Acknowledgments.

Introduction.

Part I: The Basics in Depth.

Chapter 1: Windows Attacks.

Chapter 2: Conventional and Unconventional Defenses.

Chapter 3: NTFS Permissions 101.

Part II: OS Hardening.

Chapter 4: Preventing Password Crackers.

Chapter 5: Protecting High–Risk Files.

Chapter 6: Protecting High–Risk Registry Entries.

Chapter 7: Tightening Services.

Chapter 8: Using IPSec.

Part III: Application Security.

Chapter 9: Stopping Unauthorized Execution.

Chapter 10: Securing Internet Explorer.

Chapter 11: Protecting E–mail.

Chapter 12: IIS Security.

Chapter 13: Using Encrypting File System.

Part IV: Automating Security.

Chapter 14: Group Policy Explained.

Chapter 15: Designing a Secure Active Directory Infrastructure.

Book Summary.

Index.

Roger A. Grimes (CPA, CISSP, MCSE: Security, MVP, CEH, CHFI, TICSA) is a 20–year computer security consultant, writer, and teacher. He has written over a 150 national magazine articles on computer security, and this is his fifth book on Microsoft Windows security. He has consulted for many of the world’s best–known enterprises (including McAfee, Microsoft, Verisign, and IBM), multiple universities, cities and school systems, plus every branch of the U.S. armed forces. He is currently a highly rated instructor teaching Windows and Linux security in Foundstone’s Ultimate Hacking classes. He has presented at many of the industry’s largest conferences, including MCP TechMentor, Windows Connections, and SANS. He was a contributing editor for Windows IT Pro magazine, and is the security columnist for InfoWorld magazine. He has written several advanced security courses, including for Microsoft. He is a three–year recipient of Microsoft’s Most Valuable Professional (MVP) award, and was the creator and team leader of the successful www.hackiis6.com contest.

Today′s uber viruses, worms, and trojans may seem more damaging than ever, but the attacking malware and malicious hackers are using the same tricks they always have. With this book, Microsoft MVP Roger Grimes exposes the real threat to Windows computers and offers practical guidance to secure those systems.

Grimes shares proven yet unconventional defenses that most Windows administrators don′t use. He walks you step–by–step through these techniques, clearly showing you how to secure your Windows operating system beyond the Microsoft defaults. You′ll get security advice for Windows 2000, XP, and Server 2003, in addition to emerging technologies from Microsoft. Plus, the book details hundreds of group policy settings and the best way to apply group policy objects. Ultimately, you′ll discover how to harden Microsoft′s most commonly attacked applications while automating all of your security settings.

What you will learn from this book

• How Windows desktop and server security can be dramatically improved by configuring default security
• Ways to enhance authentication and prevent password crackers
• Techniques for stopping unauthorized application installation or execution
• Tips for defending against the biggest e–mail security threats
• How to achieve seamless and secure file encryption
• Steps to create customized security and administrative templates
• How Internet Explorer functions behind the scenes and the recommended configuration

Who this book is for

This book is for Microsoft Windows administrators who need to significantly increase the security of their clients and servers using the best methods available.

Wrox Professional guides are planned and written by working programmers to meet the real–world needs of programmers, developers, and IT professionals. Focused and relevant, they address the issues technology professionals face every day. They provide examples, practical solutions, and expert education in new technologies, all designed to help programmers do a better job.