•
•
•
•
•
•
TableofContents
Index
Reviews
ReaderReviews
Errata
Academic
SecuringWindowsServer2003
ByMikeDanseglio
Publisher :O'Reilly
PubDate :November2004
ISBN :0-596-00685-3
Pages :456
IfyouuseWindows2003Serveratasmallto
medium-sizedorganization,oruseMicrosoft's
SmallBusinessServer,thisthoroughyet
concisetutorialoffersthehands-onadvice
youneedforsecuringyournetwork.Securing
WindowsServer2003notonlyshowsyou
howtoputWindowssecuritytoolstowork,
butguidesyouthroughwaystoplanand
implementasecureoperatingenvironment.
•
•
•
•
•
•
TableofContents
Index
Reviews
ReaderReviews
Errata
Academic
SecuringWindowsServer2003
ByMikeDanseglio
Publisher :O'Reilly
PubDate :November2004
ISBN :0-596-00685-3
Pages :456
Copyright
Preface
What'sinThisBook?
Audience
AboutThisBook
ConventionsUsedinThisBook
AssumptionsThisBookMakes
CommentsandQuestions
Acknowledgments
Chapter1.IntroductiontoWindowsServer2003Security
Section1.1.WhatIsSecurity?
Section1.2.WhatIsWindowsServer2003?
Section1.4.SecurityFeaturesintheWindowsServer2003Family
Section1.3.SecurityDesigninWindowsServer2003
Section1.5.Summary
Chapter2.BasicsofComputerSecurity
Section2.1.WhyComputerSecurityIsImportant
Section2.2.SecurityEnforcementMechanisms
Section2.3.POLA:ThePrincipleofLeastAccess
Section2.5.AuthorizationandAuthentication
Section2.7.NetworkSecurity
Section2.4.Key-BasedCryptography
Section2.6.PasswordBasics
Section2.8.KeepingYourEyesOpen
Section2.9.Summary
Chapter3.PhysicalSecurity
Section3.1.IdentifyingPhysicalSecurityVulnerabilities
Section3.2.ProtectingPhysicalAssets
Section3.3.HolisticSecurity:BestPractices
Section3.4.Summary
Chapter4.FileSystemSecurity
Section4.1.ProtectingFileswithNTFSFilePermissions
Section4.2.ProtectingDatawiththeEncryptingFileSystem
Section4.3.ProtectingSystemInformationwithSyskey
Section4.4.Summary
Chapter5.GroupPolicyandSecurityTemplates
Section5.1.WhatIsGroupPolicy?
Section5.2.HowGroupPolicyWorks
Section5.4.UsingGroupPolicytoEnforceSecurity
Section5.3.HowDoSecurityTemplatesWork?
Section5.5.UsingSecurityTemplatestoDeploySecureConfigurations
Section5.6.Summary
Chapter6.RunningSecureCode
Section6.1.IdentifyingSecureCode
Section6.2.DriverSigning
Section6.3.SoftwareRestrictionPolicies
Section6.4.Summary
Chapter7.Authentication
Section7.1.LANManagerandNTLM
Section7.2.Kerberos
Section7.3.Summary
Chapter8.IPSecurity
Section8.1.WhatIsIPSecurity?
Section8.2.HowDoesIPSecWork?
Section8.3.Microsoft'sImplementationofIPSecinWindowsServer2003
Section8.4.UsingIPSecCorrectly
Section8.5.Summary
Chapter9.CertificatesandPublicKeyInfrastructure
Section9.1.WhatAreCertificates?
Section9.2.WhatDoIDowithCertificates?
Section9.3.WhatIsaCertificationAuthority?
Section9.5.ImplementingaPublicPKI
Section9.7.ImplementingaPrivateCertificationHierarchy
Section9.4.DecidingBetweenPublicandPrivateCertificationAuthorities
Section9.6.PlanningYourPrivateCertificationHierarchy
Section9.8.MaintainingYourHierarchy
Section9.9.Summary
Chapter10.SmartCardTechnology
Section10.1.WhatAreSmartCards?
Section10.2.UsingSmartCards
Section10.3.Summary
Chapter11.DHCPandDNSSecurity
Section11.1.DHCP
Section11.2.DNS
Section11.3.DNSandDHCPTogether
Section11.4.Summary
Chapter12.InternetInformationServicesSecurity
Section12.1.WhatIsIIS?
Section12.2.HowDoesIISWork?
Section12.3.UsingIISSecurely
Section12.4.Summary
Chapter13.ActiveDirectorySecurity
Section13.1.WhatIsActiveDirectory?
Section13.2.StructuralComponentsofActiveDirectory
Section13.3.DomainControllers
Section13.5.ProvidingSecurityforDomains
Section13.7.ProvidingSecurityforActiveDirectoryObjects
Section13.4.DefaultSecurityThroughGPOs
Section13.6.ProvidingSecurityforForests
Section13.8.ProvidingSecurityforDomainControllers
Section13.9.Summary
Chapter14.RemoteAccessSecurity
Section14.1.WhatIsRemoteAccess?
Section14.2.ControllingAccess
Section14.3.AuthenticationandEncryptionProtocols
Section14.4.VirtualPrivateNetworks
Section14.5.ExampleImplementationsforRemoteAccess
Section14.6.Summary
Chapter15.AuditingandOngoingSecurity
Section15.1.SecurityPoliciesandProcedures
Section15.2.Auditing
Section15.3.OperatingSystemUpdates
Section15.4.Summary
AppendixA.SendingSecureEmail
SectionA.1.WhatIsSecureEmail?
SectionA.2.HowDoesSecureEmailWork?
SectionA.4.SecureEmailImplementation
SectionA.3.ConsiderationsforSecureEmail
SectionA.5.Summary
Colophon
Index
Copyright©2005O'ReillyMedia,Inc.Allrightsreserved.
PrintedintheUnitedStatesofAmerica.
PublishedbyO'ReillyMedia,Inc.,1005GravensteinHighway
North,Sebastopol,CA95472.
O'Reillybooksmaybepurchasedforeducational,business,or
salespromotionaluse.Onlineeditionsarealsoavailablefor
mosttitles().Formoreinformation,
contactourcorporate/institutionalsalesdepartment:(800)
998-9938or
NutshellHandbook,theNutshellHandbooklogo,andthe
O'ReillylogoareregisteredtrademarksofO'ReillyMedia,Inc.
SecuringWindowsServer2003,theimageofawandering
albatross,andrelatedtradedressaretrademarksofO'Reilly
Media,Inc.
Microsoft,MSDN,the.NETlogo,VisualBasic,VisualC++,
VisualStudio,andWindowsareregisteredtrademarksof
MicrosoftCorporation.
Manyofthedesignationsusedbymanufacturersandsellersto
distinguishtheirproductsareclaimedastrademarks.Where
thosedesignationsappearinthisbook,andO'ReillyMedia,Inc.
wasawareofatrademarkclaim,thedesignationshavebeen
printedincapsorinitialcaps.
Whileeveryprecautionhasbeentakeninthepreparationofthis
book,thepublisherandauthorsassumenoresponsibilityfor
errorsoromissions,orfordamagesresultingfromtheuseof
theinformationcontainedherein.
Preface
Asthetitleimplies,thisbookisaboutsecurityintheWindows
Server2003operatingsystemandhowtoputittoworkon
behalfofyourorganizationandyourusers.
WindowsServer2003hasquiteanumberofuses.Itcanserve
inanetworksupportrole,supplyingservicessuchasDHCPand
DNS.Itcantakeamoreactivepartinobjectmanagement,
suchaswhenusedasanActiveDirectorydomaincontroller.It
canalsoserveasapersonaloperatingsystem,sinceitisso
closelytiedwithitsbrother,WindowsXP.Inthisrole,itmight
providesecurityoflocaldataandhost-basednetwork
communications.
I'vebrokendownthebookbytechnology.Eachchaptercovers
oneormoreofthetechnologiesthatWindowsServer2003
provides.MostofthesesuchasIPSecareprimarilysecurityfocused.However,somesuchasDHCParenot.
Eachchapteranswersthreequestionsaboutthetechnologyit
covers:
Whatthetechnologyisandhowit'sused
Eachchapterbeginswithabriefintroductiontothe
technology.Ifyouhavenoideawhatthistechnologydoes,
thisisaquickwaytolearnaboutit.Idon'tboreyouwith
marketingspinorpolishedterms.Ijusttellyouwhatthe
technologydoesandwhatafewofthemostlikelyuses
mightbe.
Howthetechnologyworks
Tounderstandatechnology'ssecurityimplications,you
usuallyneedtoknowhowitworks.Thissectioniskept
deliberatelybriefandsometimesexcludesdetailsthatyou
don'tneedtoknow.Idothis,nottokeepyouinthedark,
buttomakesurethatyou'refocusedonhowthething
worksandthatyoudon'tbogdowninminutiathat,inyour
jobandscope,wouldbeuselessanddistracting.
Howtousethetechnologyproperlytoserveyoursystem
Throughlotsofresearchanddirectinteraction,thebook's
contributorsandIhavecomeupwithasetofcommonuses
forthetechnologiesdetailedinthisbook.Alloftheseare
basedonrealexperience,nottheoreticalenvironmentsor
marketing-basedblueskyscenarios.Itakeyouthrough
theseexamplesandshowyouexactlyhowtogetthe
desiredresults.Inmostcases,Iprovideakeystrokelevelof
detailtoensureyoudon'tmissathing.
Ofcourse,allpossiblescenarioscan'tbecoveredinthis
book.BecausethedifferentWindowscomponentscanbe
configuredsomanyways,itwouldbeimpossibletopresent
allapproachestoallpossiblescenarios.Butthecontentof
thisbookshouldprovidemorethanenoughinformationfor
youtomakedecisionsonthetechnologiesaswellastest
andunderstandthem.
Onethingyou'llseeinthisbookthatyoumaynothaveseen
beforeisSecurityShowdownsections.Thisisapointcounterpointdebatebetweenmyselfandasemifictional
coworker,Don.Iuseitseveraltimesthroughoutthebookto
showthatsomedebatesaboutsecuritymethodologiesand
techniquesarenoteasilyanswered.Someofthemareso
contentiousthattheyseemlikereligiousdebatesattimes.You
shouldunderstandthatsecurity-focusedindividualstendto
haveopinionsaboutsecurityandthattheyliketoarguewith
peoplewhoholddifferentvalues.Thesearegood-naturedand
oftenhelpexplainbothpositions.Sopleasereadthesesections
asI'veintended,asanopendiscussionofthemeritsand
hazardsofmultipletacticstoachievethesamegoal.
What'sinThisBook?
Thisbookconsistsof15chaptersandanappendix.Hereisa
briefoverviewofeachchapter:
Chapter1
Thischaptersetsthestageforthebookbyprovidingan
introductiontoWindowsServer2003.
Chapter2
Thischaptercoversbasiccomputersecurityconcepts,
includingcryptographyandfundamentalpracticesfor
securityadministrators.
Chapter3
Thischaptercoversvariousaspectsofphysicalsecurity,
whichisessentialforanydatasecuritytosucceed.
Chapter4
ThischapterisallaboutsecuringfileswithEncryptingFile
Systemandotherfile-orientedtechnologies.
Chapter5
ThischapterfocusesonusingGroupPolicyasasecuritytool
andutilizingSecurityTemplates.
Chapter6
Thischapterdiscusseswaysyoucanprotectagainst
runningbadapplications.
Chapter7
Thischaptercoversthevariousauthenticationprotocols
supportedbyWindowsServer2003,includingKerberos.
Chapter8
ThischapterexaminesIPSecurityanditsproper
deploymenttosecurenetworkcommunication.
Chapter9
ThischapterisanexhaustiveexaminationofPKIand
certificate-basedcryptography.
Chapter10
Thischaptercoverssmartcardtechnologiesandtheir
properdeployment.
Chapter11
Thischapterfocusesonthegrotesquelackofsecurityin
DHCPandDNStechnologiesandhowyoucantrytoshore
themup.
Chapter12
ThischaptercoversInternetInformationServicessecurity,
orthelackthereof.
Chapter13
ThischapterexaminesActiveDirectorydesignand
operationfromasecuritystandpoint,includingproper
planninganddeployment,aswellassecuringdatabetween
domaincontrollers.
Chapter14
ThischaptercoversthesecurityfeaturesofRemoteAccess,
includingdial-upandVPNconnectivity.
Chapter15
Thischaptercoversadditionaltopicssuchasadministrative
security,patchmanagement,andauditing.
Appendix,SendingSecureEmail
Thisappendixcoverstopicsrelatingtosecureemail.
Audience
I'vewrittenthisbookforthefolkswhoactuallyuseWindows
Server2003.IfyouuseWindowsServer2003inany
environment,youmostlikelyalreadyhaveabasicknowledgeof
theoperatingsystemandhowitworks.Sothatfundamental
knowledgeisassumedinthisbook.
Ijumpstraightintothetopicsofinterestinthesecurityarea.
However,Idon'tassumeyouhaveadeeparchitectural
knowledgeofeveryWindowscomponentandsubsystem.So,
whenappropriate,Iusediagramsandflowchartstohelp
illustratesecurity-specificfeaturesandcomponentsthatyou
maynothaveencountered.
AboutThisBook
ThisbookcoversWindowsServer2003andsomeamountof
WindowsXPsecurity.ItisalmostentirelyfocusedonWindowsbasedsecurity,buthasseveralsectionsonnon-Windows
securitytopicsthatmustbeunderstood.Theseincludephysical
security,securitypolicy,andriskmanagement.
Nowthatyouknowwhatthisbookisabout,Ishouldexplain
whatthisbookisnotabout.Thisbookisnotacompendious
referenceofeverypossiblesettingorfeatureinWindows.It's
notintendedtobeasit-on-the-shelfbook.I'vewrittenitsothat
youcanactuallyusethecontenttodothings.Assuch,it's
directandbrief.I'veincludedlinkstoresourceswhen
appropriatesoyoucanaccessthereference-stylematerialyou
mightneedwithouthavingtoslogthroughithere.
AssumptionsThisBookMakes
YoushouldhaveafundamentalunderstandingofWindows
serveroperatingsystemstousethisbook.Ifyouhave
experienceinstallingandrunningWindowsServer2003and
WindowsXP,youwillgetalotoutofthisbook.
Toanextent,Iassumeyou'rerunningWindowsServer2003in
abusinessofsomesignificantsize.Manyoftheexamplesinthe
bookassumeanetworkinfrastructurethatismostoftenseenin
mid-tolarge-sizebusinesses,suchasadistributedActive
Directoryforest.However,Idoattempttoframeeachexample
withtheassumptionsImakeforit.Inmostcases,these
exampleswillscaleupordowntofityourspecificenvironment.
Youdonotneedanin-depthunderstandingofsecuritytopicsor
aPh.D.inmathematicstoreadthisbook.Whowouldusea
booklikethatanyway?Thosepeoplealreadyknoweverything.
ConventionsUsedinThisBook
Thefollowingtypographicalconventionsareusedinthisbook:
Plaintext
Indicatesmenutitles,menuoptions,menubuttons,and
keyboardaccelerators(suchasAltandCtrl).
Italic
Indicatesnewterms,URLs,emailaddresses,filenames,file
extensions,pathnames,directories,andUnixutilities.
Constantwidth
Indicatescommands,options,switches,parameters,the
contentsoffiles,ortheoutputfromcommands.
Constantwidthbold
Showscommandsorothertextthatshouldbetyped
literallybytheuser.
Constantwidthitalic
Showstextthatshouldbereplacedwithuser-supplied
values.
Thisiconsignifiesatip,suggestion,orgeneralnote.
Thisiconindicatesawarningorcaution.
CommentsandQuestions
Pleaseaddresscommentsandquestionsconcerningthisbookto
thepublisher:
O'ReillyMedia,Inc.
1005GravensteinHighwayNorth
Sebastopol,CA95472
(800)998-9938(intheUnitedStatesorCanada)
(707)829-0515(internationalorlocal)
(707)829-0104(fax)
Wehaveawebpageforthisbook,wherewelisterrata,
examples,andanyadditionalinformation.Youcanaccessthis
pageat:
/>Tocommentorasktechnicalquestionsaboutthisbook,send
emailto:
Formoreinformationaboutourbooks,conferences,Resource
Centers,andtheO'ReillyNetwork,seeourwebsiteat:
Acknowledgments
Thisbookwouldnotbepossiblewithoutthegracioushelpofthe
followingindividuals,whoarelistedinnoparticularorder.
Content
DerekMelberwrotetheActiveDirectorychapterofthis
book.Withoutthatcontent,therewouldhavebeenahuge
holeincoverageofActiveDirectory.Welldone,Derek.
Technicalinput
Nosinglepersoncouldpossiblyknoweverythingabout
Windowssecurity.Iwashappytoreceivetechnicalinput
fromallofthesepeople,withoutwhomthebookwould
havebeenaseriesoferrorsandoverstatements:
DarrenCanavor,DrewCooper,MichaelCretzman,David
Cross,WilliamDixon,EricFitzgerald,TrevorFreeman,
RobertGu,CliffHall,VicHeller,PatHoffer,DonJones,
ConnieLaChasse,DerekMelber,JamesMcIllece,Jeremy
Moskowitz,RadiaPerlman,XiaohongSu,LaudonWilliams,
andHelleVuandherMicrosoftPKITestTeam(whomIpaid
inbeerandtoysfortheirservices).
Writinginput
Knowinghowtosaysomethingisoftenmoreimportant
thansayingit.Ireceivedgreatadviceonthisfrontfrom
Vince"Kahuna"Abella,JenBayer,JohnCoates,Jason
Garms,KenKlavonic,JasonRush,MichikoShort,Dionysia
Sofos,andJimWickham.Weworked(andargued)through
manyideastogetherandwereabletoturnthemintouseful
informationinthisbook.
Technicalediting
IfeelluckyinthatIhadgreattechnicaleditingfeedback
fromRickKingslan,JoeRichards,PaulRobichaux,Mitch
Tulloch,andBobWilliams.Mythankstothemforcatching
alltheerrorsandomissionsbeforethereadersdid.
Editing
RobbieAllendidaphenomenaljobofputtingupwithmy
crapandstillgettingthebookout.Hemademelookgood
byfixingsomanyerrors.Mostimportantly,Robbieran
interferencewhenheknewIcouldn'tdealwithsituations.
Forthat,I'llbeeternallygrateful.Icouldneverhave
shippedthisbookwithouthim.
NormaEmorydidaverythoroughcopyedit,andBrian
MacDonaldsuppliedavaluabledevelopmentaleditatjust
therighttimethathelpedstreamlinethecontent,especially
inthePKIchapter.RobRomanoofO'Reillydidabang-up
jobofthebook'sart.JohnOsbornofO'Reillywasagreat
supportwhenRobbieandIneededhelpbutsparedtherod
moreoftenthannot.
Specialthanks
SpecialthanksgotoJeremyEisenmanofnCipherforthe
useofanHSM,BrianValentinefortheWIM,andmy
studentsforhelpingmethinkinnewwaysduringevery
class.
DeepestthanksgotomywifeHeide,whosupportedmeall
throughtheprocessofthisbook'screation.Thisbooktook
precedenceoversomanyotherthings,andshealways
understoodandmadeitOK.ShealsomadesureIgotthe
workdone!
Chapter1.IntroductiontoWindows
Server2003Security
Securityisoneoftheprimaryfunctionsofanyserver-based
operatingsystem.Withoutsecurity,anyuserorprogramcould
doanythingtoyourserversandwreakhavoconyourabilityto
effectivelymanagetheenvironment.Asasecurity
administrator,youwanttoprovidefunctionalityandsecurityto
youruserswithoutburdeningthemorrestrictingtheminaway
thathinderstheirwork.Thisisthemarkofagreatsecurity
administrator:theabilitytosuccessfullybalancethesecurityof
proprietaryandpersonaldataandtheusabilityofyoursystems
inawaythatmaximizestheproductivityofyourorganization.
Thisbookwillshowyouhowtodoexactlythat.
1.1WhatIsSecurity?
TohaveameaningfuldiscussionofsecurityinWindowsServer
2003,weshouldfirstestablishwhatsecurityis.Adictionary
definitionmightrefertosecurityas"measuresadoptedto
providesafety."Forthepurposesofthisbook,thatdefinition
willworkverywell.
Computersecurityisnotnormallydefinedasastateofsafety.
Rather,itisdefinedasthecollectionofprotectivemeasures
(includingtechnology-basedandnon-technology-based
measures)thatprovideadefinedlevelofsafety.Whensecurity
ismentionedthroughoutthebook,youshouldkeepthis
definitioninmind.Securityisneitherasingleprotective
measurenoracompleteprotectionagainstallattacks.Itisa
setofmeasuresthatprovidethedesiredlevelofprotection.
Manyreadersmaysay"Iwantcompletesecurityformydata
againstallattacks.Tellmehowtodothat."Theonlysolution
thatprovidescompletesecurityistoputthatdataonahard
drive,incineratethedriveuntilitiscompletelyturnedtovapor,
andthenrandomlymixtheharddrivevaporwithoutsideair
untilcompletelydissipated.Anythinglessisacompromiseof
securityintheinterestofanotherbusinessfactorsuchas
usabilityorcost.Theneedforsuchcompromisesisacommon
themethroughoutallcomputersecuritytopicsandisdiscussed
ineverychapterofthisbook.
1.2WhatIsWindowsServer2003?
WindowsServer2003initsseveraleditionsisthelatest
generationoftheMicrosoftfamilyofserveroperatingsystems,
incorporatingtheadvancesachievedbytheearlierWindowsNT
andWindows2000Serverfamiliesofproducts.Theseoperating
systemshavebeentestedandprovensince1993tobeasolid
platformforapplicationsandserver-basedfunctions.
WindowsXPisalsoderivedfromthesamecodebaseas
WindowsServer2003.Thiscommonbaseensuresthatthecore
functionalityofthetwooperatingsystemsremainsidentical.
Thenumerousbenefitsthisapproachprovidesincludethe
following:
Commondevicedrivers
Ifyou'veevergonesearchingforadevicedriverfora
specificoperatingsystem,youcanimmediatelyrecognize
thisbenefit.Hardwarevendorsneedtowriteonlyone
devicedriverthatwillworkonbothoperatingsystems.
Softwarecompatibility
IfsoftwareworksonWindowsXP,it'llworkonWindows
Server2003.
Morestablecore
AlltheworkdonetomakeWindowsXPasolidandstable
operatingsystembenefitsWindowsServer2003,asit's