- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
Written from the hacker's perspective, Maximum Windows 2000 Security is a comprehensive, solutions-oriented guide to Windows 2000 security.
Topics include:
Physical & File System Security, Password Security, Malicious Code, Windows 2000 Network Security Architecture and Professional Protocols, Web Server Security, Denial of Service Attacks, Intrusion Detection, Hacking Secure Code in Windows 2000.
Andere Kunden interessierten sich auch für
![Hardening Windows]( "Hardening Windows")
Jonathan HassellHardening Windows23,99 €![Security for Microsoft Windows System Administrators]( "Security for Microsoft Windows System Administrators")
Derrick RountreeSecurity for Microsoft Windows System Administrators31,99 €![Windows XP Professional Security]( "Windows XP Professional Security")
Chris WeberWindows XP Professional Security51,99 €![Microsoft Vista for IT Security Professionals]( "Microsoft Vista for IT Security Professionals")
Anthony PiltzeckerMicrosoft Vista for IT Security Professionals58,99 €![Troubleshooting with the Windows Sysinternals Tools]( "Troubleshooting with the Windows Sysinternals Tools")
Mark RussinovichTroubleshooting with the Windows Sysinternals Tools38,99 €![Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, Third Edition]( "Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, Third Edition")
Joel ScambrayHacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, Third Edition57,99 €![Solaris 9 Administration: A Beginner's Guide]( "Solaris 9 Administration: A Beginner's Guide")
Paul A. WattersSolaris 9 Administration: A Beginner's Guide42,99 €-
-
-
Written from the hacker's perspective, Maximum Windows 2000 Security is a comprehensive, solutions-oriented guide to Windows 2000 security.
Topics include:
Physical & File System Security,
Password Security,
Malicious Code,
Windows 2000 Network Security Architecture and Professional Protocols,
Web Server Security,
Denial of Service Attacks,
Intrusion Detection,
Hacking Secure Code in Windows 2000.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Topics include:
Physical & File System Security,
Password Security,
Malicious Code,
Windows 2000 Network Security Architecture and Professional Protocols,
Web Server Security,
Denial of Service Attacks,
Intrusion Detection,
Hacking Secure Code in Windows 2000.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- Maximum Security
- Verlag: Sams
- Seitenzahl: 624
- Erscheinungstermin: Januar 2001
- Englisch
- Abmessung: 231mm x 186mm x 36mm
- Gewicht: 1020g
- ISBN-13: 9780672319655
- ISBN-10: 0672319659
- Artikelnr.: 09297196
- Maximum Security
- Verlag: Sams
- Seitenzahl: 624
- Erscheinungstermin: Januar 2001
- Englisch
- Abmessung: 231mm x 186mm x 36mm
- Gewicht: 1020g
- ISBN-13: 9780672319655
- ISBN-10: 0672319659
- Artikelnr.: 09297196
Anonymous is a reformed hacker and programmer and is currently at work building one of the world's largest computer security archives. While running an Internet security consulting company, he also moonlights doing contract programming for several Fortune 500 firms. ? 1. Maximum Security, Third Edition, 0-672-31871-7, $49.99, Sams, May 2001 ? 2. Maximum Linux Security, Second Edition, 0-672-32134-3, $49.99, Sams, June 2001 Mark Burnett is a consultant specializing in IIS and Windows 2000 security. He is the original founder of Xato Network Security, and is currently managing editor of the IIS Security Insider newsletter. L.J. Locher is a network administrator, programmer, security consultant who has written articles for Windows 2000 Magazine and contributed to several books for Microsoft Press and others. Chris Doyle is CEO/managing consultant for Coneth Solutions, a leading IT consulting firm in northern California. Chris Amaris is the chief technology office and cofounder of Convergent Computing, a Bay Area consulting firm specializing in security, performance tuning, network/systems management, infrastructure migration, and messaging. Rand Morimoto is a well-known author, consultant, and speaker on subjects ranging from electronic commerce to electronic messaging to Internet security.
Introduction.
I. INTRODUCTION TO WINDOWS 2000 SERVER SECURITY.
1. Hacking Windows 2000 Servers.
What Makes Windows 2000 Vulnerable. Knowing the Tools. Summary.
2. Windows 2000 Server Security Features.
Windows 2000 Security Features. Enhanced Access Control. Enhanced Network
Control. IPSec and VPNs. Kerberos. Advanced Authentication Support. File
System Encryption. Logging. Summary.
3. The Hacker Toolkit.
Types of Tools. The Hacker's Toolkit. Tools for Your Tools. Building Tools.
The Basic Tools. Summary.
II. WINDOWS 2000 SERVER SECURITY BASICS.
4. Hacking Windows 2000: Getting Started.
Finding Networks. Finding Windows 2000 Servers. Finding Open Services.
Evading Detection. Summary.
5. Installing Windows 2000: The First Step Toward Security.
Pre-Installation Considerations. The Installation Process. Summary.
6. Password Security.
Inside Windows 2000 Passwords. What Are Hashes? Cracking Windows 2000
Passwords. Finding Password Hashes. Cracking Password Hashes. Protecting
Passwords through Security Policy. Protecting Passwords through User
Education. Password Synchronization with Existing Unix Systems.
Miscellaneous Password Issues. Maximum Password Security. Summary on
Password Security.
7. Windows 2000 Services.
Understanding How Services Work. Windows 2000 Services. Summary.
III. WINDOWS 2000 NETWORKING.
8. Windows 2000 Network Security Architecture.
Active Directory. Internet Protocol Security (IPSec). Public Key
Infrastructure (PKI). Understanding Workgroups. Understanding Windows 2000
Domains. Interoperability and Heterogeneous Network Features. Further
Reading on Windows 2000 Network Security and on Windows 2000
Interoperability. Summary.
9. Network Protocols, Clients, and Services.
Open Systems Interconnection (OSI) Reference Model. TCP/IP. Windows 2000
Clients, Protocols, and Services. Name Resolution Services. Summary.
10. Trojans and Backdoors.
Understanding Malicious Code Attacks. Recent Malicious Code Attacks.
Protecting Windows 2000 Networks against Malicious Code Attacks. Additional
Resources for Preventing Malicious Code Attacks. Summary.
11. Active Directory.
Active Directory Namespace. Active Directory Objects. Distributed Security.
File and Folder Permissions. Summary.
12. Security Policy and Configuration.
Security Configuration Tool Set. What Is the Microsoft Management Console
(MMC)? Security Areas. Security Configuration Tool Set Components. Security
Templates. Security Configuration and Analysis Tool. Security Settings
Extension for the Group Policy Snap-In. secedit.exe Command-Line Tool.
Summary.
13. Exploiting Web Services.
Background of Web Services. Finding Vulnerable Pathways to Accessible Web
Servers. Acquiring Administrative Access to a Web Server. Physically
Accessing an IIS Server. Defacing (Tagging) a Server. Causing Server
Congestion. Summary.
14. Protecting Web Services.
How Secure Can You Make Your Web Services. Step 1: Security Updates for
IIS. Step 2: Who Needs Access to Your Web Server? Step 3: From Whom Are You
Trying to Protect Your Server? Step 4: What Are You Trying to Protect. Step
5: Where Are Your Vulnerabilities. Step 6: How to Test for Vulnerability.
Step 7: Monitoring and Logging Server Activities. Summary.
15. Protecting Other Internet Services.
Overview and Goals. General Planning for Secure Systems. Hardening the
Windows 2000 Operating System. Securing FTP Services. Securing SMTP
Services. Protecting Windows 2000 DNS Servers. Summary.
16. TCP Filtering and Firewalls.
What Is a Firewall? Types of Firewalls. IP Filtering. Firewalls for Windows
2000 Enterprises. Personal Firewalls. Further Reading on Firewalls.
Summary.
17. Denial of Service.
Overview and Goals. Understanding Denial of Service Attacks. DOS Attacks
and Prevention. Infamous Denial of Service Attacks. Protecting Windows 2000
Networks against Denial of Service Attacks. Summary.
18. Spoofing.
General IP Spoofing Attack Concepts. TCP SYN Flooding and IP Spoofing
Attacks. Other Types of Spoofing Attacks. ARP Spoofing. DNS Spoofing. Web
Spoofing. Lower the Vulnerability of Your Web Site. Registry Settings to
Help Protect Your Network. Further Reading on Spoofing. Summary.
IV. PRIVACY AND ENCRYPTION IN A WINDOWS 2000 ENVIRONMENT.
19. Privacy and Encryption in a Windows 2000 Environment.
Basic Privacy Protection Concepts. Cryptography Primer. Components of
Cryptography. Introduction to Public Key Infrastructure (PKI). Risk Factors
to Consider for Windows 2000 Cryptography Features. Further Reading on PKI
and Cryptography. Summary.
20. IPSec.
Peeping Tom or Protocol Snooping. Privacy, Please! How Did We Do That? The
Technical Details. IPSec Tools. Request for Comments. Summary.
21. Virtual Private Networking.
Why Not Call In? Setting Up the VPN. Technical Details. Request for
Comments. Summary.
V. MAINTAINING WINDOWS 2000 SERVER SECURITY.
22. Log Monitoring and Analysis.
What Is Logging, Exactly? Default Logging Support in Windows 2000. FTP
Server Logs. IIS Web Server Logs. The Performance Logs and Alerts Tool.
Summary.
23. Intrusion Detection.
Types of Intrusion Detection Systems. Detection Methods Used by Intrusion
Detection Systems. Common Threats to Networks and Systems. Intrusion
Detection Tools. Methods of Evading an Intrusion Detection System. Methods
of Defeating an Intrusion Detection System. How to Select an Intrusion
Detection System. Further Reading on Intrusion Detection. Honeypots.
Summary.
24. Backups and Disaster Recovery.
Planning a Backup Strategy. Backup and Restore Permissions. Choosing Your
Backup Tools. Microsoft Windows Backup. Backing Up Your Data. mtfcheck:
Verifying Backup Tapes from Scripts. regback: Registry Backup. regrest:
Restoring Registry regback Backups. More Backup Strategies. Summary.
Index.
I. INTRODUCTION TO WINDOWS 2000 SERVER SECURITY.
1. Hacking Windows 2000 Servers.
What Makes Windows 2000 Vulnerable. Knowing the Tools. Summary.
2. Windows 2000 Server Security Features.
Windows 2000 Security Features. Enhanced Access Control. Enhanced Network
Control. IPSec and VPNs. Kerberos. Advanced Authentication Support. File
System Encryption. Logging. Summary.
3. The Hacker Toolkit.
Types of Tools. The Hacker's Toolkit. Tools for Your Tools. Building Tools.
The Basic Tools. Summary.
II. WINDOWS 2000 SERVER SECURITY BASICS.
4. Hacking Windows 2000: Getting Started.
Finding Networks. Finding Windows 2000 Servers. Finding Open Services.
Evading Detection. Summary.
5. Installing Windows 2000: The First Step Toward Security.
Pre-Installation Considerations. The Installation Process. Summary.
6. Password Security.
Inside Windows 2000 Passwords. What Are Hashes? Cracking Windows 2000
Passwords. Finding Password Hashes. Cracking Password Hashes. Protecting
Passwords through Security Policy. Protecting Passwords through User
Education. Password Synchronization with Existing Unix Systems.
Miscellaneous Password Issues. Maximum Password Security. Summary on
Password Security.
7. Windows 2000 Services.
Understanding How Services Work. Windows 2000 Services. Summary.
III. WINDOWS 2000 NETWORKING.
8. Windows 2000 Network Security Architecture.
Active Directory. Internet Protocol Security (IPSec). Public Key
Infrastructure (PKI). Understanding Workgroups. Understanding Windows 2000
Domains. Interoperability and Heterogeneous Network Features. Further
Reading on Windows 2000 Network Security and on Windows 2000
Interoperability. Summary.
9. Network Protocols, Clients, and Services.
Open Systems Interconnection (OSI) Reference Model. TCP/IP. Windows 2000
Clients, Protocols, and Services. Name Resolution Services. Summary.
10. Trojans and Backdoors.
Understanding Malicious Code Attacks. Recent Malicious Code Attacks.
Protecting Windows 2000 Networks against Malicious Code Attacks. Additional
Resources for Preventing Malicious Code Attacks. Summary.
11. Active Directory.
Active Directory Namespace. Active Directory Objects. Distributed Security.
File and Folder Permissions. Summary.
12. Security Policy and Configuration.
Security Configuration Tool Set. What Is the Microsoft Management Console
(MMC)? Security Areas. Security Configuration Tool Set Components. Security
Templates. Security Configuration and Analysis Tool. Security Settings
Extension for the Group Policy Snap-In. secedit.exe Command-Line Tool.
Summary.
13. Exploiting Web Services.
Background of Web Services. Finding Vulnerable Pathways to Accessible Web
Servers. Acquiring Administrative Access to a Web Server. Physically
Accessing an IIS Server. Defacing (Tagging) a Server. Causing Server
Congestion. Summary.
14. Protecting Web Services.
How Secure Can You Make Your Web Services. Step 1: Security Updates for
IIS. Step 2: Who Needs Access to Your Web Server? Step 3: From Whom Are You
Trying to Protect Your Server? Step 4: What Are You Trying to Protect. Step
5: Where Are Your Vulnerabilities. Step 6: How to Test for Vulnerability.
Step 7: Monitoring and Logging Server Activities. Summary.
15. Protecting Other Internet Services.
Overview and Goals. General Planning for Secure Systems. Hardening the
Windows 2000 Operating System. Securing FTP Services. Securing SMTP
Services. Protecting Windows 2000 DNS Servers. Summary.
16. TCP Filtering and Firewalls.
What Is a Firewall? Types of Firewalls. IP Filtering. Firewalls for Windows
2000 Enterprises. Personal Firewalls. Further Reading on Firewalls.
Summary.
17. Denial of Service.
Overview and Goals. Understanding Denial of Service Attacks. DOS Attacks
and Prevention. Infamous Denial of Service Attacks. Protecting Windows 2000
Networks against Denial of Service Attacks. Summary.
18. Spoofing.
General IP Spoofing Attack Concepts. TCP SYN Flooding and IP Spoofing
Attacks. Other Types of Spoofing Attacks. ARP Spoofing. DNS Spoofing. Web
Spoofing. Lower the Vulnerability of Your Web Site. Registry Settings to
Help Protect Your Network. Further Reading on Spoofing. Summary.
IV. PRIVACY AND ENCRYPTION IN A WINDOWS 2000 ENVIRONMENT.
19. Privacy and Encryption in a Windows 2000 Environment.
Basic Privacy Protection Concepts. Cryptography Primer. Components of
Cryptography. Introduction to Public Key Infrastructure (PKI). Risk Factors
to Consider for Windows 2000 Cryptography Features. Further Reading on PKI
and Cryptography. Summary.
20. IPSec.
Peeping Tom or Protocol Snooping. Privacy, Please! How Did We Do That? The
Technical Details. IPSec Tools. Request for Comments. Summary.
21. Virtual Private Networking.
Why Not Call In? Setting Up the VPN. Technical Details. Request for
Comments. Summary.
V. MAINTAINING WINDOWS 2000 SERVER SECURITY.
22. Log Monitoring and Analysis.
What Is Logging, Exactly? Default Logging Support in Windows 2000. FTP
Server Logs. IIS Web Server Logs. The Performance Logs and Alerts Tool.
Summary.
23. Intrusion Detection.
Types of Intrusion Detection Systems. Detection Methods Used by Intrusion
Detection Systems. Common Threats to Networks and Systems. Intrusion
Detection Tools. Methods of Evading an Intrusion Detection System. Methods
of Defeating an Intrusion Detection System. How to Select an Intrusion
Detection System. Further Reading on Intrusion Detection. Honeypots.
Summary.
24. Backups and Disaster Recovery.
Planning a Backup Strategy. Backup and Restore Permissions. Choosing Your
Backup Tools. Microsoft Windows Backup. Backing Up Your Data. mtfcheck:
Verifying Backup Tapes from Scripts. regback: Registry Backup. regrest:
Restoring Registry regback Backups. More Backup Strategies. Summary.
Index.
Introduction.
I. INTRODUCTION TO WINDOWS 2000 SERVER SECURITY.
1. Hacking Windows 2000 Servers.
What Makes Windows 2000 Vulnerable. Knowing the Tools. Summary.
2. Windows 2000 Server Security Features.
Windows 2000 Security Features. Enhanced Access Control. Enhanced Network
Control. IPSec and VPNs. Kerberos. Advanced Authentication Support. File
System Encryption. Logging. Summary.
3. The Hacker Toolkit.
Types of Tools. The Hacker's Toolkit. Tools for Your Tools. Building Tools.
The Basic Tools. Summary.
II. WINDOWS 2000 SERVER SECURITY BASICS.
4. Hacking Windows 2000: Getting Started.
Finding Networks. Finding Windows 2000 Servers. Finding Open Services.
Evading Detection. Summary.
5. Installing Windows 2000: The First Step Toward Security.
Pre-Installation Considerations. The Installation Process. Summary.
6. Password Security.
Inside Windows 2000 Passwords. What Are Hashes? Cracking Windows 2000
Passwords. Finding Password Hashes. Cracking Password Hashes. Protecting
Passwords through Security Policy. Protecting Passwords through User
Education. Password Synchronization with Existing Unix Systems.
Miscellaneous Password Issues. Maximum Password Security. Summary on
Password Security.
7. Windows 2000 Services.
Understanding How Services Work. Windows 2000 Services. Summary.
III. WINDOWS 2000 NETWORKING.
8. Windows 2000 Network Security Architecture.
Active Directory. Internet Protocol Security (IPSec). Public Key
Infrastructure (PKI). Understanding Workgroups. Understanding Windows 2000
Domains. Interoperability and Heterogeneous Network Features. Further
Reading on Windows 2000 Network Security and on Windows 2000
Interoperability. Summary.
9. Network Protocols, Clients, and Services.
Open Systems Interconnection (OSI) Reference Model. TCP/IP. Windows 2000
Clients, Protocols, and Services. Name Resolution Services. Summary.
10. Trojans and Backdoors.
Understanding Malicious Code Attacks. Recent Malicious Code Attacks.
Protecting Windows 2000 Networks against Malicious Code Attacks. Additional
Resources for Preventing Malicious Code Attacks. Summary.
11. Active Directory.
Active Directory Namespace. Active Directory Objects. Distributed Security.
File and Folder Permissions. Summary.
12. Security Policy and Configuration.
Security Configuration Tool Set. What Is the Microsoft Management Console
(MMC)? Security Areas. Security Configuration Tool Set Components. Security
Templates. Security Configuration and Analysis Tool. Security Settings
Extension for the Group Policy Snap-In. secedit.exe Command-Line Tool.
Summary.
13. Exploiting Web Services.
Background of Web Services. Finding Vulnerable Pathways to Accessible Web
Servers. Acquiring Administrative Access to a Web Server. Physically
Accessing an IIS Server. Defacing (Tagging) a Server. Causing Server
Congestion. Summary.
14. Protecting Web Services.
How Secure Can You Make Your Web Services. Step 1: Security Updates for
IIS. Step 2: Who Needs Access to Your Web Server? Step 3: From Whom Are You
Trying to Protect Your Server? Step 4: What Are You Trying to Protect. Step
5: Where Are Your Vulnerabilities. Step 6: How to Test for Vulnerability.
Step 7: Monitoring and Logging Server Activities. Summary.
15. Protecting Other Internet Services.
Overview and Goals. General Planning for Secure Systems. Hardening the
Windows 2000 Operating System. Securing FTP Services. Securing SMTP
Services. Protecting Windows 2000 DNS Servers. Summary.
16. TCP Filtering and Firewalls.
What Is a Firewall? Types of Firewalls. IP Filtering. Firewalls for Windows
2000 Enterprises. Personal Firewalls. Further Reading on Firewalls.
Summary.
17. Denial of Service.
Overview and Goals. Understanding Denial of Service Attacks. DOS Attacks
and Prevention. Infamous Denial of Service Attacks. Protecting Windows 2000
Networks against Denial of Service Attacks. Summary.
18. Spoofing.
General IP Spoofing Attack Concepts. TCP SYN Flooding and IP Spoofing
Attacks. Other Types of Spoofing Attacks. ARP Spoofing. DNS Spoofing. Web
Spoofing. Lower the Vulnerability of Your Web Site. Registry Settings to
Help Protect Your Network. Further Reading on Spoofing. Summary.
IV. PRIVACY AND ENCRYPTION IN A WINDOWS 2000 ENVIRONMENT.
19. Privacy and Encryption in a Windows 2000 Environment.
Basic Privacy Protection Concepts. Cryptography Primer. Components of
Cryptography. Introduction to Public Key Infrastructure (PKI). Risk Factors
to Consider for Windows 2000 Cryptography Features. Further Reading on PKI
and Cryptography. Summary.
20. IPSec.
Peeping Tom or Protocol Snooping. Privacy, Please! How Did We Do That? The
Technical Details. IPSec Tools. Request for Comments. Summary.
21. Virtual Private Networking.
Why Not Call In? Setting Up the VPN. Technical Details. Request for
Comments. Summary.
V. MAINTAINING WINDOWS 2000 SERVER SECURITY.
22. Log Monitoring and Analysis.
What Is Logging, Exactly? Default Logging Support in Windows 2000. FTP
Server Logs. IIS Web Server Logs. The Performance Logs and Alerts Tool.
Summary.
23. Intrusion Detection.
Types of Intrusion Detection Systems. Detection Methods Used by Intrusion
Detection Systems. Common Threats to Networks and Systems. Intrusion
Detection Tools. Methods of Evading an Intrusion Detection System. Methods
of Defeating an Intrusion Detection System. How to Select an Intrusion
Detection System. Further Reading on Intrusion Detection. Honeypots.
Summary.
24. Backups and Disaster Recovery.
Planning a Backup Strategy. Backup and Restore Permissions. Choosing Your
Backup Tools. Microsoft Windows Backup. Backing Up Your Data. mtfcheck:
Verifying Backup Tapes from Scripts. regback: Registry Backup. regrest:
Restoring Registry regback Backups. More Backup Strategies. Summary.
Index.
I. INTRODUCTION TO WINDOWS 2000 SERVER SECURITY.
1. Hacking Windows 2000 Servers.
What Makes Windows 2000 Vulnerable. Knowing the Tools. Summary.
2. Windows 2000 Server Security Features.
Windows 2000 Security Features. Enhanced Access Control. Enhanced Network
Control. IPSec and VPNs. Kerberos. Advanced Authentication Support. File
System Encryption. Logging. Summary.
3. The Hacker Toolkit.
Types of Tools. The Hacker's Toolkit. Tools for Your Tools. Building Tools.
The Basic Tools. Summary.
II. WINDOWS 2000 SERVER SECURITY BASICS.
4. Hacking Windows 2000: Getting Started.
Finding Networks. Finding Windows 2000 Servers. Finding Open Services.
Evading Detection. Summary.
5. Installing Windows 2000: The First Step Toward Security.
Pre-Installation Considerations. The Installation Process. Summary.
6. Password Security.
Inside Windows 2000 Passwords. What Are Hashes? Cracking Windows 2000
Passwords. Finding Password Hashes. Cracking Password Hashes. Protecting
Passwords through Security Policy. Protecting Passwords through User
Education. Password Synchronization with Existing Unix Systems.
Miscellaneous Password Issues. Maximum Password Security. Summary on
Password Security.
7. Windows 2000 Services.
Understanding How Services Work. Windows 2000 Services. Summary.
III. WINDOWS 2000 NETWORKING.
8. Windows 2000 Network Security Architecture.
Active Directory. Internet Protocol Security (IPSec). Public Key
Infrastructure (PKI). Understanding Workgroups. Understanding Windows 2000
Domains. Interoperability and Heterogeneous Network Features. Further
Reading on Windows 2000 Network Security and on Windows 2000
Interoperability. Summary.
9. Network Protocols, Clients, and Services.
Open Systems Interconnection (OSI) Reference Model. TCP/IP. Windows 2000
Clients, Protocols, and Services. Name Resolution Services. Summary.
10. Trojans and Backdoors.
Understanding Malicious Code Attacks. Recent Malicious Code Attacks.
Protecting Windows 2000 Networks against Malicious Code Attacks. Additional
Resources for Preventing Malicious Code Attacks. Summary.
11. Active Directory.
Active Directory Namespace. Active Directory Objects. Distributed Security.
File and Folder Permissions. Summary.
12. Security Policy and Configuration.
Security Configuration Tool Set. What Is the Microsoft Management Console
(MMC)? Security Areas. Security Configuration Tool Set Components. Security
Templates. Security Configuration and Analysis Tool. Security Settings
Extension for the Group Policy Snap-In. secedit.exe Command-Line Tool.
Summary.
13. Exploiting Web Services.
Background of Web Services. Finding Vulnerable Pathways to Accessible Web
Servers. Acquiring Administrative Access to a Web Server. Physically
Accessing an IIS Server. Defacing (Tagging) a Server. Causing Server
Congestion. Summary.
14. Protecting Web Services.
How Secure Can You Make Your Web Services. Step 1: Security Updates for
IIS. Step 2: Who Needs Access to Your Web Server? Step 3: From Whom Are You
Trying to Protect Your Server? Step 4: What Are You Trying to Protect. Step
5: Where Are Your Vulnerabilities. Step 6: How to Test for Vulnerability.
Step 7: Monitoring and Logging Server Activities. Summary.
15. Protecting Other Internet Services.
Overview and Goals. General Planning for Secure Systems. Hardening the
Windows 2000 Operating System. Securing FTP Services. Securing SMTP
Services. Protecting Windows 2000 DNS Servers. Summary.
16. TCP Filtering and Firewalls.
What Is a Firewall? Types of Firewalls. IP Filtering. Firewalls for Windows
2000 Enterprises. Personal Firewalls. Further Reading on Firewalls.
Summary.
17. Denial of Service.
Overview and Goals. Understanding Denial of Service Attacks. DOS Attacks
and Prevention. Infamous Denial of Service Attacks. Protecting Windows 2000
Networks against Denial of Service Attacks. Summary.
18. Spoofing.
General IP Spoofing Attack Concepts. TCP SYN Flooding and IP Spoofing
Attacks. Other Types of Spoofing Attacks. ARP Spoofing. DNS Spoofing. Web
Spoofing. Lower the Vulnerability of Your Web Site. Registry Settings to
Help Protect Your Network. Further Reading on Spoofing. Summary.
IV. PRIVACY AND ENCRYPTION IN A WINDOWS 2000 ENVIRONMENT.
19. Privacy and Encryption in a Windows 2000 Environment.
Basic Privacy Protection Concepts. Cryptography Primer. Components of
Cryptography. Introduction to Public Key Infrastructure (PKI). Risk Factors
to Consider for Windows 2000 Cryptography Features. Further Reading on PKI
and Cryptography. Summary.
20. IPSec.
Peeping Tom or Protocol Snooping. Privacy, Please! How Did We Do That? The
Technical Details. IPSec Tools. Request for Comments. Summary.
21. Virtual Private Networking.
Why Not Call In? Setting Up the VPN. Technical Details. Request for
Comments. Summary.
V. MAINTAINING WINDOWS 2000 SERVER SECURITY.
22. Log Monitoring and Analysis.
What Is Logging, Exactly? Default Logging Support in Windows 2000. FTP
Server Logs. IIS Web Server Logs. The Performance Logs and Alerts Tool.
Summary.
23. Intrusion Detection.
Types of Intrusion Detection Systems. Detection Methods Used by Intrusion
Detection Systems. Common Threats to Networks and Systems. Intrusion
Detection Tools. Methods of Evading an Intrusion Detection System. Methods
of Defeating an Intrusion Detection System. How to Select an Intrusion
Detection System. Further Reading on Intrusion Detection. Honeypots.
Summary.
24. Backups and Disaster Recovery.
Planning a Backup Strategy. Backup and Restore Permissions. Choosing Your
Backup Tools. Microsoft Windows Backup. Backing Up Your Data. mtfcheck:
Verifying Backup Tapes from Scripts. regback: Registry Backup. regrest:
Restoring Registry regback Backups. More Backup Strategies. Summary.
Index.