COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

Similar documents
Ethical Hacking and Prevention

Advanced Security Measures for Clients and Servers

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Security+ SY0-501 Study Guide Table of Contents

CS 356 Operating System Security. Fall 2013

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Locking down a Hitachi ID Suite server

Pass Microsoft Exam

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems

HikCentral V1.3 for Windows Hardening Guide

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

CIS Controls Measures and Metrics for Version 7

SERVER HARDENING CHECKLIST

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

CIS Controls Measures and Metrics for Version 7

Copyright

vcloud Director User's Guide

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

CompTIA Security+ (2008 Edition) Exam

Microsoft Exam Security fundamentals Version: 9.0 [ Total Questions: 123 ]

SE420 Software Quality Assurance

Access Controls. CISSP Guide to Security Essentials Chapter 2

HikCentral V.1.1.x for Windows Hardening Guide

jk0-022 Exam Questions Demo CompTIA Exam Questions jk0-022

Practical Network Defense Labs

CompTIA Security+(2008 Edition) Exam

Configure advanced audit policies

Curso: Ethical Hacking and Countermeasures

Endpoint Security - what-if analysis 1

Index. Advertisers gleaning /browser information,

ANATOMY OF AN ATTACK!

Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.

Objectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats

716 West Ave Austin, TX USA

Computers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks


PCI DSS Compliance. White Paper Parallels Remote Application Server

MCSA Windows Server 2012

MOC 6421B: Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

MTA Networking Fundamentals Exam.

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

COMPUTER NETWORK SECURITY

Information Security: Principles and Practice Second Edition. Mark Stamp

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Module 9. Configuring IPsec. Contents:

SEVENMENTOR TRAINING PVT.LTD

vcloud Director User's Guide 04 OCT 2018 vcloud Director 9.5

vcloud Director User's Guide

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

vcloud Director User's Guide

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

19.1. Security must consider external environment of the system, and protect it from:

HP Instant Support Enterprise Edition (ISEE) Security overview

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Hands-On Ethical Hacking and Network Defense 3rd Edition

CTS2134 Introduction to Networking. Module 08: Network Security

COPYRIGHTED MATERIAL. Contents. Assessment Test

Introduction. The Safe-T Solution

Learn about the Fundamental building blocks that go into building a Windows Server infrastructure with Windows Server 2012.

Cyber security tips and self-assessment for business

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

Advanced Diploma on Information Security

10 FOCUS AREAS FOR BREACH PREVENTION

MU2b Authentication, Authorization and Accounting Questions Set 2

Security Enhancements

Remote Desktop Security for the SMB

CompTIA Security+ Certification

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

SAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0

2009 OSIsoft, LLC. OSIsoft vcampus Live! where PI geeks meet OSIsoft, LLC. OSIsoft vcampus Live! 2009 where PI geeks meet

Chapter 9. Firewalls

Deploy and Configure Microsoft LAPS. Step by step guide and useful tips

Internet Information Server 6.0

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

CSE 565 Computer Security Fall 2018

Policy Settings for Windows Server 2003 (including SP1) and Windows XP (including SP2)

MCSA Windows Server 2012

An Overview to Windows Server Security

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration

Windows 10 Security & Audit

Password Reset Utility. Configuration

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Training UNIFIED SECURITY. Signature based packet analysis

epldt Web Builder Security March 2017

CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)

microsoft. Number: Passing Score: 800 Time Limit: 120 min.

Seqrite Endpoint Security

How NOT To Get Hacked

CompTIA Security+ (Exam SY0-401)

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Transcription:

Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual Attacker Methodology 8 Automated Malware 11 Remote 14 Other Types of Attacks 17 Malware Trends 19 Where Malware Hides 20 Summary 49 Chapter 2: Conventional and Unconventional Defenses 51 Overall Defense Strategy 51 We Will Never Defeat Hackers and Malware 52 Whatever Is Popular Gets Hacked 52 There Is No Perfect Security Solution 53 Focus on the Right Problem of Automated Malware, Not Hackers 53 If a User Can Be Tricked into Running a Malicious Program, It Is Game Over 54 Security-by-Obscurity Works! 54 Don t Let End Users Make Security Decisions 54 Assume Firewalls and Antivirus Software Will Fail 55 Protection Should Be Host-Based 55 Practice Defense-in-Depth 56 Prevent Malware from Hiding Where It Likes to Hide 57 Minimize Potential Attack Vectors, Decrease Attack Space 57 Security Must Be Automated 58 Conventional Defenses 58 Don t Give Users Admin Access 58 Keep Patches Updated 63 COPYRIGHTED MATERIAL vi xix

Use a Host-Based Firewall 65 Use Antivirus Software 68 Use Anti-Spam Software 69 Use Anti-Spyware Software 70 Physical Security 70 Harden the TCP/IP Stack 71 Unconventional Defenses 73 Rename Admin and Highly Privileged Accounts 73 Run Services on Non-Default Ports! 75 Install High-Risk Software (i.e., IIS) to Non-Default Folders 76 Summary 77 Chapter 3: NTFS Permissions 101 79 Common Misconceptions 79 How Windows Security Works 80 Access Control Phases 80 GUIDs and SIDs 82 Delegation and Impersonation 90 Groups 95 Computer Accounts 115 Windows Trusts 116 Security Token 117 Share and NTFS Permissions 119 Share Permissions 119 NTFS Permissions 122 Interesting Permission Interactions 127 Current Permission Settings 132 Interesting Points About Information in Tables 3-8 through 3-10 134 Other Best Practice Recommendations 135 Give Security to Groups, Not Users 135 Don t Overuse Everyone Full Control 136 Set Security Using Special Permissions 136 Summary 136 Part II: OS Hardening 139 Chapter 4: Preventing Password Crackers 141 x Windows Password Authentication 141 Unicode Passwords 142 Password Complexity 144 Are Complex Passwords Complex? 145 Using a Strong Password 146

Windows Password Hashes 146 Windows Authentication 152 Logon Process 159 Passwords Attacks, Tools, and Techniques 160 Password Resetting 160 Password Guessing 163 Password Capturing 165 Password Cracking 166 Guessing and Cracking Methods 171 Other Types of Password Attacks 175 Cached Credentials 176 Computer Accounts 177 Credential Manager 179 RDP Connection Objects 181 Other Common Windows Authentication Mechanisms 182 Island Hopping 183 Defending Against Password Attacks 183 Disable LM Password Hashes 183 Require Long, Complex Passwords 184 Disable LM and NTLM Authentication 184 Enable Account Lockouts 185 Force Moderately Frequent Password Changes 186 Rename Highly Privileged Accounts 186 Give Additional Protections to Highly Privileged Accounts 186 Enable Logon Screen Warning Messages 187 Audit Passwords on a Regular Basis 187 Consider Using Random Password Generators 187 Don t Use a Password 187 Summary 188 Chapter 5: Protecting High-Risk Files 189 What Is a High-Risk File? 189 File Flaws 191 High-Risk File and Program Examples 193 List of Potentially Malicious File Types 193 High-Risk Windows Files 204 Other Windows Files Needing Protection 209 Malicious File Tricks 211 Dangerous Unused Applications 217 Buffer Overflows 217 File Defenses 218 Uninstall, Remove, Delete, and Rename 218 Use NTFS Permissions 218 xi

xii Software Restriction Policies 221 Enable Auditing 224 Keep Patches Updated 225 Other Defenses 225 Summary 225 Chapter 6: Protecting High-Risk Registry Entries 227 Registry Introduction 227 Registry Structure 228 Alternate Registry Storage Locations 237 Registry Tools 238 Registry Permissions 241 High-Risk Registry Entries 243 What Is a High-Risk Registry Entry? 243 Defenses 246 Don t Let Non-Admin Users Be Logged On As Administrators 246 Harden HKCU Registry Permissions 247 Block High-Risk File Associations 247 Block High-Risk URI Handlers 249 Remove High-Risk NeverShowExt Values 250 Block File Association Changes 250 Use Group Policy or Security Templates to Automate Registry Permission Changes 251 Summary 251 Chapter 7: Tightening Services 253 Why Tighten Services? 253 Less Attack Surface 253 Reduce Buffer Overflow Risks 254 Reduce Risk of Denial-of-Service Attacks 254 Reduce Management Overhead 254 Services Introduction 254 Identifying Unknown Services 255 Service Details 256 SC 265 RPC Services 267 Common Windows Services and Recommendations 267 Nondefault Windows Services 283 Differences between Windows Platforms 287 Securing Services 288 High-Security Minimal Services 288 Normal Security Environments 288

How to Tighten Remaining Services 290 Summary 294 Chapter 8: Using IPSec 295 Introduction to IPSec 295 An Open Standard 296 IPSec Basics 296 Tunnel versus Transport Mode 297 IPSec Security Protocols AH versus ESP 298 Security Associations 300 Key Management 300 IKE Modes Main, Aggressive, and Quick 300 NAT versus NAT-T 301 Performance Issues 301 Windows IPSec 302 IPSec Console 302 IPSec at the Command Line 302 IPSec Monitor Tools 303 Default IPSec Policies 305 Setting Up Windows IPSec 306 Creating an IPSec Policy 306 IPSec Exemptions 315 Firewall Ports Needed 318 Using IPSec Security 319 Setup Planning 319 When to Use IPSec 319 IPSec Attacks and Defenses 321 Bypassing Firewall Defenses 321 Trusted Man-in-the-Middle Attack 322 Denial-of-Service Attacks 322 Other IPSec Links 322 Summary 322 Part III: Application Security 323 Chapter 9: Stopping Unauthorized Execution 325 Deny-by-Default Software Execution 325 Scope of Deny-by-Default Software Execution 325 Benefits of Preventing Unauthorized Software Execution 326 Disadvantages of Preventing Unauthorized Software Execution 327 Developing a Software Restriction Policy 327 xiii

Methods to Prevent Unauthorized Execution 329 Don t Let End Users Be Logged In As Admin 329 Remove or Delete Software 330 Use NTFS Permissions 330 Unregister DLLs 332 Use the Kill Bit 335 Software Restriction Policies 336 Summary 346 Chapter 10: Securing Internet Explorer 347 Internet Explorer 347 IE Features 347 IE Competitors 350 IE Security Statistics 351 How IE Works 352 Internet Explorer Attacks 354 URL Spoofing 354 Buffer Overflow 357 Cross-Site Scripting 357 Zone Manipulation 358 File Execution 361 Directory Traversal 362 Malicious Content 363 Cookie Manipulation 363 Browser Interface Manipulation 364 Plug-In Exploits 364 Browser Tests 365 Internet Explorer Defenses 366 Don t Browse Untrusted Web Sites 366 Don t Let Non-Admin Users Be Logged in as Administrators 366 Use IE 6 XP SP2 or IE 7 366 Keep IE Patches Updated 367 Customize Default Internet Explorer Security Zones 367 Advanced Settings 378 IE Enhanced Security Configuration 385 Third-Party Tools 387 Summary 387 xiv

Chapter 11: Protecting E-mail 389 E-mail Threats 389 Main E-mail Problems 389 Malicious File Attachments 391 Devious Embedded Links 392 Cross-Site Scripting 393 Spam 393 Phishing 396 Unauthorized Reading of E-mail 397 Securing E-mail 398 Block Malicious File Attachments 398 Disable HTML Content 401 Securely Configure E-mail Client 403 Turn Off Reading/AutoPreview Pane 404 Consider Blocking Unauthorized E-mail 405 Authenticating E-mail Links 405 Antivirus Scanning 406 Block Spam 407 Authenticate It 417 Secure DNS 418 End-User Training 418 Summary 418 Chapter 12: IIS Security 419 IIS Basics 420 Http.sys 421 Worker Processes, Application Pools, and Identities 422 IUSR and IWAM 425 IIS Administration 427 IIS Authentication 428 Permissions 433 Web Service Extensions 436 Step Summary 437 Securing IIS 437 Configure Network/Perimeter Security 437 Ensure Physical Security 438 Install Updated Hardware Drivers 438 xv

xvi Install the Operating System 438 Configure the Host Firewall 439 Configure Remote Administration 439 Install IIS In Minimal Configuration 440 Install Patches 440 Harden the Operating System 441 Configure and Tighten IIS 443 Secure Web Site(s) 452 Configure Logging 455 Clean and Test 455 Install and Tighten Applications 456 Conduct Penetration Tests 456 Deploy to Production 456 Monitor Log Files 456 More Resources 456 Summary 457 Chapter 13: Using Encrypting File System 459 How EFS Works 459 Encrypting a File 459 Alternative EFS Methods 461 Decrypting Files 461 File Security and EFS 462 EFS Certificate 462 File Encryption Key 464 DDF and DRF 465 New EFS Options in XP and XP SP2 465 Using EFS on Servers 469 Setting Up an EFS Recovery Policy 471 Setting Up EFS 476 EFS Caveats 477 EFS Best Practices 477 Other Links 478 Summary 478 Part IV: Automating Security 479 Chapter 14: Group Policy Explained 481 How Group Policy Works 481 Accessing Group Policy 482 GPO Internals 485

Group Policy Settings 487 General Observations 487 Main Setting Categories 487 Software Settings 488 GPO Windows Settings 490 Administrative Templates 515 GPO Notes/Recommendations 517 Summary 518 Chapter 15: Designing a Secure Active Directory Infrastructure 519 Active Directory Introduction 519 Top Active Directory Containers 521 LDAP 525 Parts of Active Directory Security Policies 525 History of Group Policy 525 Security Templates 527 Local Computer Policy 528 Group Policy Objects 528 Efficient Active Directory Security Design 536 Use Role-Based Security 537 Create a Role-Based OU Structure 537 Create and Use a One-Time Security Template on All Computers 538 Create and Use a Local Computer Policy 539 Create and Use a Baseline Security Policy for the Domain 539 Create and Use a Role-Based Incremental Security Policy 539 Name GPOs with Version Numbers 539 Design Summary 540 Summary 542 Book Summary 542 Index 543 xvii

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback