Home > Store

Windows NT Security

View Larger Image

Windows NT Security
Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Windows NT Security

Book

  • Sorry, this book is no longer in print.
Not for Sale

Description

  • Copyright 2000
  • Dimensions: 7" x 9-1/4"
  • Pages: 432
  • Edition: 1st
  • Book
  • ISBN-10: 0-13-083990-6
  • ISBN-13: 978-0-13-083990-9


8399K-8

A solid security foundation for enterprise NT 4/Windows 2000 networks!

  • Understand Windows NT 4 and Windows 2000 security architecture
  • Make the most of NTFS file and directory permissions
  • Restrict users via system policies and user profiles
  • Use encryption, decryption, authentication, and Windows 2000 Kerberos support
  • Web security via Proxy Server filtering, logging, and alerts
  • Windows 2000 Security Configuration Toolset, Group Policies, DFS, and more

In Windows NT Security, leading global IT consultant Michael McInerney presents the hands-on, task-oriented information you need to maximize NT security right now(and crucial insights into key underlying concepts for building a more secure enterprise for the long term. You'll find detailed coverage for NT 4 enterprise networks, plus discussion of Windows 2000's extensive security improvements and practical guidance for migration.

McInerney introduces security models of both Windows NT 4 and Windows 2000, demonstrating how to establish a rock-solid security foundation from scratch, how to audit existing NT networks, and how to enhance flawed security quickly and effectively. Discover how to make the most of NT's powerful file and directory security mechanisms, as well as the new Windows 2000 Distributed File System (DFS). Learn how to secure IIS-based Internet/intranet sites and RRAS remote access; even how to secure specific registry keys.

McInerney provides in-depth coverage of NT/Windows 2000 encryption and authentication, including a detailed look at Kerberos support in Windows 2000. Appendices provide comprehensive system policy file listings; services and packet filter logging information; and a comprehensive Security Checklist.

Sample Content

Downloadable Sample Chapter

Click here for a sample chapter for this book: 0130839906.pdf

Table of Contents

(NOTE: Most chapters begin with an Introduction.)

I. SYSTEM SECURITY OVERVIEW.

1. Introduction to Security Concepts.

Layered Approach to Securing Your Network. Physical Security. Location. Use of Removable Media. Removal of Unnecessary Hardware. Denial of Service. IT Security Control Objectives. Confidentiality. Integrity. Availability. Legal Notice at Logon. Qualities Defining a Secure System. Discretionary Access Controls. Audit Capabilities. Mandatory Identification and Authentication. Memory Management and Object Reuse. Encrypted Data Transfer. Encrypted File System. Summary.

2. NT 4.0 Security Architecture Overview.

Design Goals for Windows NT 4.0 Security. Modules of the NT 4.0 Security Architecture. Graphical Identification and Authentication (GINA) DLL. Trusted System. Objects. Access Control Lists (ACL). Access Control Entry (ACE). System Identifier (SID). Local Security Authority (LSA). Access Tokens. Security Reference Monitor (SRM). Security Account Manager (SAM). File and Directory Permissions. Mandatory Logon Process. Single Logon. Security Support Provider Interface (SSPI). Intra- and Interdomain Communication. Authenticated RPC and DCOM. NTLM Authentication. Impersonation. Security Implementation Overview. Installation Security Concerns. Logon and the Authentication Process. The Administrator Account. File and Directory Security. Registry Security. User Profiles. System Policies. Auditing Capability. New Security Management Tools. Microsoft Management Console. Security Configuration Manager for NT. Microsoft Proxy Server.

II. WINDOWS NT 4.0 SECURITY COMPONENTS.

3. File and Directory Security.

Disk Partitions. FAT. CDFS. CDFS. Share Permissions. NTFS. File and Directory Permissions. File Permissions. File Permissions. Directory Permissions. Viewing File and Directory Permissions. Setting File and Directory Permissions. The “No Access” Permission. Implementing File and Directory Security. Securing a New Volume. Directory Structure. Securing an Existing Volume. Conflicting Permissions. NTFS Permissions and the Administrator. Default System Permissions. Taking Ownership of Files or Directories. Share Permissions. NTFS and Share Permissions Working Together. Default Shares. Applying Share Permissions. NTFS Security or Share Security?

4. User Profiles.

User Profile Overview. What Is a User Profile? Types of User Profiles. User Profile Location. Creating a Roaming User Profile for NT 4.0. Define the Location. Create the Network Share. Create a Template User Account. Create a Base Profile. Distribute the Base Profile. User Setup. Amend the Roaming Profile. Making a Profile Mandatory. Profile Permissions. Amending the Profile with Regedt32. Ntuser.xxx Registry Permission Changes. Default User Profile. Windows NT 3.5x Profile Upgrades. Creating a Roaming Profile for Windows 95. Client Workstation Setup. Domain User Setup. Create the Profile. Making the Windows 95 Profile Mandatory.

5. System Policies.

Policy Editor Installation. Windows NT Server. Windows NT Workstation. Windows 95. System Policy Editor Modes. Registry Mode. File Mode. Registry Mode vs File Mode. Available Settings Groups. Computer Settings. User Settings. Windows NT 4.0 Policy Editor Interface. Categories. Policy Settings. Template Files. Policy File. Default Computer Policy. Network. System. Windows NT Network. Windows NT Printers. Windows NT Remote Access. Windows NT Shell. Windows NT System. Windows NT User Profiles. Individual Computer Policy. Default User Policy. Control Panel. Desktop. Shell. System Restrictions. Windows NT Shell. Windows NT System. Individual User and Group Policies. Single User. Groups. Group Priorities. Saving the Policy. Automatic Update Mode. Manual Update Mode. Policy Implementation Rules. Policy Conflict Resolution. Computer Policy Conflicts. User Policy Conflicts. The Dangers of Conflicts. Policy Template Files. Template File Structure. Hints for Building Custom Template Files. Summary.

6. Cryptography.

What Is Cryptography? Encryption and Decryption. Asymmetric (Public Key) Cryptography. Symmetric (Shared Key) Cryptography. Shared Key vs Public Key. Encryption Algorithms. One-way Functions. RC4. Data Encryption Standard (DES). RSA. Authentication. NT LAN Manager (NTLM). Distributed Password Authentication (DPA). Kerberos v5. Standard. Smart Cards. Kerberos in Windows 2000. Kerberos vs NTLM. Verification. Hash Function. Digital Signatures. Digital Envelopes. Digital (Public Key) Certificates. Secure Channel Services (SCS). Secure Sockets Layer (SSL). Private Communications Technology (PCT).

7. Proxy Server.

Services Overview. Benefits of Proxy Server. Single External Contact Point. Concealing Internal IP Addresses. Packet Filtering. Protection of Published Data. Administering Proxy Server. Permissions. Web Proxy. Winsock Proxy. Socks Proxy. Packet Filtering. Enabling Packet Filtering. Adding a Predefined Exception Rule. Creating a Custom Exception Rule. Creating a Custom Exception Rule. Editing Existing Exception Rules. Removing Exception Rules. Reset Defaults. Domain Filtering. Granting Access: Web and Winsock Services. Denying Access: Web and Winsock Services. Domain Filtering with Socks Proxy. Alerting. Rejected Packets. Protocol Violations. Disk Full. Switching Off Alerting. Configuring Email. Services Logging. Windows NT Event Log. Text File Logging. Database Logging. Packet Filter Logging. Text File Logging. Database Logging. General Proxy Server Guidelines.

8.Intallations.

Password Restrictions. Removing POSIX and OS/2 Subsystems. Restrict Access to Floppies and CD-ROMs. Last Logged-On Username Display. NTuser.dat Registry File.

9. NT Audit.

Windows NT Audit Basics. System Audit. Application Audit. Security Audit. Windows NT Security Audit Capabilities. Audit Policy Design. What to Audit. Whom to Audit. When to Audit. When to Clear the Audit Log. Example Audit Scenario. Event Viewer. Restrict Guest Access. Check Registry Security. Audit Policy Setup. Event Log Settings. Event Log Distribution. Enabling Audit Policies. Viewing Event Data. Summary.

10. Microsoft Management Console.

MMC Panes. Consoles. Creating Your Own Consoles. Windows NT 4.0 SP4. Windows 2000. Console Layout. Saving Your Consoles. Accessing Saved Consoles. Console Security Settings. Summary.

11. Security Configuration Manager for NT 4.0.

The Dangers of the SCM. Installation and Configuration. SCM-NT Functionality Overview. Template File Definition. Security Configuration. Security Analysis. Security Configuration Areas. SECEDIT Command-Line Utility. Unconfigured System Analysis. Comparing Analysis Results. Comparing Analysis Results. Applying a Standard Security Configuration File. Saving the New Configuration. Template Files. Custom Template File Location. Creating a Blank Template. Creating Custom Templates. Template Descriptions. Configured System Analysis. Security Areas. Static Definitions. Account Policies. Local Policies. Event Log. Dynamic Definitions. Restricted Groups. System Services. Registry. File System. ACL Editor. Protection of Child Objects. Inheritable Permissions. Advanced Attributes. Updating the Baseline Template. Summary.

III. LOOKING FORWARD TO WINDOWS 2000.

12. Windows 2000 Overview.

Introduction to the Windows 2000 Infrastructure. The Reality of Client/Server Technology. Client/Server Moves On. Features. Introduction of the Active Directory. Hierarchical Namespace. Object Organization. Replicating the Active Directory. Scalability. A Complete Directory Solution? Do You Use Administrator Account Too Much?

13. Active Directory.

What Is a Directory Service? Directory Terminology. Windows 2000 Active Directory Overview. Centralized Management. Single Unified Directory. Scalability. Domain Structure. Organizational Units (OU). Active Directory Structure. Naming Support. Partitions. MultiMaster Replication. Active Directory Security. Administration. Secondary Logon. Trusted Administrative Applications. Delegation of Administrative Rights and Processes. Windows 2000 Authentication Process. Local Machine Authentication. Application Server Authentication. Domains and Trust Relationships. Inheritance. Transitive Trusts. Advantages of the Directory System. Object Organization. Scalability. Replication. Groups. Granularity of Access Controls. Management Interfaces. Summary.

14. Security Configuration Tool Set.

Building Your Security Management Console. Benefits of Saved Console. New Console Creation. Security Configuration Server service. Security Configuration Editor (SCE). Security Configuration Manager (SCM). Group Policy Editor. Introduction to Security Policies. Security Configuration Editor (SCE). Preinstalled Security Policy Templates. Security Configuration Manager (SCM). Sample Security Implementation: Local Machine. Build a New Template. Implement the New Template. Security Policy Violation and Analysis. Group Policy Editor. Security Configuration Manager: Command Line.

15. Group Policies.

Group Policies. Benefits of Group Policies. Group Policy Categories. Uses of Group Policies. User and Computer Settings. Security Groups. Software Policies. Software Management. Scripting. User File and Folders. Group Policies vs Local Policies. Group Policy Storage. Backward Compatibility. Group Policy Administration Requirements. Group Policy Migration Pattern. Group Policy Implementation. Summary.

16. File Systems.

Distributed File System. Securing Your Data in a DFS. Load Balancing. Disparate File Systems. ACLs. Encrypting File System (EFS) Architecture. NTFS Integration. Low Administrative Overhead. File Encryption, Decryption, and Recovery Mechanisms. File Encryption. Accessing Encrypted Files. File Decryption. File Recovery. File Sharing. Encryption and Decryption Processes. Implementing File and Folder Encryption. Implementing File and Folder Decryption. Copying Encrypted Files and Folders. Backing Up Encrypted Files and Folders. Restoring Encrypted Files and Folders. Encrypted File Recovery Process. Defining Recovery Agents. Adding Recovery Agents. The Future of EFS.

Appendix A: System Policy File Listings.

Common.adm. Winnt.adm.

Appendix B: Proxy Server Logging Information.

Services Logging Information. Server-Oriented Fields. Client-Oriented Fields. Connection-Oriented Fields. Object-Oriented Fields. Packet Filter Logging Information. Service Information Fields. Remote Information Fields. Local Information Fields. Filter Information Fields. Packet Information Fields.

Appendix C:Security Checklist.
Index.

Preface

Preface

System security is a tricky subject to write about. The measurement of what is secure and what isnÕt secure is highly subjective and dependent on many factors. The individual or group view of todayÕs requirements for your organization, assumptions, and any known facts concerning the situation in the future and views on the criticality of your systems are all factors relating to this measurement.

It would be very easy for me to preach about what I think you should do to secure your systems, but without knowledge of your individual environment and needs, it would also be very wrong.

With this book I have approached the subject of security in two ways. First, I have tried to show why you may consider implementing a particular security feature or process. This attempt has been included to prompt the discussions between you and your colleagues that are a necessary part of the design process for the security model. Second, I have included step-by-step guides for implementing the security feature itself. You will be able to use the step-by-step guides to implement the security features and thresholds that are right for your organizational needs, adapting the examples as necessary.

Audience

Windows NT Security targets Systems and Network Administrators, Security Professionals, System Audit Specialists, Compliance Officers, Developers, and anybody who needs to understand Windows NT and Windows 2000 security features.

Concern over data security today means that management focus is moving more than ever toward data and system security. Sadly, this focus and the ensuing demand for performance are not always accompanied by a large budget allowing for add-on tools and specialist consultants who can design your security model and help to implement this design. The responsibility for the design, implementation, and maintenance of the security model falls on the shoulders of the System Administrators or other in-house group of professionals who may not have needed to face this particular challenge before.

The content of this book requires a good administrative knowledge of Windows NT systems and also Windows 2000 systems if you wish to leverage the Windows 2000 content to its fullest potential. Many of the functions and features discussed in this book focus on the system registry as both a source of information and also the place to make changes to move toward the target of securing your systems. For this reason, the reader knowledge level for this book has been set between intermediate and advanced. Readers should be comfortable using the registry editing tools for browsing and amending settings before attempting any of the exercises that include this type of activity.

Organization

Windows NT Security is divided into three parts.

Part One, System Security Overview, is an introduction to security concepts and how these concepts can be mapped to the Windows NT security architecture. This is a good starting point for all readers and will give you grounding in this particular topic. Seasoned Security Professionals who feel comfortable with their own knowledge in this area may still want to cover this part of the book simply as a comparison tool to their own thoughts.

Part Two, Windows NT 4.0 Security Components, looks at the security related components of Windows NT 4.0. This part of the book looks at all of the built-in features of Windows NT and how they can be best leveraged at your own site to meet the needs for security and also give the flexibility required to run a business.

Part Three, Looking Forward to Windows 2000, looks at Windows 2000 and the changes in the security model between Windows NT 4.0 and Windows 2000. This part contains an introduction to the Active Directory and then moves on to look at the security-specific features contained in the new operating system. Encrypting file systems, distributed file systems and the security concerns around this technology, the security configuration tool set, and group policies are discussed in this part of the book.

Each chapter is organized as individual unit. The chapter can be looked at on its own, and because of this organization, the seasoned NT professional can use the book as a reference guide to each topic. The main focus, however, is on building a security model for your organization, and as readers work through the book, the security model can be defined around the concepts and discussions contained in each chapter. Readers will gain the most benefit from this approach to the book.

Updates

Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020


Other Things You Might Like

Complete Guide to Microsoft Copilot for Security: Empower and Protect the Security Operations Center (SOC) (Video)

Complete Guide to Microsoft Copilot for Security: Empower and Protect the Security Operations Center (SOC) (Video)

Exam Ref AZ-500 Microsoft Azure Security Technologies

Exam Ref AZ-500 Microsoft Azure Security Technologies, 3rd Edition

Windows 2000 System Administration Handbook

Windows 2000 System Administration Handbook