Security for Microsoft Windows System Administrators

Similar documents
HTML5 MOBILE WEBSITES

Eleventh Hour Network+ Exam N Study Guide

Rendering with mental ray and 3ds Max

Traveling Wave Analysis of Partial Differential Equations

Networked Graphics 01_P374423_PRELIMS.indd i 10/27/2009 6:57:42 AM

SQL Injection Attacks and Defense

An Introduction to Programming with IDL

Open-Source Robotics and Process Control Cookbook

Digital Signal Processing System Design: LabVIEW-Based Hybrid Programming Nasser Kehtarnavaz

DATA VISUALIZATION WITH FLASH BUILDER

Understand and Implement Effective PCI Data Security Standard Compliance

FISMAand the Risk Management Framework

Embedded Systems Architecture

Study Guide. Robert Schmidt Dane Charlton

Coding for Penetration

Measuring the effectiveness of your ISMS implementations based on ISO/IEC 27001

Coding for Penetration Testers Building Better Tools

Moving to the Cloud. Developing Apps in. the New World of Cloud Computing. Dinkar Sitaram. Geetha Manjunath. David R. Deily ELSEVIER.

Guide to the implementation and auditing of ISMS controls based on ISO/IEC 27001

Windows Forensic Analysis Toolkit Third Edition Advanced Analysis Techniques For Windows 7

Windows Forensic Analysis Toolkit Third Edition Advanced Analysis Techniques For Windows 7

Programming 8-bit PIC Microcontrollers in С

Oracle 10g Developing Media Rich Applications

COSO Enterprise Risk Management

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

MSP430 Microcontroller Basics

System Assurance. Beyond Detecting. Vulnerabilities. Djenana Campara. Nikolai Mansourov

Managed. Code Rootkits. Hooking. into Runtime. Environments. Erez Metula ELSEVIER. Syngress is an imprint of Elsevier SYNGRESS

Android Forensics. Investigation, Analysis, Google Android. and Mobile Security for. Andrew Hoog. John McCash, Technical Editor SYNGRESS

Linux Command Line and Shell Scripting Bible

Linux Command Line and Shell Scripting Bible. Third Edtion

Graphics Programming in c++

Implementing Security and Tokens: Current Standards, Tools, and Practices

Veeam demonstrates its ambitions and capabilities

Real-Time Optimization by Extremum-Seeking Control

Training Kit Administering Microsoft SQL Server 2012 Databases. Training Kit EXAM SQL Server 2012 Databases

INFORMATION SECURITY FOR MANAGERS

Historical Reliability Data for IEEE 3006 Standards: Power Systems Reliability

This page intentionally left blank

Computers as Components Principles of Embedded Computing System Design

FUZZY LOGIC WITH ENGINEERING APPLICATIONS

Algorithmic Graph Theory and Perfect Graphs

7 Windows Tweaks. A Comprehensive Guide to Customizing, Increasing Performance, and Securing Microsoft Windows 7. Steve Sinchak

On the Radar: IBM Resilient applies incident response orchestration to GDPR data breaches

CompTIA Security+ Study Guide (SY0-501)

Enterprise Networks and Telephony

QoS OVER HETEROGENEOUS NETWORKS

CompTIA IT Fundamentals:

RISK MANAGEMENT FRAMEWORK: A LAB-BASED APPROACH TO SECURING INFORMATION SYSTEMS BY JAMES BROAD

DUNS CAGE 5T5C3

Certified information Systems Security Professional(CISSP) Bootcamp

COURSE BROCHURE CISA TRAINING

CUDA Application Design and Development


Securing SCADA Systems. Ronald L. Krutz

An Introduction to Parallel Programming

Logging and Log Management

Beginning Transact-SQL with SQL Server 2000 and Paul Turley with Dan Wood

Information Modeling and Relational Databases

WORKSHARE SECURITY OVERVIEW

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

Robust SRAM Designs and Analysis

Relational Database Design Clearly Explained Second Edition The Morgan Kaufmann Series In Data Management Systems By Harrington Jan L 2002 Paperback

Improving a Trustworthy Data Repository with ISO 16363

Essential Angular for ASP.NET Core MVC

Modeling & Simulation-Based Data Engineering

MCITP Windows Server 2008 Server Administrator Study Guide

Mastering UNIX Shell Scripting

Research on Industrial Security Theory

E-guide Getting your CISSP Certification

Usability Testing Essentials

CISSP* CBK (ISC) GUIDE TO THE. OFFICIAL (ISCf. \Xjfl^J Taylor &. Francis Group ' Boca Raton London New York. CRC Press THIRD EDITION

ISEB Practitioner Certificate in IT Service Management: Specialising in Release and Control

Business Driven Data Communications

Pro SQL Server 2008 Mirroring

FPGAs: Instant Access

Failure-Modes-Based Software Reading

LEGITIMATE APPLICATIONS OF PEER-TO-PEER NETWORKS DINESH C. VERMA IBM T. J. Watson Research Center A JOHN WILEY & SONS, INC., PUBLICATION

ARCHITECTURE DESIGN FOR SOFT ERRORS

IP MULTICAST WITH APPLICATIONS TO IPTV AND MOBILE DVB-H

Virtualization from the Trenches

WHITE PAPER. The Top 5 Threats in File Server Management

J2EE TM Best Practices Java TM Design Patterns, Automation, and Performance

The Deloitte-NASCIO Cybersecurity Study Insights from

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

CISA Training.

Vice President and Chief Information Security Officer FINRA Technology, Cyber & Information Security

Business Continuity Management Standards A Side-by-Side Comparison

Subject: University Information Technology Resource Security Policy: OUTDATED

Shon Harris s Newly Updated CISSP Materials

Maya Python. for Games and Film. and the Maya Python API. A Complete Reference for Maya Python. Ryan Trowbridge. Adam Mechtley ELSEVIER

Selenium Testing Tools Cookbook

LEGITIMATE APPLICATIONS OF PEER-TO-PEER NETWORKS

Security Management Models And Practices Feb 5, 2008

Practical Database Programming with Visual Basic.NET

IT in Healthcare Day

Workbook for C++ THIRD EDITION. Yedidyah Langsam, Ph.D. Brooklyn College of the City University of New York. Custom Publishing

The Definitive Guide to the ARM Cortex-M3

Transcription:

Security for Microsoft Windows System Administrators

Security for Microsoft Windows System Administrators Introduction to Key Information Security Concepts Derrick Rountree Rodney Buike, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint of Elsevier SYNGRESS

Acquiring Editor: Angelina Ward Development Editor: Heather Scherer Project Manager: Paul Gottehrer Designer: Alisa Andreola Syngress is an imprint of Elsevier 30 Corporate Drive, Suite 400, Burlington, MA 01803, USA 2011 Elsevier, Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. Library of Congress Cataloging-in-Publication Data Application submitted British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. ISBN: 978-1-59749-594-3 Printed in the United States of America 10 11 12 13 14 10 9 8 7 6 5 4 3 2 1 Typeset by: diacritech, Chennai, India For information on all Syngress publications visit our website at www.syngress.com

Dedication This book is dedicated to my daughter Riley, my grandmother Rosa, and my great grandmother Mary.

CONTENTS vii CONTENTS Acknowledgments............................................ ix About the Author............................................. xi Chapter 1 Introduction to General Security Concepts.................. 1 Principles of Information Security................................ 2 Information Security Standards, Regulations, and Compliance........ 4 Authentication, Authorization, and Accounting (AAA).............. 10 Access Control.............................................. 25 Summary................................................... 28 Chapter 2 Cryptography........................................... 29 Basic Cryptography Concepts.................................. 29 PKI Concepts................................................ 38 Implementing PKI and Certificate Management................... 53 Summary................................................... 69 Chapter 3 Network Security....................................... 71 General Network Concepts and Vulnerabilities.................... 71 Network Services and Network Devices.......................... 76 Internet Security and Vulnerabilities............................. 85 Network Security Tools and Devices............................. 98 Summary...................................................106 Chapter 4 System Security........................................ 109 General System Security Threats...............................109 Hardware and Peripheral Devices...............................115 OS and Application Security...................................117 Virtualization............................................... 129 System-Based Security Applications........................... 131 Summary.................................................. 134 Chapter 5 Organizational and Operational Security.................. 135 Physical Security Concepts and Vulnerabilities................... 135 Policies and Procedures...................................... 139

viii CONTENTS Risk Analysis............................................... 150 Business Continuity and Disaster Recovery...................... 152 Summary.................................................. 159 Chapter 6 Security Assessments and Audits........................ 161 Vulnerability Assessments and Testing......................... 161 Monitoring................................................. 163 Logging and Auditing........................................ 179 Summary.................................................. 188 Appendix A: Common Applications and Port Numbers............ 189 Appendix B: Information Security Professional Certifications........191 Index......................................................193

ACKNOWLEDGMENTS ix Acknowledgments First, I would like to thank my wife Michelle. We are heading down the new road of parenthood together. It s both exciting and a little bit scary. I would like to thank my mother Claudine, my sister Kanesha, and my grandmother Lugenia. Thank you for being there for me. I would also like to thank my two best friends Carrie and Fela. The two of you have shown me what true friendship is. You ve also served as examples of persistence and dedication. Because of you, I know the road may be long, but if you stick with it, eventually you will get to your destination. I love you all. Finally, I would like to thank the Elsevier staff, especially Angelina Ward, Senior Acquisitions Editor and Heather Scherer, Developmental Editor. It has truly been a pleasure working with you.

ABOUT THE AUTHOR xi About the Author Derrick Rountree (CISSP, Security +, MCSE, MCSA) has been in the IT field for over 16 years. He has a Bachelors of Science in Electrical Engineering. Derrick has held positions as a network administrator, IT consultant, and QA engineer. He has experience in network security, operating system security, application security, and secure software development. Derrick has contributed to several other Syngress and Elsevier publications on Citrix, Microsoft, and Cisco technologies. Tech Editor Rodney Buike (MCSE) is an IT pro advisor with Microsoft Canada. As an IT pro advisor, Rodney spends his day helping IT professionals in Canada with issues and challenges they face in their environment and careers. He also advocates for a stronger community presence and shares knowledge through blogging, podcasts, and in-person events. Rodney s specialties include Exchange Server, virtualization, and core infrastructure technologies on the Windows platform. Rodney worked as a LAN administrator, system engineer, and consultant and has acted as a reviewer on many popular technical books. Rodney is also the founder and principal content provider for Thelazyadmin.com and a former author for MSExchange.org.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback