IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built.

This straightforward guide begins each chapter by laying out a list of topics to be discussed, followed by a concise discussion of the core networking skills you need to have to gain a strong handle on the subject matter. Chapters conclude with review questions and suggested labs so you can measure your level of understanding of the chapter's content.

If you're new to IT and interested in entering the IT workforce, thenMicrosoft Windows Security Essentials is essential reading.

Darril Gibson, MCSE, MCITP, ITIL v3, Security+, CISSP, is the CEO of Security Consulting and Training, LLC. A Microsoft Certified Trainer since August, 1999, he regularly teaches, writes, and consults on a wide variety of security and technical topics. He has authored, coauthored, or contributed to 14 books on a wide range of topics that include Server 2008, Windows 7, SQL Server, CompTIA Security+, and security.

Introduction xix

Chapter 1 Understanding Core Security Principles 1

Understanding Risk 1

Exploring the Security Triad 4

Protecting Against Loss of Confidentiality 5

Protecting Against Loss of Availability 5

Protecting Against Loss of Integrity 6

Implementing a Defense-in-Depth Security Strategy 7

Enforcing the Principle of Least Privilege 9

Hardening a Server 10

Reducing the Attack Surface 11

Keeping a System Updated 14

Enabling the Firewall 16

Installing Antivirus Software 16

The Essentials and Beyond 16

Chapter 2 Understanding Malware and Social Engineering 19

Comparing Malware 19

Viruses 21

Worms 22

Trojan Horses 23

Buffer-Overflow Attacks 25

Spyware 26

Understanding the Threat 27

Protecting Against Malware 28

Using Antivirus Software 29

Using Microsoft Security Essentials on Desktops 31

Thwarting Social-Engineering Attacks 34

Social Engineering in Person 34

Social Engineering with a Phone Call 34

Recognizing Phishing Attempts 35

Recognizing Pharming 38

Protecting Email 39

The Essentials and Beyond 41

Chapter 3 Understanding User Authentication 43

Comparing the Three Factors of Authentication 44

Using Passwords for Authentication 45

Comparing Password Attack Methods 45

Creating Strong Passwords 47

Enforcing Strong Passwords 49

Exploring Account Lockout Policies 51

Unlocking an Account 53

Resetting a Password 55

Changing a Password 57

Creating a Password-Reset Disk 58

Using Smart Cards and Token Devices for Authentication 59

Using Biometrics for Authentication 60

Starting Applications with Run As Administrator 61

Preventing Time Skew with Kerberos 63

Identifying RADIUS Capabilities 64

Identifying Unsecure Authentication Protocols 65

LM 66

NTLM (NTLMv1) 66

The Essentials and Beyond 67

Chapter 4 Securing Access with Permissions 69

Comparing NTFS Permissions 69

Identifying Basic NTFS Permissions 70

Identifying Advanced NTFS Permissions 71

Combining Permissions 75

Enabling and Disabling Permission Inheritance 76

Moving and Copying Files 79

Comparing NTFS and FAT 81

Exploring Share Permissions 81

Identifying Share Permissions 83

Combining NTFS and Share Permissions 85

Identifying Active Directory Permissions 87

Viewing Active Directory Users and Computers 87

Comparing NTFS and Active Directory Permissions 88

Viewing Active Directory Permissions 88

Assigning Registry Permissions 91

The Essentials and Beyond 93

Chapter 5 Using Audit Policies and Network Auditing 95

Exploring Audit Policies 96

Exploring Object Access Auditing 99

Comparing Account Logon and Logon Events 101

Exploring Directory Service Access Auditing 102

Understanding Account Management Auditing 103

Understanding System Events Auditing 103

Understanding Privilege Use Auditing 104

Understanding Policy Change Auditing 105

Understanding Process Tracking 105

Enabling Auditing 105

Enabling Object Access Auditing 107

Enabling Directory Service Access Auditing 108

Viewing Audit Information 110

Managing Security Logs 111

Saving Audit Information 113

Securing Audit Information 113

Auditing a Network with MBSA 114

Installing MBSA 116

Running MBSA 116

The Essentials and Beyond 117

Chapter 6 Protecting Clients and Servers 121

Understanding User Account Control 122

Understanding the Dimmed Desktop 123

Modifying User Account Control 123

Keeping Systems Updated 125

Updating Systems with Automatic Updates 126

Updating Systems with WSUS or SCCM 128

Using Group Policy to Configure Clients 129

Protecting Clients 130

Understanding Offline Folders 130

Encrypting Offline Folders 132

Using Software-Restriction Policies 133

Protecting Servers 135

Using Separate VLANs 136

Separating Services 136

Using Read-Only Domain Controllers 139

Exploring DNS Security Issues 140

Protecting Against Email Spoofing with SPF Records 141

Understanding Dynamic Updates 141

Using Secure Dynamic Updates 142

The Essentials and Beyond 144

Chapter 7 Protecting a Network 147

Identifying Common Attack Methods 147

Denial of Service 148

Distributed Denial of Service 149

Sniffing Attack 149

Spoofing Attack 151

Port Scan 151

Exploring Firewalls 153

Comparing Hardware-Based and Software-Based Firewalls 154

Comparing UTMs and SCMs 155

Isolating Servers on Perimeter Networks 157

Using Honeypots 159

Isolating a Network with NAT 159

Exploring Network Access Protection 159

Understanding NAP Components 160

Evaluating Client Health with VPN Enforcement 162

Using Other NAP Enforcement Methods 163

Identifying NAP Requirements 163

Identifying Protocol Security Methods 164

IPsec 165

Comparing Tunneling Protocols 166

DNSSEC 167

The Essentials and Beyond 168

Chapter 8 Understanding Wireless Security 171

Comparing Wireless Devices 171

Wireless Adapters 172

Wireless Access Points 173

Wireless Routers 173

Comparing Wireless Security Methods 174

Understanding Encryption Keys 175

Wired Equivalent Privacy 175

Wi-Fi Protected Access 176

Wi-Fi Protected Access Version 2 177

Extended Authentication Protocol 178

Viewing Windows 7 Wireless Settings 179

Configuring Wireless Routers 183

Changing the Default Administrator Password 183

Changing the SSID 183

To Broadcast or Not to Broadcast 185

Using MAC Filters 187

Configuring Windows 7 for Wireless 189

The Essentials and Beyond 190

Chapter 9 Understanding Physical Security 193

Comparing Site Security and Computer Security 194

Understanding the Importance of Physical Security 194

Controlling Physical Access 196

Using Switches Instead of Hubs 199

Using Group Policy to Enhance Computer Security 200

Understanding Default GPOs 200

Designing OUs and GPOs to Manage Users and Computers 201

Creating OUs in a Domain 202

Moving Objects into an OU 203

Creating GPOs to Manage Users and Computers 203

Understanding Security Settings in a GPO 204

Disabling Log On Locally with Group Policy 206

Controlling Removable Storage Access with Group Policy 209

Exploring Mobile Device Security 211

Protecting Mobile Devices Against Malware 212

Minimizing Risks with Bluetooth Devices 212

The Essentials and Beyond 213

Chapter 10 Enforcing Confidentiality with Encryption 215

Comparing Encryption Methods 216

Understanding Symmetric Encryption 216

Exploring AES 218

Understanding Asymmetric Encryption 219

Using Certificates to Share Public Keys 222

Understanding Hashing 223

Securing Email 225

Encrypting Email 226

Digitally Signing Email 228

Understanding EFS 231

Encrypting and Decrypting Files with EFS 232

Understanding the Recovery Agent 233

Understanding Behavior When Files Are Moved or Copied 233

Exploring BitLocker Drive Encryption 235

Understanding BitLocker Requirements 235

Understanding Recovery Keys 236

Using BitLocker To Go 237

The Essentials and Beyond 238

Chapter 11 Understanding Certificates and a PKI 241

Understanding a Certificate 241

Comparing Public and Private Keys 243

Understanding Certificate Errors 245

Viewing Certificate Properties 248

Exploring the Components of a PKI 251

Understanding the Certificate Chain 252

Comparing Certificate Services 254

The Essentials and Beyond 255

Chapter 12 Understanding Internet Explorer Security 257

Exploring Browser Settings 257

Understanding IE Enhanced Security Configuration 259

Selecting Cookies Settings 260

Manipulating the Pop-up Blocker 262

Using InPrivate Filtering and InPrivate Browsing 263

Deleting Browser History 265

Managing Add-ons 266

Exploring Advanced Security Settings 268

Comparing Security Zones 269

Using IE Tools to Identify Malicious Websites 272

Understanding the SmartScreen Filter 272

Modifying Protected Mode 273

The Essentials and Beyond 273

Appendix A Answers to Review Questions 277

Chapter 1 277

Chapter 2 278

Chapter 3 278

Chapter 4 279

Chapter 5 280

Chapter 6 281

Chapter 7 282

Chapter 8 282

Chapter 9 283

Chapter 10 284

Chapter 11 285

Chapter 12 286

Appendix B Microsofts Certification Program 287

Certification Objectives Map 288

Index 293