| About the Author | ix |
| About the Technical Reviewer | x |
| Acknowledgments | xi |
| Introduction | xiii |
Chapter 1 | Hardening: Theory and General Practice | 1 |
| What Is Security? | 2 |
| The Security Dilemma | 3 |
| Enemies of Security | 4 |
| Some General Hardening Suggestions | 4 |
| Software Considerations | 5 |
| Hardware and Network Considerations | 6 |
| Checkpoints | 8 |
Chapter 2 | Windows NT Security | 11 |
| Windows NT System Policy Editor | 11 |
| Customizing and Applying Group Policies | 12 |
| Resolving Conflicts Between Multiple Policies | 13 |
| Recommended User Policy Settings | 13 |
| Passwords | 18 |
| Password Policies | 18 |
| Password Cracking | 19 |
| Protecting User Accounts | 20 |
| Registry Procedures | 21 |
| Protecting the File System | 21 |
| Locking Down Local Directories | 22 |
| Search Paths | 23 |
| Guarding Against Internet Threats | 23 |
| Windows NT Port Filtering | 24 |
| Protecting Against Viruses | 24 |
| Assigning Rights to Users | 25 |
| Granting and Revoking User Rights | 26 |
| Checkpoints | 30 |
Chapter 3 | Windows 2000 Security | 33 |
| System Updates | 33 |
| The "Slipstreaming" Process | 34 |
| Critical Updates and Security Hotfixes | 35 |
| Managing Critical Updates Across Multiple Computers | 35 |
| Security Templates | 37 |
| Creating a Custom Security Template | 38 |
| Recommended Security Policy Settings | 40 |
| User Accounts | 40 |
| Local Options | 42 |
| Other Security Considerations | 45 |
| Windows Component Selection and Installation | 45 |
| Tightening Running Services | 45 |
| Checkpoints | 46 |
Chapter 4 | Windows XP Security | 49 |
| Implementing a Firewall | 49 |
| Changes to Services | 51 |
| Microsoft Baseline Security Analyzer Patch Check and Security Tests | 64 |
| Installing Microsoft Baseline Security Analyzer | 64 |
| Penetration Tests | 65 |
| File System Security | 65 |
| Disable Automated Logins | 66 |
| Hardening Default Accounts | 66 |
| Using Forensic Analysis Techniques | 68 |
| Checkpoints | 69 |
Chapter 5 | Defining Enterprise Security Policies with Windows 2000 and Later | 71 |
| System Policies, Group Policies, and Interaction | 72 |
| Mixing Policies and Operating Systems | 73 |
| Security and the Group Policy Framework | 77 |
| Organized Layout of Policies | 78 |
| Policy Application Precedence | 79 |
| Creating Security Configuration Files | 80 |
| Default Domain Policy | 82 |
| Default Domain Controller Security Policies | 82 |
| Troubleshooting Group Policy | 83 |
| Checkpoints | 84 |
Chapter 6 | Patch Management | 87 |
| About Software Update Services | 87 |
| Comparing Software Update Services to Systems Management Server | 88 |
| Using Software Update Services: On the Server Side | 90 |
| Using SUS: On the Client Side | 99 |
| Checkpoints | 102 |
Chapter 7 | Network Access quarantine Control | 105 |
| How Network Access Quarantine Works | 106 |
| A Step-by-Step Overview of Network Access Quarantine Control | 106 |
| Deploying NAQC | 108 |
| Creating Quarantined Resources | 108 |
| Writing the Baseline Script | 109 |
| Installing the Listening Components | 112 |
| Creating a Quarantined Connection Profile | 113 |
| Distributing the Profile to Remote Users | 116 |
| Configuring the Quarantine Policy | 116 |
| Checkpoints | 122 |
Chapter 8 | Internet Information Services Security | 123 |
| Completely Disable IIS | 123 |
| Checking for Updates on Machines | 124 |
| Keeping IIS Updated | 126 |
| Securing Files, Folders, and Scripts | 127 |
| The Microsoft Indexing Service | 129 |
| TCP/IP Port Evaluation | 131 |
| Administrative and Default Pages | 133 |
| The Ins and Outs of Internet Services Application Programming Interface | 134 |
| Looking at Apache as an Alternative | 134 |
| Checkpoints | 135 |
Chapter 9 | Exchange 2000 Server Security | 137 |
| Installation Security | 137 |
| Security Policy Modifications | 138 |
| For Exchange Server Machines | 139 |
| For Domain Controller Machines | 139 |
| Service Security | 140 |
| Patch Management | 141 |
| Protecting Against Address Spoofing | 142 |
| Protecting Against Denial-of-Service Attacks | 144 |
| Restricting SMTP Access | 146 |
| Controlling Access | 148 |
| Checkpoints | 149 |
Chapter 10 | Security Auditing and Event Logs | 151 |
| For Windows 2000, XP, and Server 2003 | 151 |
| Recommended Items to Audit | 153 |
| Event Logs | 153 |
| For Windows NT 4.0 | 155 |
| Recommended Items to Audit | 156 |
| The Event Log | 157 |
| Filtering Events | 157 |
| What Might Be Missing | 158 |
| Checkpoints | 158 |
Appendix | Quick-Reference Checklists | 161 |
| Index | 173 |