A revolutionary, soups-to-nuts approach to network security from two of Microsoft's leading security experts
The authors are the two most widely known security experts at Microsoft, and will be promoting this book extensively
Provides a unique approach to network security, covering all seven layers of the Defense in Depth model
Contains information on topics not covered in other books, such as Network Threat Modeling, the Defense in Depth Model, and security dependencies
Product Description
While there are a lot of books available on network security, most of them take
the approach of focusing on the attacks, on the hacks, and responding to those
on a one-by-one basis. This book does just the opposite, focusing on a holistic
approach to protecting your entire network. It covers all seven layers of the
Defense in Depth (DID) Model, as well as other material not covered in any
other books. DID refers to a system of combining defenses to provide added
protection. Since there are then multiple barriers between the attacker and the
attacked, this increases the level of security, and increases the cost of the attack
to the attacker. The authors are two senior members of Microsoft's Security
and Business Technology Unit (SBTU), and are among the most sought-after
speakers for security conferences. With security being such a strong focus at
Microsoft, this book is destined to become the standard guide for all network
administrators and architects who want to have the most secure Windows
network possible. Features + Benefits
A revolutionary, soups-to-nuts approach to network security from two of Microsoft's leading security experts
° The authors are the two most widely known security experts at Microsoft, and will be promoting this book extensively
° Provides a unique approach to network security, covering all seven layers of the Defense in Depth model
° Contains information on topics not covered in other books, such as Network Threat Modeling, the Defense in Depth Model, and security dependencies
Backcover
Praise for Protect Your Windows Network
Jesper and Steve have done an outstanding job of covering the myriad of issues you must deal with to implement an effective network security policy. If you care about security this book is a must have.
-Mark Russinovich, Chief Software Architect, Winternals Software
Johansson and Riley's new book presents complex issues in straightforward language, examining both the technical and business aspects of network security. As a result, this book is an important tutorial for those responsible for network security; and even non-technical business leaders would learn a lot about how to manage the business risk inherent in their dependence on information technology.
-Scott Charney, Vice President of Trustworthy Computing, Microsoft
These guys have a profound understanding of what it takes to implement secure solutions in the real world! Jesper and Steve have been doing security related work (pen testing, consulting, program management, etc.) internally at Microsoft and for Microsoft's customers for many years. As a result of their real-world experience, they understand that security threats don't confine themselves to the network or the operating system and that to deliver secure solutions, these issues must be tackled at all levels after all of the threats to the environment have been identified. This book distinguishes itself from others in this field in that it does a great job of explaining the threats at many levels (network, operating system, data, and application) and how to counter these threats. A must read for security practitioners!
-Robert Hensing, CISSP, Security Software Engineer-Security Business and Technology Unit, Microsoft Corporation, rhensing@microsoft.com
A good book should make you think. A good computer book should make you change how you are doing things in your network. I was fortunate enough to be setting up a new server as I read the book and incorporated many of the items discussed. The lessons in these chapters have relevance to networks large and small and blow through many of the myths surrounding computer security and guide you in making smarter security decisions. Too many times people focus in on just one aspect or part of a network's security and don't look at the bigger picture. These days I'm doing my very best to keep in mind the bigger picture of the forest (active directory notwithstanding), and not just looking at those trees.
-Susan Bradley, CPA, GSEC, MCP, Small Business Server MVP, http://www.msmvps.com/Bradley , sbradcpa@pacbell.net
Jesper Johansson and Steve Riley's Protect Your Windows Network is a must read for all organizations to gain practical insight and best practices to improve their overall security posture.
-Jon R. Wall, CISSP
Jesper and Steve are two excellent communicators who really know their stuff! If you want to learn more about how to protect yourself and your network, read this book and learn from these two guys!
-Richard Waymire
In order to protect your particular Windows network you need to understand how Windows security mechanisms really work. Protect Your Windows Network gives you an in-depth understanding of Windows security so that you use the security techniques that best map to your needs.
-Chris Wysopal, Director, Development, Symantec Corporation, http://www.symantec.com
Nowadays, a computer that is not connected to a network is fairly limited in its usefulness. At the same time, however, a networked computer is a prime target for criminals looking to take advantage of you and your systems. In this book, Jesper and Steve masterfully demonstrate the whys and hows of protecting and defending your network and its resources, providing invaluable insight and guidance that will help you to ensure your assets are more secure.
-Stephen Toub, Technical Editor, MSDN Magazine, stoub@microsoft.com
Security is more than knobs and switches. It is a mind set. Jesper Johansson and Steve Riley clearly understand this. Protect Your Windows Network is a great book on how you can apply this mind set to people, process, and technology to build and maintain more secure networks. This book is a must read for anyone responsible for protecting their organization's network.
-Ben Smith, Senior Security Strategist, Microsoft Corporation, Author of Microsoft Windows Security Resource Kit 2 and Assessing Network Security
Security is finally getting the mainstream exposure that it has always deserved; Johansson and Riley's book is a fine guide that can complement Microsoft's recent focus on security in the Windows-family operating systems.
-Kenneth Wehr, President, ColumbusFreenet.org
If you have not been able to attend one of the many security conferences around the world that Jesper and Steve presented, this book is the next best thing. They are two of the most popular speakers at Microsoft on Windows security. This is an informative book on how to make your Windows network more secure. Understanding the trade-offs between high security and functionality is a key concept that all Windows users should understand. If you're responsible for network security or an application developer, this book is a must.
-Kevin McDonnell, Microsoft
In this book, two senior members of Microsoft's Security Business and Technology Unit present a complete Defense in Depth model for protecting any Windows network-no matter how large or complex. Drawing on their work with hundreds of enterprise customers, they systematically address all three elements of a successful security program: people, processes, and technology.
Unlike security books that focus on individual attacks and countermeasures, this book shows how to address the problem holistically and in its entirety. Through hands-on examples and practical case studies, you will learn how to integrate multiple defenses-deterring attacks, delaying them, and increasing the cost to the attacker. Coverage includes
Improving security from the top of the network stack to the bottom
Understanding what you need to do right away and what can wait
Avoiding pseudo-solutions that offer a false sense of security
Developing effective security policies-and educating those pesky users
Beefing up your first line of defense: physical and perimeter security
Modeling threats and identifying security dependencies
Preventing rogue access from inside the network
Systematically hardening Windows servers and clients
Protecting client applications, server applications, and Web services
Addressing the unique challenges of small business network security
Authoritative and thorough, Protect Your Windows Network will be the standard Microsoft security guide for sysadmins, netadmins, security professionals, architects, and technical decision-makers alike.
© Copyright Pearson Education. All rights reserved.
Acknowledgments.
About the Authors.
Preface.
I. INTRODUCTION AND FUNDAMENTALS.
1. Introduction to Network Protection.
Why Would Someone Attack Me?
Nobody Will Ever Call You to Tell You How Well the Network Is Working
Introduction to the Defense-in-Depth Model
The Defender's Dilemma
Summary
What You Should Do Today
2. Anatomy of a Hack-The Rise and Fall of Your Network.
What a Penetration Test Will Not Tell You
Why You Need To Understand Hacking
Target Network
Network Footprinting
Initial Compromise
Elevating Privileges
Hacking Other Machines
Taking Over the Domain
Post-mortem
How to Get an Attacker Out of Your Network
Summary
What You Should Do Today
3. Rule Number 1: Patch Your Systems.
Patches Are a Fact of Life
Exercise Good Judgment
What Is a Patch?
Patch Management Is Risk Management
Tools to Manage Security Updates
Advanced Tips and Tricks
Slipstreaming
Summary
What You Should Do Today
II. POLICIES, PROCEDURES, AND USER AWARENESS.
4. Developing Security Policies.
Who Owns Developing Security Policy
What a Security Policy Looks Like
Why a Security Policy Is Necessary
Why So Many Security Policies Fail
Analyzing Your Security Needs to Develop _Appropriate Policies
How to Make Users Aware of Security Policies
Procedures to Enforce Policies
Dealing with Breaches of Policy
More Information
Summary
What You Should Do Today
5. Educating Those Pesky Users.
System Administration ? Security Administration
Securing People
The Problem
Protecting People
Plausibility + Dread + Novelty = Compromise
Things You Should Do Today
III. PHYSICAL AND PERIMETER SECURITY: THE FIRST LINE OF DEFENSE.
6. If You Do Not Have Physical Security, You Do Not Have Security.
But First, a Story
It's a Fundamental Law of Computer Security
The Importance of Physical Access Controls
Protecting Client PCs
The Case of the Stolen Laptop
The Family PC
No Security, Physical or Otherwise, Is Completely Foolproof
Things You Should Do Today
7. Protecting Your Perimeter.
The Objectives of Information Security
The Role of the Network
Start with (What's Left of) Your Border
Next, Use the Right Firewall
Then, Consider Your Remote Access Needs
Finally, Start Thinking About Deperimeterization
Things You Should Do Today
IV. PROTECTING YOUR NETWORK INSIDE THE PERIMETER.
8. Security Dependencies.
Introduction to Security Dependencies
Administrative Security Dependencies
Service Account Dependencies
Mitigating Service and Administrative Dependencies
Other Security Dependencies
Summary
What You Should Do Today
9. Network Threat Modeling.
Network Threat Modeling Process
Document Your Network
Segment Your Network
Restrict Access to Your Network
Summary
What You Should Do Today
10. Preventing Rogue Access Inside the Network.
The Myth of Network Sniffing
Network Protection at Layers 2 and 3
Using 802.1X for Network Protection
Using IPsec for Network Protection
Network Quarantine Systems
Summary
What You Should Do Today
11. Passwords and Other Authentication Mechanisms-The Last Line of Defense.
Introduction
Password Basics
Password History
What Administrators Need to Know About Passwords
Password Best Practices
Recommended Password Policy
Better Than Best Practices-Multifactor Authentication
Summary
What You Should Do Today
V. PROTECTING HOSTS.
12. Server and Client Hardening.
Security Configuration Myths
On to the Tweaks
Top 10 (or so) Server Security Tweaks
Top 10 (or so) Client Security Tweaks
The Caution List-Changes You Should Not Make
Security Configuration Tools
Summary
What You Should Do Today
VI. PROTECTING APPLICATIONS.
13. Protecting User Applications.
Patch Them!
Make Them Run As a Nonadmin
Turn Off Functionality
Restrict Browser Functionality
Attachment Manager
Spyware
Security Between Chair and Keyboard (SeBCAK)
Summary
What You Should Do Today
14. Protecting Services and Server Applications.
You Need a Healthy Disrespect for Your Computer
Rule 1: All Samples Are Evil
Three Steps to Lowering the Attack Surface
What About Service Accounts?
Privileges Your Services Do Not Need
Hardening SQL Server 2000
Hardening IIS 5.0 and 6.0
Summary
What You Should Do Today
15. Security for Small Businesses.
Protect Your Desktops and Laptops
Protect Your Servers
Protect Your Network
Keep Your Data Safe
Use the Internet Safely
Small Business Security Is No Different, Really
What You Should Do Today
16. Evaluating Application Security.
Caution: More Software May Be Hazardous to Your Network Health
Baseline the System
Things to Watch Out For
Summary
What You Should Do Today
VII. PROTECTING DATA.
17. Data-Protection Mechanisms.
Security Group Review
Access Control L
While there are a lot of books available on network security, most of them take
the approach of focusing on the attacks, on the hacks, and responding to those
on a one-by-one basis. This book does just the opposite, focusing on a holistic
approach to protecting your entire network. It covers all seven layers of the
Defense in Depth (DID) Model, as well as other material not covered in any
other books. DID refers to a system of combining defenses to provide added
protection. Since there are then multiple barriers between the attacker and the
attacked, this increases the level of security, and increases the cost of the attack
to the attacker. The authors are two senior members of Microsoft's Security
and Business Technology Unit (SBTU), and are among the most sought-after
speakers for security conferences. With security being such a strong focus at
Microsoft, this book is destined to become the standard guide for all network
administrators and architects who want to have the most secure Windows
network possible.
The authors are the two most widely known security experts at Microsoft, and will be promoting this book extensively
Provides a unique approach to network security, covering all seven layers of the Defense in Depth model
Contains information on topics not covered in other books, such as Network Threat Modeling, the Defense in Depth Model, and security dependencies
Product Description
While there are a lot of books available on network security, most of them take
the approach of focusing on the attacks, on the hacks, and responding to those
on a one-by-one basis. This book does just the opposite, focusing on a holistic
approach to protecting your entire network. It covers all seven layers of the
Defense in Depth (DID) Model, as well as other material not covered in any
other books. DID refers to a system of combining defenses to provide added
protection. Since there are then multiple barriers between the attacker and the
attacked, this increases the level of security, and increases the cost of the attack
to the attacker. The authors are two senior members of Microsoft's Security
and Business Technology Unit (SBTU), and are among the most sought-after
speakers for security conferences. With security being such a strong focus at
Microsoft, this book is destined to become the standard guide for all network
administrators and architects who want to have the most secure Windows
network possible. Features + Benefits
A revolutionary, soups-to-nuts approach to network security from two of Microsoft's leading security experts
° The authors are the two most widely known security experts at Microsoft, and will be promoting this book extensively
° Provides a unique approach to network security, covering all seven layers of the Defense in Depth model
° Contains information on topics not covered in other books, such as Network Threat Modeling, the Defense in Depth Model, and security dependencies
Backcover
Praise for Protect Your Windows Network
Jesper and Steve have done an outstanding job of covering the myriad of issues you must deal with to implement an effective network security policy. If you care about security this book is a must have.
-Mark Russinovich, Chief Software Architect, Winternals Software
Johansson and Riley's new book presents complex issues in straightforward language, examining both the technical and business aspects of network security. As a result, this book is an important tutorial for those responsible for network security; and even non-technical business leaders would learn a lot about how to manage the business risk inherent in their dependence on information technology.
-Scott Charney, Vice President of Trustworthy Computing, Microsoft
These guys have a profound understanding of what it takes to implement secure solutions in the real world! Jesper and Steve have been doing security related work (pen testing, consulting, program management, etc.) internally at Microsoft and for Microsoft's customers for many years. As a result of their real-world experience, they understand that security threats don't confine themselves to the network or the operating system and that to deliver secure solutions, these issues must be tackled at all levels after all of the threats to the environment have been identified. This book distinguishes itself from others in this field in that it does a great job of explaining the threats at many levels (network, operating system, data, and application) and how to counter these threats. A must read for security practitioners!
-Robert Hensing, CISSP, Security Software Engineer-Security Business and Technology Unit, Microsoft Corporation, rhensing@microsoft.com
A good book should make you think. A good computer book should make you change how you are doing things in your network. I was fortunate enough to be setting up a new server as I read the book and incorporated many of the items discussed. The lessons in these chapters have relevance to networks large and small and blow through many of the myths surrounding computer security and guide you in making smarter security decisions. Too many times people focus in on just one aspect or part of a network's security and don't look at the bigger picture. These days I'm doing my very best to keep in mind the bigger picture of the forest (active directory notwithstanding), and not just looking at those trees.
-Susan Bradley, CPA, GSEC, MCP, Small Business Server MVP, http://www.msmvps.com/Bradley , sbradcpa@pacbell.net
Jesper Johansson and Steve Riley's Protect Your Windows Network is a must read for all organizations to gain practical insight and best practices to improve their overall security posture.
-Jon R. Wall, CISSP
Jesper and Steve are two excellent communicators who really know their stuff! If you want to learn more about how to protect yourself and your network, read this book and learn from these two guys!
-Richard Waymire
In order to protect your particular Windows network you need to understand how Windows security mechanisms really work. Protect Your Windows Network gives you an in-depth understanding of Windows security so that you use the security techniques that best map to your needs.
-Chris Wysopal, Director, Development, Symantec Corporation, http://www.symantec.com
Nowadays, a computer that is not connected to a network is fairly limited in its usefulness. At the same time, however, a networked computer is a prime target for criminals looking to take advantage of you and your systems. In this book, Jesper and Steve masterfully demonstrate the whys and hows of protecting and defending your network and its resources, providing invaluable insight and guidance that will help you to ensure your assets are more secure.
-Stephen Toub, Technical Editor, MSDN Magazine, stoub@microsoft.com
Security is more than knobs and switches. It is a mind set. Jesper Johansson and Steve Riley clearly understand this. Protect Your Windows Network is a great book on how you can apply this mind set to people, process, and technology to build and maintain more secure networks. This book is a must read for anyone responsible for protecting their organization's network.
-Ben Smith, Senior Security Strategist, Microsoft Corporation, Author of Microsoft Windows Security Resource Kit 2 and Assessing Network Security
Security is finally getting the mainstream exposure that it has always deserved; Johansson and Riley's book is a fine guide that can complement Microsoft's recent focus on security in the Windows-family operating systems.
-Kenneth Wehr, President, ColumbusFreenet.org
If you have not been able to attend one of the many security conferences around the world that Jesper and Steve presented, this book is the next best thing. They are two of the most popular speakers at Microsoft on Windows security. This is an informative book on how to make your Windows network more secure. Understanding the trade-offs between high security and functionality is a key concept that all Windows users should understand. If you're responsible for network security or an application developer, this book is a must.
-Kevin McDonnell, Microsoft
In this book, two senior members of Microsoft's Security Business and Technology Unit present a complete Defense in Depth model for protecting any Windows network-no matter how large or complex. Drawing on their work with hundreds of enterprise customers, they systematically address all three elements of a successful security program: people, processes, and technology.
Unlike security books that focus on individual attacks and countermeasures, this book shows how to address the problem holistically and in its entirety. Through hands-on examples and practical case studies, you will learn how to integrate multiple defenses-deterring attacks, delaying them, and increasing the cost to the attacker. Coverage includes
Improving security from the top of the network stack to the bottom
Understanding what you need to do right away and what can wait
Avoiding pseudo-solutions that offer a false sense of security
Developing effective security policies-and educating those pesky users
Beefing up your first line of defense: physical and perimeter security
Modeling threats and identifying security dependencies
Preventing rogue access from inside the network
Systematically hardening Windows servers and clients
Protecting client applications, server applications, and Web services
Addressing the unique challenges of small business network security
Authoritative and thorough, Protect Your Windows Network will be the standard Microsoft security guide for sysadmins, netadmins, security professionals, architects, and technical decision-makers alike.
© Copyright Pearson Education. All rights reserved.
Acknowledgments.
About the Authors.
Preface.
I. INTRODUCTION AND FUNDAMENTALS.
1. Introduction to Network Protection.
Why Would Someone Attack Me?
Nobody Will Ever Call You to Tell You How Well the Network Is Working
Introduction to the Defense-in-Depth Model
The Defender's Dilemma
Summary
What You Should Do Today
2. Anatomy of a Hack-The Rise and Fall of Your Network.
What a Penetration Test Will Not Tell You
Why You Need To Understand Hacking
Target Network
Network Footprinting
Initial Compromise
Elevating Privileges
Hacking Other Machines
Taking Over the Domain
Post-mortem
How to Get an Attacker Out of Your Network
Summary
What You Should Do Today
3. Rule Number 1: Patch Your Systems.
Patches Are a Fact of Life
Exercise Good Judgment
What Is a Patch?
Patch Management Is Risk Management
Tools to Manage Security Updates
Advanced Tips and Tricks
Slipstreaming
Summary
What You Should Do Today
II. POLICIES, PROCEDURES, AND USER AWARENESS.
4. Developing Security Policies.
Who Owns Developing Security Policy
What a Security Policy Looks Like
Why a Security Policy Is Necessary
Why So Many Security Policies Fail
Analyzing Your Security Needs to Develop _Appropriate Policies
How to Make Users Aware of Security Policies
Procedures to Enforce Policies
Dealing with Breaches of Policy
More Information
Summary
What You Should Do Today
5. Educating Those Pesky Users.
System Administration ? Security Administration
Securing People
The Problem
Protecting People
Plausibility + Dread + Novelty = Compromise
Things You Should Do Today
III. PHYSICAL AND PERIMETER SECURITY: THE FIRST LINE OF DEFENSE.
6. If You Do Not Have Physical Security, You Do Not Have Security.
But First, a Story
It's a Fundamental Law of Computer Security
The Importance of Physical Access Controls
Protecting Client PCs
The Case of the Stolen Laptop
The Family PC
No Security, Physical or Otherwise, Is Completely Foolproof
Things You Should Do Today
7. Protecting Your Perimeter.
The Objectives of Information Security
The Role of the Network
Start with (What's Left of) Your Border
Next, Use the Right Firewall
Then, Consider Your Remote Access Needs
Finally, Start Thinking About Deperimeterization
Things You Should Do Today
IV. PROTECTING YOUR NETWORK INSIDE THE PERIMETER.
8. Security Dependencies.
Introduction to Security Dependencies
Administrative Security Dependencies
Service Account Dependencies
Mitigating Service and Administrative Dependencies
Other Security Dependencies
Summary
What You Should Do Today
9. Network Threat Modeling.
Network Threat Modeling Process
Document Your Network
Segment Your Network
Restrict Access to Your Network
Summary
What You Should Do Today
10. Preventing Rogue Access Inside the Network.
The Myth of Network Sniffing
Network Protection at Layers 2 and 3
Using 802.1X for Network Protection
Using IPsec for Network Protection
Network Quarantine Systems
Summary
What You Should Do Today
11. Passwords and Other Authentication Mechanisms-The Last Line of Defense.
Introduction
Password Basics
Password History
What Administrators Need to Know About Passwords
Password Best Practices
Recommended Password Policy
Better Than Best Practices-Multifactor Authentication
Summary
What You Should Do Today
V. PROTECTING HOSTS.
12. Server and Client Hardening.
Security Configuration Myths
On to the Tweaks
Top 10 (or so) Server Security Tweaks
Top 10 (or so) Client Security Tweaks
The Caution List-Changes You Should Not Make
Security Configuration Tools
Summary
What You Should Do Today
VI. PROTECTING APPLICATIONS.
13. Protecting User Applications.
Patch Them!
Make Them Run As a Nonadmin
Turn Off Functionality
Restrict Browser Functionality
Attachment Manager
Spyware
Security Between Chair and Keyboard (SeBCAK)
Summary
What You Should Do Today
14. Protecting Services and Server Applications.
You Need a Healthy Disrespect for Your Computer
Rule 1: All Samples Are Evil
Three Steps to Lowering the Attack Surface
What About Service Accounts?
Privileges Your Services Do Not Need
Hardening SQL Server 2000
Hardening IIS 5.0 and 6.0
Summary
What You Should Do Today
15. Security for Small Businesses.
Protect Your Desktops and Laptops
Protect Your Servers
Protect Your Network
Keep Your Data Safe
Use the Internet Safely
Small Business Security Is No Different, Really
What You Should Do Today
16. Evaluating Application Security.
Caution: More Software May Be Hazardous to Your Network Health
Baseline the System
Things to Watch Out For
Summary
What You Should Do Today
VII. PROTECTING DATA.
17. Data-Protection Mechanisms.
Security Group Review
Access Control L
While there are a lot of books available on network security, most of them take
the approach of focusing on the attacks, on the hacks, and responding to those
on a one-by-one basis. This book does just the opposite, focusing on a holistic
approach to protecting your entire network. It covers all seven layers of the
Defense in Depth (DID) Model, as well as other material not covered in any
other books. DID refers to a system of combining defenses to provide added
protection. Since there are then multiple barriers between the attacker and the
attacked, this increases the level of security, and increases the cost of the attack
to the attacker. The authors are two senior members of Microsoft's Security
and Business Technology Unit (SBTU), and are among the most sought-after
speakers for security conferences. With security being such a strong focus at
Microsoft, this book is destined to become the standard guide for all network
administrators and architects who want to have the most secure Windows
network possible.