A Must-Have Resource for Critical
Security Information
Michael O'Dea
“HackNotes Windows Security Portable Reference distills into a small form factor
the encyclopedic information in the original Hacking Exposed: Windows 2000.”
—Joel Scambray, coauthor of Hacking Exposed 4th Edition, Hacking
Exposed Windows 2000, and Hacking Exposed Web Applications;
Senior Director of Security, Microsoft’s MSN
“HackNotes Windows Security Portable Reference takes a ‘Just the Facts,
Ma’am’ approach to securing your Windows infrastructure. It checks the overly
long exposition at the door, focusing on specific areas of attack and defense.
If you’re more concerned with securing systems than speed-reading
thousand-page tech manuals, stash this one in your laptop case now.”
—Chip Andrews, www.sqlsecurity.com, Black Hat Speaker, and
—Chip Andrews, www.sqlsecurity.com, Black Hat Speaker, and
coauthor of SQL Server Security
“No plan, no matter how well-conceived, survives contact with the enemy.
That’s why Michael O’Dea’s HackNotes Windows Security Portable Reference
is a must-have for today’s over-burdened, always-on-the-move security
professional. Keep this one in your hip pocket. It will help you prevent your
enemies from gaining the initiative.”
—Dan Verton, author of Black Ice: The Invisible Threat of
—Dan Verton, author of Black Ice: The Invisible Threat of
Cyber-Terrorism and award-winning senior writer for Computerworld
“HackNotes Windows Security Portable Reference covers very interesting
and pertinent topics, especially ones such as common ports and services,
NetBIOS name table definitions, and other very specific areas that are essential
to understand if one is to genuinely comprehend how Windows systems are
attacked. Author Michael O’Dea covers not only well-known but also more
obscure (but nevertheless potentially dangerous) attacks. Above all else, he
writes in a very clear, well-organized, and concise style—a style that very few
technical books can match.”
—Dr. Eugene Schultz, Ph.D., CISSP, CISM, Principle Computer Systems
Engineer, University of California-Berkeley, Prominent SANS speaker
===================
Contents
Acknowledgments. . . . . . . ix
HackNotes: The Series . . . xi
Introduction . . . . . . . .. . . xiii
Reference Center
Hacking Fundamentals: Concepts . . . RC 2
ICMP Message Types . . . . . . . . . . . . RC 5
Common Ports and Services . . . . . . . . RC 7
Common NetBIOS Name Table Definitions .RC 12
Windows Security Fundamentals: Concepts . RC 13
Windows Default User Accounts . . . . . RC 14
Windows Authentication Methods . . . . .RC 15
Common Security Identifiers (SIDs) . . . RC 16
Windows NT File System Permissions . . RC 17
Useful Character Encodings . . . . . . . . . RC 18
Testing for Internet Information Services
ISAPI Applications . . . . . .. RC 21
Security Related Group Policy Settings .RC 22
Useful Tools . . . . . . . . . . . . . RC 26
Quick Command Lines . . . . . . RC 28
WinPcap / libpcap Filter Reference . RC 29
nslookup Command Reference RC 30
Microsoft Management Console . RC 31
Online References . . . . . . . . . . . . RC 32
Part I
Hacking Fundamentals
■ 1 Footprinting: Knowing Where to Look
Footprinting Explained . .. . . . . 4
Footprinting Using DNS . .. . . . 4
Footprinting Using Public
Network Information . .. . . . 10
Summary . . . . . . . . . . . . . . . 12
■ 2 Scanning: Skulking About
Scanning Explained . . . . . . . . . . 14
How Port Scanning Works . . . . . 14
Port Scanning Utilities . . . . . . . . . 21
Summary . . . . . . . . . . . . . . . . . . 30
■ 3 Enumeration: Social Engineering, Network Style
Enumeration Overview . . . . . . . . . 32
DNS Enumeration (TCP/53, UDP/53) . 35
NetBIOS over TCP/IP Helpers (UDP/137,
UDP 138, TCP/139, and TCP/445) . . . 37
Summary . . . . . . . . . . . . . . . .. 48
■ 4 Packet Sniffing: The Ultimate Authority
The View from the Wire . . . .. . 50
Windows Packet Sniffing . . . . . 50
Summary . . . . . . . . . . . . . . . . . 57
■ 5 Fundamentals of Windows Security
Components of the Windows Security Model . .. 60
Security Operators: Users and User Contexts . . . 60
Authentication . . . . . . . . . . . . . . . . . . . . . . . . 66
Windows Security Providers . . . . . . . . . . . . . . 69
Active Directory and Domains . . . . . . . . . . . . 70
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Part II
Windows 2000 and 2003 Server Hacking Techniques & Defenses
■ 6 Probing Common Windows Services
Most Commonly Attacked Windows Services . . 76
Server Message Block Revisited . . . ........... . . . 76
Probing Microsoft SQL Server . . . . . . . . . . . . 89
Microsoft Terminal Services /
Remote Desktop (TCP 3389) . . . .. 93
Summary . . . . . . . . . . . . . . . . . . . . 96
■ 7 Hacking Internet Information Services
Working with HTTP Services. 98
Simple HTTP Requests . . . . . 98
Speaking HTTP . . . . . . . . . . .99
Delivering Advanced Exploits . 100
Introducing the Doors . . . . . . . .102
The Big Nasties: Command Execution 102
A Kinder, Gentler Attack . . . . . . . . . .. 115
Summary . . . . . . . . . . . . . . . . . . . . . .. 117
Part III
Windows Hardening
■ 8 Understanding Windows Default Services
Windows Services Revealed .. 122
The Top Three Offenders . . . . 122
Internet Information Services/
World Wide Web Publishing Service . . . . 122
Terminal Services . . . . . . . . . . . . . . . . . . 123
Microsoft SQL Server / SQL
Server Resolution Service . . . 123
The Rest of the Field . . . . . ... 123
Summary . . . . . . . . . . . . . . .. 134
■ 9 Hardening Local User Permissions
Windows Access Control Facilities . . . 136
File System Permissions . . . . . . . . . . 136
Local Security Settings . . . . . . . . . . . .146
Summary . . . . . . . . . . . . . . . . . . . . . . .154
■ 10 Domain Security with Group Policies
Group Policy Overview . . . . . . . . . . . . . . . 156
Group Policy Application . . . . . . . . . . . . . . . 157
Working with Group Policies . . . . . . . . . . . . . . 157
Working with Group Policies in Active Directory . 163
Editing Default Domain Policies . . . . . . . . . . .. 164
Controlling Who Is Affected by
Group Policies . . . 165
Using the Group Policy Management
Console . . . 166
Summary . . 168
■ 11 Patch and Update Management
History of Windows Operating System Updates . 170
Automatic or Manual? . . . . . . . . . . . . . . . . . . . . . 171
How to Update Windows Manually . . . . . . . . .. . 172
Manual Updates in Disconnected
Environments . . . . . . . . . . . . . . . . . . . .. 173
Windows Update: What’s in a Name? . . .173
How to Update Windows Automatically .174
Verifying Patch Levels:
The Baseline Security Analyzer . .177
Summary . . . . . . . . . . . . . . . . . 179
Part IV
Windows Security Tools
■ 12 IP Security Policies
IP Security Overview . . . . . . . . . . 184
Working with IPSec Policies . . . . . 185
Default Policies: Quick and Easy .. 186
Advanced IPSec Policies . . . . . . . 191
Troubleshooting Notes . . . . . . . . . 197
Summary . . . . . . . . . . . . . . . . . . 197
■ 13 Encrypting File System
How EFS Works . . . . . . . . . . . . . . 200
Public Key Cryptography and EFS . 200
User Encryption Certificates . . . . . . 201
Implementing EFS . . . . . . . . . . . . . 202
Adding Data Recovery Agents . . . .203
Configuring Auto-Enroll User Certificae 205
Setting Up Certificate Server . 206
Using Encrypting File System . 209
Summary . . . . . . . . . . . . . . . . . 212
■ 14 Securing IIS 5.0
Simplifying Security . . . . . . . . . . . . . . . 214
The IIS Lockdown Tool . . . . . . . .. . . . 215
How the IIS Lockdown Tool Works . . 217
URLScan ISAPI Filter Application . . . 218
Disabling URLScan . . . . . . . . . . . . . . 220
IIS Metabase Editor . . . . . . . . . . . . . . 221
Summary . . . . . . . . . . . . . . . . . . . . 222
■ 15 Windows 2003 Security Advancements
What’s New in Windows 2003 . . 224
Internet Information Services 6.0 . .224
More Default Security . . . . . . . .. . 227
Improved Security Facilities . . . . . 232
Summary . . . . . . . 233
■ Index . . . . . . . . . . .235
---------------------------------------------
Screenshot
The Windows family of operating systems boasts some of the most user-friendly administrative controls available on the market today. The consistent, intuitive interface of both the workstation and server editions allow users to feel their way through complicated processes like setting up web services, remote administration, or file sharing with minimal assistance. This trait has been a cornerstone of the popularity of the Windows operating systems. It has also been a cornerstone of the Windows security track record.
Purchase Now !
Just with Paypal
●▬▬▬❂❂❂▬▬▬●
Product details
Price
|
|
|---|---|
File Size
| 4,919 KB |
Pages
|
289 p |
File Type
|
PDF format |
ISBN
| 0-07-222785-0 |
Copyright
| 2003 by The McGraw-Hill Companies |
●▬▬▬❂❂▬▬▬●
●▬▬❂▬▬●
═════●●═════
