Microsoft Windows Security Essentials E-Book

Table of Contents

Cover

Title Page

Credits

Copyright

Publisher's Note

Dedication

Acknowledgments

About the Author

Introduction

Who Should Read This Book

What Is Covered in This Book

Chapter 1: Understanding Core Security Principles

Understanding Risk

Exploring the Security Triad

Implementing a Defense-in-Depth Security Strategy

Enforcing the Principle of Least Privilege

Hardening a Server

The Essentials and Beyond

Chapter 2: Understanding Malware and Social Engineering

Comparing Malware

Protecting Against Malware

Thwarting Social-Engineering Attacks

Protecting Email

The Essentials and Beyond

Chapter 3: Understanding User Authentication

Comparing the Three Factors of Authentication

Using Passwords for Authentication

Using Smart Cards and Token Devices for Authentication

Using Biometrics for Authentication

Starting Applications with Run As Administrator

Preventing Time Skew with Kerberos

Identifying RADIUS Capabilities

Identifying Unsecure Authentication Protocols

The Essentials and Beyond

Chapter 4: Securing Access with Permissions

Comparing NTFS Permissions

Exploring Share Permissions

Identifying Active Directory Permissions

Assigning Registry Permissions

The Essentials and Beyond

Chapter 5: Using Audit Policies and Network Auditing

Exploring Audit Policies

Enabling Auditing

Viewing Audit Information

Managing Security Logs

Auditing a Network with MBSA

The Essentials and Beyond

Chapter 6: Protecting Clients and Servers

Understanding User Account Control

Keeping Systems Updated

Protecting Clients

Protecting Servers

Exploring DNS Security Issues

The Essentials and Beyond

Chapter 7: Protecting a Network

Identifying Common Attack Methods

Exploring Firewalls

Exploring Network Access Protection

Identifying Protocol Security Methods

The Essentials and Beyond

Chapter 8: Understanding Wireless Security

Comparing Wireless Devices

Comparing Wireless Security Methods

Configuring Wireless Routers

Configuring Windows 7 for Wireless

The Essentials and Beyond

Chapter 9: Understanding Physical Security

Comparing Site Security and Computer Security

Using Group Policy to Enhance Computer Security

Exploring Mobile Device Security

The Essentials and Beyond

Chapter 10: Enforcing Confidentiality with Encryption

Comparing Encryption Methods

Securing Email

Understanding EFS

Exploring BitLocker Drive Encryption

The Essentials and Beyond

Chapter 11: Understanding Certificates and a PKI

Understanding a Certificate

Exploring the Components of a PKI

The Essentials and Beyond

Chapter 12: Understanding Internet Explorer Security

Exploring Browser Settings

Comparing Security Zones

Using IE Tools to Identify Malicious Websites

The Essentials and Beyond

Appendix A: Answers to Review Questions

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

Chapter 7

Chapter 8

Chapter 9

Chapter 10

Chapter 11

Chapter 12

Appendix B: Microsoft’s Certification Program

Certification Objectives Map

Index

Appendix C: Answers to Additional Exercises

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

Chapter 7

Chapter 8

Chapter 9

Chapter 10

Chapter 11

Chapter 12

Appendix D: Optional Lab to Create a Virtual Environment

Identifying the Requirements

Configuring Windows 7 with Virtualization

Locating and Downloading an Evaluation Copy of Windows Server 2008

Creating a Virtual Machine for Windows Server 2008

Installing Windows Server 2008 on a Virtual Machine

Configuring Windows Server 2008 on a Virtual Machine

Promoting Windows Server 2008 to a Domain Controller

Applying Changes to the Domain Controller

Glossary

Senior Acquisitions Editor: Jeff Kellum

Development Editor: Candace English

Technical Editors: Naomi Alpern; Tom Carpenter

Production Editor: Dassi Zeidel

Copy Editor: Tiffany Taylor

Editorial Manager: Pete Gaughan

Production Manager: Tim Tate

Vice President and Executive Group Publisher: Richard Swadley

Vice President and Publisher: Neil Edde

Book Designer: Happenstance Type-O-Rama

Compositor: James D. Kramer, Happenstance Type-O-Rama

Proofreader: Rebecca Rider

Indexer: Ted Laux

Project Coordinator, Cover: Katie Crocker

Cover Designer: Ryan Sneed

Cover Image: © Linda Bucklin / iStockPhoto

Copyright © 2011 by Wiley Publishing, Inc., Indianapolis, IndianaPublished simultaneously in CanadaISBN: 978-1-118-01684-8ISBN: 978-1-118-11454-4 (ebk.)ISBN: 978-1-118-11457-5 (ebk.)ISBN: 978-1-118-11456-8 (ebk.)

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats and by print-on-demand. Not all content that is available in standard print versions of this book may appear or be packaged in all book formats. If you have purchased a version of this book that did not include media that is referenced by or accompanies a standard print version, you may request this media by visiting http://booksupport.wiley.com. For more information about Wiley products, visit us at www.wiley.com.

Library of Congress Cataloging-in-Publication Data is available from the publisher.

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. Microsoft and Windows are registered trademarks of Microsoft Corporation, Inc. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.

10 9 8 7 6 5 4 3 2 1

Dear Reader,

Thank you for choosing Microsoft Windows Security Essentials.This book is part of a family of premium-quality Sybex books, all of which are written by outstanding authors who combine practical experience with a gift for teaching.

Sybex was founded in 1976. More than 30 years later, we’re still committed to producing consistently exceptional books. With each of our titles, we’re working hard to set a new standard for the industry. From the paper we print on, to the authors we work with, our goal is to bring you the best books available.

I hope you see all that reflected in these pages. I’d be very interested to hear your comments and get your feedback on how we’re doing. Feel free to let me know what you think about this or any other Sybex book by sending me an email at [email protected]. If you think you’ve found a technical error in this book, please visit http://sybex.custhelp.com. Customer feedback is critical to our efforts at Sybex.

Best regards,

Neil Edde

Vice President and Publisher

Sybex, an Imprint of Wiley

To my wife, who brings so much joy and happiness into my life.

Acknowledgments

I love the process of writing a book. From the first idea to the last written word, it’s an enjoyable process where I’m able to work with many talented people. I’m grateful to the many people at Wiley who have helped me with this project. First, thanks to Jeff Kellum for inviting me to write this book. I appreciate the work put into this project by Candace English, the development editor, and Tom Carpenter, the technical proofer. Thanks also to Dassi Zeidel, a dedicated production editor who helped guide the book to completion in the final stages of production.

About the Author

Darril Gibson is the CEO of Security Consulting and Training, LLC. He has written, coauthored, and contributed to more than a dozen books, and he regularly consults and teaches on a wide variety of IT topics. Most of the books he’s been involved with are available on Amazon by searching for Darril Gibson. He has been a Microsoft Certified Trainer (MCT) since 1999 and holds a multitude of certifications including Security+, CISSP, MCSE (NT 4.0, Windows 2000, and Windows 2003), MCITP (Windows 7, Windows Server 2008, and SQL Server), and ITIL Foundations. Darril lives in Virginia Beach with his wife of more than 18 years and two dogs. Whenever possible, they escape to their cabin in the country with more than 20 acres of land, where his dogs wear themselves out chasing rabbits and deer. You can reach the author by writing to [email protected].

Introduction

Attacks on computers have become as common as computers themselves. Criminals have discovered that they can separate money from uninformed users with very little work and, often, with very large paydays. IT professionals must include sound security practices when maintaining any network today.

The first step is to understand the risks. Once you understand the risks, the security controls implemented to protect the computers and networks from these risks make a lot more sense. This book covers the basics of security in a Microsoft IT environment and is geared toward preparing you for one of the three certification exams in the Microsoft Technology Associate (MTA) Information Technology (IT) Professional track.

The MTA certification is a new certification level. It includes three separate tracks: IT Professional, Developer, and Database. The IT Professional track is for individuals pursuing work as administrators. The Developer track is for individuals pursuing work as programmers and software engineers. The Database track is for individuals pursuing work as database administrators and database developers.

The MTA IT Professional series includes three certifications:

Networking Fundamentals This is the first certification in the MTA IT Professional track. It lays a solid foundation of basic networking knowledge needed for the other MTA certifications and also for the more advanced Microsoft Certified Technology Specialist (MCTS) and Microsoft Certified IT Professional (MCITP) tracks. You earn this certification by taking and passing exam 98-366.

Security Fundamentals Security Fundamentals is the second certification in the MTA IT Professional track. It builds on the knowledge learned in the Networking Fundamentals certification and adds fundamental security knowledge needed by administrators. IT administrators in any environment need to be aware of the risks associated with IT systems. You earn this certification by taking and passing exam 98-367, covered by this book.

Windows Server Administration Fundamentals This certification builds on the knowledge gained in the Networking Fundamentals and Security Fundamentals certifications. It digs deeper into knowledge and skills needed by Windows Server administrators. You earn this certification by taking and passing exam 98-365.

Each of these certifications can serve as a stepping-stone to Microsoft’s next levels of certification: Microsoft Certified Technology Specialist (MCTS) and Microsoft Certified IT Professional (MCITP).

Who Should Read This Book

This book is for current or aspiring professionals seeking a quick grounding in the fundamentals of security in a Microsoft environment. The goal is to provide quick, focused coverage of fundamental security skills. If you have a basic understanding and want to expand your knowledge into security, this book is for you. It will help you grasp many fundamental security concepts and how they apply to Microsoft systems. Also, you can use the knowledge gained from this book as a foundation for more advanced studies.

This book is focused on the objectives of the Microsoft Technology Associate (MTA) Security Fundamentals certification. This is one of the certifications in the MTA IT Professional series. It’s best if you start with the Networking Fundamentals topics, covered in Microsoft Windows Networking Essentials (Wiley, 2011). You can then move into the Windows Server Administration Fundamentals MTA certification.

You can read more about the MTA certifications and MTA exam certification paths at www.microsoft.com/learning/en/us/certification/mta.aspx.

What You Will Learn

You will learn the essentials of security in a Microsoft environment. This book covers all the objectives of the Microsoft Technology Associate Security Fundamentals exam (exam 98-367).

Details on this exam, including the objectives, are available at www.microsoft.com/learning/en/us/exam.aspx?ID=98-367.

Prerequisites

This book is focused on the 98-367 exam, which is the second Microsoft exam in the MTA IT Professional series. The first exam is Networking Fundamentals (98-366), and it’s expected that you have the knowledge tested in that exam, although you don’t need to have taken and passed that exam.

The Networking Fundamentals exam (and the associated knowledge) does provide a solid foundation, and there simply isn’t enough room in this book to include basic networking knowledge. However, when a networking topic is important, this book does provide some key information to remind you about the underlying networking concepts. For a more detailed look at networking essentials, consult Microsoft Windows Networking Essentials (Wiley, 2011).

What You Need

Because this book is focused on providing you with only the essentials, the biggest requirement is a desire to learn. You aren’t expected to have a lot of knowledge about or experience in security before starting the book. It starts with the basics in Chapter 1 and steadily builds on the knowledge through the end of the book.

Ideally, you’ll have some hardware that you can use. Because this is a Microsoft book focused on Microsoft technologies, it would be good to have a system running Microsoft Window Server 2008 or Windows Server 2008 R2.

If you’re running another operating system, such as Windows 7, you can create a virtual server running Windows Server 2008. I have included an optional lab for this book, which you can download at www.sybex.com/go/securityessentials. It will lead you through the following steps:

What Is Covered in This Book

Microsoft Windows Security Essentials is organized to provide you with the knowledge needed to master the basics of security in a Microsoft environment.

The objectives for this book are primarily focused on Microsoft Windows Server 2008. Although Microsoft Windows Server 2008 R2 does include a lot of under-the-hood enhancements, there aren’t many differences covered in this book. Unless specific differences are mentioned, the topics apply equally to both Windows Server 2008 and Windows Server 2008 R2. Occasionally, I mention both to remind you; but to avoid repetition, I often just refer to Windows Server 2008, implying both Microsoft Windows Server 2008 and Microsoft Windows Server 2008 R2.

Chapter 1, “Understanding Core Security Principles” Most security principles can be traced back to the security triad of confidentiality, integrity, and availability. This chapter introduces these concepts along with basics of risk and the importance of implementing a defense-in-depth strategy.

Chapter 2, “Understanding Malware and Social Engineering” One of the most common threats to computers today is malicious software, or malware. Malware comes in many forms, such as viruses, worms, and Trojan horses. It’s important to understand how serious the threat is and what you can do to protect computers and networks. Additionally, attackers often use social-engineering tactics to trick users into giving up valuable data. This chapter covers how to thwart those attacks, plus how to safeguard email.

Chapter 3, “Understanding User Authentication” One of the primary methods of ensuring security is to restrict access to known users. This requires users to authenticate themselves, or prove their identity by providing credentials. Authentication is commonly classified using three types or three factors of authentication: something you know, something you have, and something you are. This chapter helps you understand these factors, including their strengths and weaknesses.

Chapter 4, “Securing Access with Permissions” Permissions are the primary method used to restrict access to resources in a Microsoft domain. You can assign permissions to NTFS drives, shares, Active Directory objects, and the Registry. This chapter covers the many types of permissions and how some of these permissions interact with each other.

Chapter 5, “Using Audit Policies and Network Auditing” Auditing provides administrators with an easy method of tracking activity on systems. You can track when users access files, shut down systems, create or modify accounts, and much more. Windows Server 2008 includes multiple categories of auditing that you can manipulate, and you’ll learn about them in this chapter.

Chapter 6, “Protecting Clients and Servers” In this chapter, you’ll learn common techniques used to protect clients and servers, including User Account Control. Additionally, this chapter covers the importance of keeping every system in an organization up to date. You’ll also learn about many of the server roles, including some specific security steps used to protect them.

Chapter 7, “Protecting a Network” Attackers are out there, constantly trying to attack networks. In this chapter, you’ll learn some of the common well-known attack methods and techniques to protect a network. You’ll learn about network-based firewalls and how they provide network isolation for an internal network. This chapter also covers Network Access Protection (NAP), a new technology in Windows Server 2008 used to inspect clients for health and isolate unhealthy clients.

Chapter 8, “Understanding Wireless Security” Wireless networks have become quite popular in recent years. They’re relatively inexpensive and don’t require you to run cables for connectivity. However, security for wireless networks had a rough start. If you don’t use up-to-date technologies, your wireless networks will be highly vulnerable to attacks. This chapter covers many current wireless security standards and protocols.

Chapter 9, “Understanding Physical Security” One of the basic security steps you can take is to restrict physical access to systems. Most organizations use a variety of methods to enforce physical security, such as locked doors, cipher locks, guards, and more. You can also use Group Policy to enhance physical security by restricting access to systems. The Deny Log On Locally Group Policy setting prevents users from logging onto a computer, and a Removable Storage Access policy can restrict what users can do with different types of removable devices including USB flash drives. In addition to specific Group Policy settings, this chapter provides a big picture view of how Group Policy works. You’ll also learn about mobile-device security.

Chapter 10, “Enforcing Confidentiality with Encryption” A key part of the security triad (confidentiality, integrity, and availability) is confidentiality. The two primary ways of encrypting data are via symmetric or asymmetric encryption. You can also provide one-way encryption with hashing functions. This chapter covers many of the generic encryption methods along with some specific Microsoft methods such as Encrypting File System (EFS) and BitLocker Drive Encryption.

Chapter 11, “Understanding Certificates and a PKI” A Public Key Infrastructure (PKI) includes all the pieces required to issue, use, and manage certificates. Certificates (also called public-key certificates) are used for a wide variety of purposes to provide different types of security. This chapter explains the details of certificates and explores the components of a PKI.

Chapter 12, “Understanding Internet Explorer Security” Internet Explorer (IE) is the primary web browser used on Windows Server 2008 and Windows 7. Because it’s so common to use the Internet to research and do regular work, it’s important to understand some of the security risks and some of the security mechanisms that help protect users. This chapter covers many of the browser settings, the different security zones, and some of the IE tools used to identify malicious websites.

Appendix A, “Answers to Review Questions” This appendix includes all of the answers to the review questions found in “The Essentials and Beyond” section at the end of every chapter.

Appendix B, “Microsoft’s Certification Program” This appendix maps the objectives in the MTA Security Fundamentals exam (exam 98-367) to the specific chapters where each objective is covered.

I have created an online glossary as well as provided the suggested or recommended answers to the additional exercises included at the end of each chapter. You can download these at www.sybex.com/go/securityessentials.

Sybex strives to keep you supplied with the latest tools and information you need for your work. Please check its website at www.sybex.com/go/securityessentials, where we’ll post additional content and updates that supplement this book if the need arises. Enter security essentials in the Search box (or type the book’s ISBN—978-1-118-01684-8), and click Go to get to the book’s update page.

Chapter 1

Understanding Core Security Principles

Every computer presents a certain level of risk. You can’t eliminate risk unless you simply never turn on the computer. However, you can manage risk. You start by understanding what risk is and understanding that risk mitigation is accomplished by reducing vulnerabilities.

Several core security principles guide the protection of information technology (IT) systems and data. When you understand these core security principles, it’s easier to grasp the reasoning behind many of the security practices.

Most security principles can be traced back to the security triad (also called the AIC or CIA triad). The security triad mandates protection against the loss of confidentiality, the loss of integrity, and the loss of availability of IT systems and data. Other principles include defense-in-depth and the principle of least privilege. Administrators harden, or secure, IT systems by attempting to configure them more securely than the default configuration and reduce vulnerabilities. This chapter covers all of these topics in the following sections:

Understanding Risk

Risk is unavoidable. You can’t eliminate it. However, it’s possible to minimize risk by first understanding it and then taking steps to mitigate it.

For example, every time you step into a street, you run the risk of being hit by a car. The real threat of a car colliding with your body, and your body’s vulnerability to this collision, convinces you to take steps to reduce the risk. Unless you’re Superman, you can’t stop the threat. If the car is coming, it’s coming. But you can minimize the risk by using crosswalks and looking for approaching cars before stepping into the street.

Similarly, risks are reduced in IT networks by taking steps to reduce the vulnerabilities. Consider Figure 1-1. Risk occurs when threats exploit vulnerabilities. In an IT environment, threats are any events that can result in the loss of confidentiality, integrity, or availability of IT systems or data. Threats can be man-made or natural.