundary
Checklist for Hardening the Logical Network Infrastructure
Chapter 5: Harden Network Infrastructure Roles
Develop Security Baselines
Limit User Rights
Disable Optional Subsystems
Disable or Remove Unnecessary Services
Implement Miscellaneous Security Configuration
Develop Incremental Security Steps
Select Methods and Models for Security Deployment
Chapter 6: Secure Windows Directory Information and Operations
Secure DNS
Place AD Database and SYSVOL on a Drive Separate from the System Partition
Physically Secure Domain Controllers
Monitor and Protect Active Directory Health
Secure Active Directory Data - Understand Active Directory Object Permissions
Chapter 7: Harden Administrative Authority and Practice
Delegate and Control Administrative Authority
Define Secure Administrative Practices
Chapter 8: Harden Servers and Client Computers by Role
The Role-Based Hardening Process
Determine Computer Roles
Design Role-Based Hardening Infrastructure
Adapt Security Templates
Implement the Hardening Plan Using Group Policy
Chapter 9: Harden Application Access and Use
Restrict Access with Administrative Templates
Restrict Access with Software Restriction Policies
Develop and Implement Desktop Computer and User Roles
Use Group Policy Management Console to Copy GPOs
Chapter 10: Harden Data Access
Use the NTFS File System
Use DACLs to Secure Data
Use EFS to Secure Data
Chapter 11: Harden Communications
Protect LAN Communications
Protect WAN Communications
Protect Web Communications with SSL
Chapter 12: Harden Windows Using PKI and Harden PKI
Harden Windows Using PKI
Harden PKI
Part III: Once Is Never Enough!
Chapter 13: Harden the Security Lifecycle
Create a Business Continuity Plan
Generate a Security Policy
Perform Hardened Operating System Installation
Harden Operating System, Application, and Data Protection
Manage Changes with a Formal Change Management Program
Be Prepared for Disaster Recovery
Monitor and Audit
Part IV: How to Succeed at Hardening Your Windows Systems
Chapter 14: Harden WetWare
Vet and Improve Security Policy
Learn to Speak Business
Take the First Step
Understand Current Laws
Understand Vulnerabilities of Windows and Other OSs
Know and Incorporate Voluntary Standards
Start or Participate in Security Awareness Education
Appendix: Resources
Required Reading
Tool Downloads
Security Bulletins and Discussion Lists
Index
Index_B
Index_C
Index_D
Index_E
Index_F
Index_G
Index_H
Index_I
Index_K
Index_L
Index_M
Index_N
Index_O
Index_P
Index_Q
Index_R
Index_S
Index_T
Index_U
Index_V
Index_W
Index_Z
List of Figures
List of Tables
List of Sidebars
Prepaid Card