Windows NT® Security Handbook

by Tom Sheldon
680 pages, 0-07-882240-8 $34.95US, Available Now

Covers Microsoft Windows NT® 3.5 and 4.0! ®

From the Press Release
From the Introduction
Table of Contents

Click to order at 20% off

Updated: June, 1998

Email: [email protected]

 

If you think your network is secure, think again. While Windows NT is one of the most secure network operating systems on the market, you need to fully understand and properly implement its security features to build strong network defenses. Threats are everywhere, from internal rogue users and administrators, to Internet hackers, to accidents of nature. Attaining good network security starts by focusing on security issues and solutions. The Windows NT Security Handbook helps you do just that.

"Valuable to the network and system administrator responsible for safeguarding NT systems..., concise and comprehensive." Patrice Rapalus, Director, Computer Security Institute

"The Windows NT Security Handbook is an exhaustive reference that guides you through the issues that face network and security administrators responsible for NT-based systems. The book attempts to resolve major security issues and give you a big-picture solution. Throughout the handbook, Sheldon lists hundreds of abailable resources and vendors for solutions to the security issues and problems he discusses. The handbook also lists hundreds of relevant security and NT-related URLs where you can find assistance and advice. If you need a guide to NT system security and general information system security, get a copy of Sheldon's Windows NT Security Handbook. It is a thorough, informative book about NT security." Ben Rothke, New York-based senior associate with Coopers & Lybrand Consulting, writing in the September 1997 issue of Windows NT Magazine. For the complete review, visit http://www.winntmag.com.


From the Press Release

A disturbing cloud has appeared on the Internet's once sunny horizon--security concerns. If you connect a system to a TCP/IP network, you are providing an open door for other users to access your system. Hackers are breaking into everything, and they're using the latest tools to stay a step ahead of the people who are trying to provide security. The Windows NT® Security Handbook to the rescue! Just as reports of Internet-related security breaches are increasing to the point where many technology managers are seriously reevaluating their organization's Internet strategy, Tom Sheldon's book arrives to guide you through crucial security issues. Sheldon approaches security from the perspective of the popular Windows NT® operating system, and addresses key issues such as protective features available within Windows NT®, as well as potential security holes. You'll discover how to develop security strategies on Windows NT® networks, and how to keep a watchful eye on illicit activity that might indicate the presence of hackers. Sheldon begins with an overview of how to craft defensive strategies and examines the different security protocols. He moves on to cover encryption techniques and viruses, and discusses the ins and outs of constructing firewalls. You'll also learn about electronic commerce and security for business transactions, as well as the latest monitoring tools. The best offense is usually a good defense, and The Windows NT® Security Handbook is your secret weapon in the security wars.

Audience: Network administrators; corporations.


From the Introduction

In the early '80, I spent a summer in Ireland at the home of my father-in-law. Much of that time was spent driving the countryside looking for castles. Upon seeing any pile of rocks, we stopped the car and crossed the cow pasture to see what remained of a once mighty structure. Many castles and tower homes were broken down over the years by farmers who used the rock for fences and building materials. Some suffered the blows of cannons.

In a way, The Windows NT Security Handbook is a natural outcome of that summer. I completely immersed myself in Irish history and books about castle design, defensive systems, vulnerabilities, attacks, and warfare of the time. The computer systems we install today require "virtual castles" that can withstand attacks of a different kind--attackers that slip into your systems through unknown or unprotected holes and do damage for any number of reasons. Perhaps the attackers are competitors who want to shut down your systems or ex-employees with a grudge. Whatever the case, the threat is real and you need defensive systems to stop them. Indeed, the castle analogy aptly described the kinds of defenses you need to put in place.

In 16th century Ireland, castles that had stood for years were brought down by the cannon. I can't help but think that our computer systems might suffer a similar fate. Indeed, as this book was going to press, a new threat emerged for Internet-connected systems called the SYN attack. In such an attack, a malicious person floods a Web server with session-request packets. The Web server tries to establish a session for each of those request, but the malicious user makes sure that a response is never sent to the server after the initial request. It's like someone reaching out to shake your hand, then pulling it away when you reach out with your hand. The server keeps waiting to "shake hands" with the hacker's system and eventually crashes when its runs out of resources to handle the load. The hacker has caused a "denial-of-service" attack in which legitimate users cannot access the system.

This type of attack was successfully staged against Panix, a New York Internet Service Provider in September of 1996. Thousands of people were denied Internet access at the time, and similar attacks took place elsewhere, apparently after the attack strategy was discussed openly on the Internet. While no data was destroyed, institutions such as hospitals and banks as well as companies that rely on the Internet were without service for an extended period of time.

The Windows NT Security Handbook is about security for Microsoft Windows NT computers as stand-alone desktop systems or as network-connected workstations and servers. Some of the information presented will scare you into taking action to protect your systems and it will show you how to put together a defensive strategy.

Paranoia is good thing. The more paranoid you are, the more likely you are to protect your systems from attack. Reading The Windows NT Security Handbook book and just concentrating on security is a good start. In fact, you need to start planning and managing your network with security as the number one goal. Many network administrators get so wrapped up in attaining performance or some other objective that they leave their systems wide open for attack. What good is the fastest server or faster network if some unknown user can crash your system and cause losses in the thousands or millions of dollars due to down time?

Security has been a big concern in that last few years, primarily because more and more organizations are connecting their networks to the Internet. But security threats come from both the Internet and from internal sources. In fact, the internal threat is considered the biggest problem for a number of reasons. First, internal users know more about your systems and where valuable data is located. Internal users are also more likely to hijack some other user's account or access some system because improper security measures are in place. You probably trust many of your coworkers, but in an open internetworked environment, you need to reevaluate how much trust you want to extend.

People also have more knowledge about computers and networks and know how to access information. Often, a person gets curious and starts peaking into places where they don't belong. Before long, they discover all the areas of your network where security is weak. Many organizations have installed TCP/IP networks in the last few years and this network technology only helps hackers because it allows them to extend their electronic reach to many interconnected networks. The Internet is one big TCP/IP network. If you connect your internal network to it, anyone anywhere in the world can access your systems. But only if you leave the door wide-open.

The Windows NT Security Handbook is about tightening the security on your Windows NT systems and networks to prevent malicious users from attacking your systems and valuable data. There are four main sections as described below. A detailed table of contents follows this section.

Part 1 provides a general description of security problems on networks in general and networks that are connected to the Internet. You'll learn the scary truth about hacker and cracker attacks. You'll also learn how to protect your systems and about the security features in Windows NT.

Part 2 gets into more detailed information about Windows NT security. You'll learn many interesting tips and tricks about security features for domains, user accounts, file systems, and management functions.

Part 3 covers security topics related to the general network environment in which Windows NT systems may be running, including mixed heterogeneous environments that include UNIX, Novell NetWare, and Apple Macintosh systems. You'll also learn about how clients on the network can affect Windows NT security. There are also chapters on securing remote connections and wide area networks.

Part 4 covers Internet and TCP/IP specific security threats and countermeasures. You'll find descriptions of how hackers use scanning and sniffing tools to get information about your networks, view transmitted information, and even hijack user sessions to make your server's think that they are legitimate users. You'll also learn about building firewalls between your networks and the Internet (or your own internal networks) and how to do business on the Internet in a safe and secure way.

The Appendixes should certainly not be overlooked. If you want to learn about the Windows NT security architecture, the logon and authentication process, or how to protect vital system information, refer to the back of the book. You'll also find a discussion of valuable tools and techniques that can help you protect your system.

Keep in mind that The Windows NT Security Handbook points out known security problems and makes recommendations that can help you secure your systems and networks. Every environment is different and some of the suggestions provided may not be appropriate for your environment. Always test any changes or security recommendations mentioned in this book on a non-production test platform before you implement those changes on an actual system.


Table of Contents

Part I, Security Boot Camp

Chapter 1 The Network Landscape: LANs and Global Networks

From PCs to Enterprise Networks
The Internet-Connected Enterprise

Chapter 2 Security Threats

What Are the Threats?
Who Are the Hackers?
Methods of Attack
The Internet and TCP/IP
Viruses and Trojan Horses
Natural Threats

Chapter 3 Countermeasures

Defining Security
Protective Measures
Internet Security Measures
Access Controls
Advanced Authentication
Auditing Systems
Detecting and Dealing with Attacks

Chapter 4 Security Policies and Management

Planning for Security
Information Management and Control Issues
Security Standards
Educating Users
Recovering from Disasters
Security Policies

Part II, Windows NT Security

Chapter 5, An Overview of Windows NT Security

About C2 Security
A Microscopic View of Windows NT Security
Windows NT Architecture
Windows NT Auditing System
Windows Network Models
Domains
User Accounts and Groups
Windows NT File System (NTFS)
Sharing Resources

Chapter 6, Windows NT-Specific Threats and Solutions

About Holes and Backdoors
Logon Security
System Administration
Setting Up Secure Systems
Some Registry Settings
Network Security Issues
Internet and Web Connections

Chapter 7 Domains, Domain Logons, and Security Controls

Domains
Domain Accounts
Setting Up Domains
Logging On to Domains
Security Policies
Tips for Domain Security

Chapter 8 User and Group Security Management

Terminology
The User Manager
User Accounts
Groups
Managing User Environments

Chapter 9 File System Security and Resource Sharing

Sharing and Permissions--What's the Difference?
How Secure Is NTFS?
Managing Permissions
Suggested Permission
Sharing Directories and Files
Using SMB Services Over the Web
New File Systems

Chapter 10 Management, Monitoring, and Auditing

Client Administrator Tools
Windows NT Diagnostics
The Server Manager and Server Utility
Managing Services
The NET Commands
Monitoring Activities with the Performance Monitor
Network Monitoring
Auditing

Chapter 11 Fault Tolerance and Data Protection

Protecting the Operating System
Fault Tolerance in Windows NT Server
Security Through Directory Replication
Backing Up Data
Power Problems and Solutions

Part III, General Network Security Issues

Chapter 12, Client/Workstation Security Issues

Clients in the Network Sharing Environment
Client Workstation Security Problems
Securing and Managing Network Clients
Profile and Policy Management

Chapter 13, Microsoft BackOffice Security Issues

BackOffice Internet Connections
The Microsoft SQL Server
Microsoft Exchange
The System Management Server

Chapter 14, Remote Access Issues

Windows NT Remote Access Service (RAS)
Managing RAS Services and Security Options
RAS Logon and Authentication Methods
Two-Factor User Authentication
Auditing for the Remote Access Server

Chapter 15, Securing Private WANs and Virtual WANs

Building Enterprise Networks
Security for WANs and Remote Access
WANs in the Windows NT Environment
Internetwork Models
WAN Security Protocols and Encryption
WAN Support in RAS
Virtual Private Networks Over the Internet

Chapter 16, Enterprise-Wide Security

NetWare in the Windows NT Environment
Security in Windows NT and UNIX Environments
Security for Macintosh Services
Microsoft SNA Server
Enterprise Security Management

Part IV, Defense Strategies for Public Networks

Chapter 17, Internet and TCP/IP Security Issues

Connecting to the Internet
Scanning Tools
Sniffing the Network
Other Attacks
Internet Application Protocol Problems

Chapter 18, Firewalls and Proxy Servers

Defensive Strategies
Classifying Firewalls
Firewall Policies
More About Screening Routers
High-End Firewalls
Commercial Firewalls
Windows NT Home-Grown Firewalls

Chapter 19, Microsoft Proxy Server

More About Proxy Services
Proxy Server Setup and Configuration
Configuring the Proxy Server
Remote Windows Sockets (RWS) Service
Configuring Clients

Chapter 20, Securing the Microsoft Internet Information Server

Web Protocols and Standards
Anonymous Logon and Subscription Services
Managing Web Server User Accounts
IP Address Filtering
Client-Server Channel Security
Microsoft Internet Explorer 3.0

Chapter 21, Internet Commerce Security Issues

Where to Get Internet Business Information
Internet Security Issues
Electronic Cash
Microsoft Merchant Services
Microsoft Internet Security Framework

Part V, Appendixes

Appendix A, Windows NT Security and Logon

Windows NT Security Model
Logon and Authentication
Password Security and Authentication Procedures

Appendix B, Cryptography and Private Communication

Securing Private Communications
Cryptographic Techniques
The Microsoft CryptoAPI

Appendix C, Viruses, Trojan Horses, and Other Threats

Viruses and Other Threats
How Infections Occur
Detection and Prevention
Viruses in the Windows NT Environment

Appendix D, Security Evaluation Packages

Microsoft Windows NT Resource Kit Utilities
An Expert System: Kane Security Analyst
Somarsoft DumpACL
Internet Scanner from Internet Security Systems

Appendix E, Steps for Evaluating NT Security

Check C2 Compliance
Standard Evaluation

Appendix F, Registry Security Issues

Registry Security and Protection
High-Security Registry Settings
Additional Registry Security Information

Appendix G, Ports in the TCP/IP Environment


All material Copyright © 1996, 2001 [Big Sur Multimedia, Inc]. All rights reserved. Information in this document is subject to change without notice. Other products and companies referred to herein are trademarks or registered trademarks of their respective companies or mark holders.