Secur i ty fo r Microsof t Windows Sys tem Adminis t ra tors

Secur i ty fo r Microsof t Windows Sys tem Adminis t ra torsIntroduction to Key Information Security Concepts

Derrick RountreeRodney Buike, Technical Editor

SYNGRESS®

AMSTERDAM • BOSTON • HEIDELBERG • LONDONNEW YORK • OXFORD • PARIS • SAN DIEGO

SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYOSyngress is an imprint of Elsevier

Acquiring Editor: Angelina Ward Development Editor: Heather Scherer Project Manager: Paul Gottehrer Designer: Alisa Andreola

Syngress is an imprint of Elsevier 30 Corporate Drive, Suite 400, Burlington, MA 01803, USA © 2011 Elsevier, Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions .

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices Knowledge and best practice in this fi eld are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

Library of Congress Cataloging-in-Publication Data Application submitted

British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library.

ISBN: 978-1-59749-594-3

Printed in the United States of America 10 11 12 13 14 10 9 8 7 6 5 4 3 2 1

Typeset by: diacriTech, Chennai, India

For information on all Syngress publications visit our website at www.syngress.com

Dedication

This book is dedicated to my daughter Riley, my grandmother Rosa, and my great grandmother Mary.

CONTENTS vii

CONTENTS Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix About the Author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

Chapter 1 Introduction to General Security Concepts . . . . . . . . . . . . . . . . . . 1 Principles of Information Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Information Security Standards, Regulations, and Compliance . . . . . . . . 4 Authentication, Authorization, and Accounting (AAA) . . . . . . . . . . . . . . 10 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Chapter 2 Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Basic Cryptography Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 PKI Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Implementing PKI and Certifi cate Management . . . . . . . . . . . . . . . . . . . 53 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Chapter 3 Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 General Network Concepts and Vulnerabilities . . . . . . . . . . . . . . . . . . . . 71 Network Services and Network Devices . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Internet Security and Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Network Security Tools and Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106

Chapter 4 System Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 General System Security Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109 Hardware and Peripheral Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115 OS and Application Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117 Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 System-Based Security Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Chapter 5 Organizational and Operational Security . . . . . . . . . . . . . . . . . . 135 Physical Security Concepts and Vulnerabilities . . . . . . . . . . . . . . . . . . . 135 Policies and Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

viii CONTENTS

Risk Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Business Continuity and Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . 152 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Chapter 6 Security Assessments and Audits . . . . . . . . . . . . . . . . . . . . . . . . 161 Vulnerability Assessments and Testing . . . . . . . . . . . . . . . . . . . . . . . . . 161 Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Logging and Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

Appendix A: Common Applications and Port Numbers . . . . . . . . . . . . 189 Appendix B: Information Security Professional Certifi cations . . . . . . . .191 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193

ACKNOWLEDGMENTS ix

Acknowledgments First, I would like to thank my wife Michelle. We are heading down the new road of parenthood together. It’s both exciting and a little bit scary. I would like to thank my mother Claudine, my sister Kanesha, and my grandmother Lugenia. Thank you for being there for me. I would also like to thank my two best friends Carrie and Fela. The two of you have shown me what true friend-ship is. You’ve also served as examples of persistence and dedica-tion. Because of you, I know the road may be long, but if you stick with it, eventually you will get to your destination. I love you all.

Finally, I would like to thank the Elsevier staff, especially Angelina Ward, Senior Acquisitions Editor and Heather Scherer, Developmental Editor. It has truly been a pleasure working with you.

ABOUT THE AUTHOR xi

About the Author Derrick Rountree (CISSP, Security +, MCSE, MCSA) has been in the IT fi eld for over 16 years. He has a Bachelors of Science in Electrical Engineering. Derrick has held positions as a network administrator, IT consultant, and QA engineer. He has experi-ence in network security, operating system security, application security, and secure software development. Derrick has contrib-uted to several other Syngress and Elsevier publications on Citrix, Microsoft, and Cisco technologies.

Tech Editor Rodney Buike (MCSE) is an IT pro advisor with Microsoft Canada. As an IT pro advisor, Rodney spends his day helping IT professionals in Canada with issues and challenges they face in their environment and careers. He also advocates for a stronger community presence and shares knowledge through blogging, podcasts, and in-person events.

Rodney’s specialties include Exchange Server, virtualiza-tion, and core infrastructure technologies on the Windows plat-form. Rodney worked as a LAN administrator, system engineer, and consultant and has acted as a reviewer on many popular technical books. Rodney is also the founder and principal con-tent provider for Thelazyadmin.com and a former author for MSExchange.org .