| Contents at a Glance | 4 |
---|
| Contents | 6 |
---|
| About the Author | 12 |
---|
| About the Technical Reviewer | 14 |
---|
| Acknowledgments | 16 |
---|
| Introduction | 18 |
---|
| CHAPTER 1 Some Words About Hardening | 19 |
---|
| What Is Security? | 20 |
| The Security Dilemma | 21 |
| Enemies of Security | 22 |
| What Windows Is Lacking | 22 |
| Some General Hardening Suggestions | 23 |
| Software Considerations | 24 |
| Hardware and Network Considerations | 25 |
| Checkpoints | 27 |
| CHAPTER 2 Windows NT Security | 29 |
---|
| Windows NT System Policy Editor | 29 |
| Customizing and Applying Policies to Multiple Computers | 30 |
| Resolving Conflicts Between Multiple Policies | 31 |
| Recommended User Policy Settings | 32 |
| Extending Policies | 37 |
| Passwords | 37 |
| Password Policies | 38 |
| Password Cracking | 39 |
| Protecting User Accounts | 40 |
| Registry Procedures | 40 |
| Protecting the File System | 41 |
| Locking Down Local Directories | 41 |
| Search Paths | 42 |
| Guarding Against Internet Threats | 43 |
| Windows NT Port Filtering | 43 |
| Protecting Against Viruses | 44 |
| Assigning Rights to Users | 45 |
| Granting and Revoking User Rights | 45 |
| Remote Access Server Configuration | 48 |
| Selecting Appropriate Communications Protocols and Methods | 48 |
| Security Implications of Domains | 49 |
| Checkpoints | 50 |
| CHAPTER 3 Windows 2000 Security | 53 |
---|
| System Updates | 53 |
| The Slipstreaming Process | 54 |
| Critical Updates and Security Hotfixes | 55 |
| Managing Critical Updates Across Multiple Computers | 55 |
| Security Templates | 56 |
| Creating a Custom Security Template | 58 |
| Recommended Security Policy Settings | 59 |
| User Accounts | 60 |
| Local Options | 61 |
| Other Security Considerations | 64 |
| Windows Component Selection and Installation | 64 |
| Tightening Running Services | 65 |
| Checkpoints | 66 |
| CHAPTER 4 Windows XP Security | 67 |
---|
| Implementing the Built-In Windows XP Firewall | 67 |
| Profiles | 68 |
| Configuring Through Group Policy | 69 |
| The Internet Connection Firewall in XP Gold and Service Pack 1 | 69 |
| Disabling Unnecessary Services | 71 |
| Providing a Secure Configuration for Services | 80 |
| Microsoft Baseline Security Analyzer Patch Check and Security Tests | 81 |
| Installing Microsoft Baseline Security Analyzer | 81 |
| Penetration Tests | 81 |
| File System Security | 82 |
| Disable Automated Logins | 83 |
| Hardening Default Accounts | 83 |
| Use Runas for Administrative Work | 84 |
| Disable Infrared Transfers | 85 |
| Using Forensic Analysis Techniques | 85 |
| Checkpoints | 87 |
| CHAPTER 5 Windows Server 2003 Security | 89 |
---|
| Enhancements to Security in Service Pack 1 | 89 |
| The Security Configuration Wizard | 90 |
| Installing the SCW | 91 |
| Creating a Security Policy with the SCW | 91 |
| The Rollback Feature | 98 |
| SCW Best Practices | 98 |
| Using SCW from the Command Line | 99 |
| Checkpoints | 100 |
| CHAPTER 6 Deploying Enterprise Security Policies | 103 |
---|
| System Policies, Group Policies, and Interaction | 103 |
| Mixing Policies and Operating Systems | 105 |
| Security and the Group Policy Framework | 107 |
| Organized Layout of Policies | 108 |
| Policy Application Precedence | 110 |
| Creating Security Configuration Files | 110 |
| Default Domain Policy | 112 |
| Default Domain Controller Security Policies | 112 |
| Troubleshooting Group Policy
|