OReilly securing windows server 2003 nov 2004 ISBN 0596006853
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (7.76 MB, 774 trang )
•
•
•
•
•
•
TableofContents
Index
Reviews
ReaderReviews
Errata
Academic
SecuringWindowsServer2003
ByMikeDanseglio
Publisher :O'Reilly
PubDate :November2004
ISBN :0-596-00685-3
Pages :456
IfyouuseWindows2003Serveratasmallto
medium-sizedorganization,oruseMicrosoft's
SmallBusinessServer,thisthoroughyet
concisetutorialoffersthehands-onadvice
youneedforsecuringyournetwork.Securing
WindowsServer2003notonlyshowsyou
howtoputWindowssecuritytoolstowork,
butguidesyouthroughwaystoplanand
implementasecureoperatingenvironment.
•
•
•
•
•
•
TableofContents
Index
Reviews
ReaderReviews
Errata
Academic
SecuringWindowsServer2003
ByMikeDanseglio
Publisher :O'Reilly
PubDate :November2004
ISBN :0-596-00685-3
Pages :456
Copyright
Preface
What'sinThisBook?
Audience
AboutThisBook
ConventionsUsedinThisBook
AssumptionsThisBookMakes
CommentsandQuestions
Acknowledgments
Chapter1.IntroductiontoWindowsServer2003Security
Section1.1.WhatIsSecurity?
Section1.2.WhatIsWindowsServer2003?
Section1.4.SecurityFeaturesintheWindowsServer2003Family
Section1.3.SecurityDesigninWindowsServer2003
Section1.5.Summary
Chapter2.BasicsofComputerSecurity
Section2.1.WhyComputerSecurityIsImportant
Section2.2.SecurityEnforcementMechanisms
Section2.3.POLA:ThePrincipleofLeastAccess
Section2.5.AuthorizationandAuthentication
Section2.7.NetworkSecurity
Section2.4.Key-BasedCryptography
Section2.6.PasswordBasics
Section2.8.KeepingYourEyesOpen
Section2.9.Summary
Chapter3.PhysicalSecurity
Section3.1.IdentifyingPhysicalSecurityVulnerabilities
Section3.2.ProtectingPhysicalAssets
Section3.3.HolisticSecurity:BestPractices
Section3.4.Summary
Chapter4.FileSystemSecurity
Section4.1.ProtectingFileswithNTFSFilePermissions
Section4.2.ProtectingDatawiththeEncryptingFileSystem
Section4.3.ProtectingSystemInformationwithSyskey
Section4.4.Summary
Chapter5.GroupPolicyandSecurityTemplates
Section5.1.WhatIsGroupPolicy?
Section5.2.HowGroupPolicyWorks
Section5.4.UsingGroupPolicytoEnforceSecurity
Section5.3.HowDoSecurityTemplatesWork?
Section5.5.UsingSecurityTemplatestoDeploySecureConfigurations
Section5.6.Summary
Chapter6.RunningSecureCode
Section6.1.IdentifyingSecureCode
Section6.2.DriverSigning
Section6.3.SoftwareRestrictionPolicies
Section6.4.Summary
Chapter7.Authentication
Section7.1.LANManagerandNTLM
Section7.2.Kerberos
Section7.3.Summary
Chapter8.IPSecurity
Section8.1.WhatIsIPSecurity?
Section8.2.HowDoesIPSecWork?
Section8.3.Microsoft'sImplementationofIPSecinWindowsServer2003
Section8.4.UsingIPSecCorrectly
Section8.5.Summary
Chapter9.CertificatesandPublicKeyInfrastructure
Section9.1.WhatAreCertificates?
Section9.2.WhatDoIDowithCertificates?
Section9.3.WhatIsaCertificationAuthority?
Section9.5.ImplementingaPublicPKI
Section9.7.ImplementingaPrivateCertificationHierarchy
Section9.4.DecidingBetweenPublicandPrivateCertificationAuthorities
Section9.6.PlanningYourPrivateCertificationHierarchy
Section9.8.MaintainingYourHierarchy
Section9.9.Summary
Chapter10.SmartCardTechnology
Section10.1.WhatAreSmartCards?
Section10.2.UsingSmartCards
Section10.3.Summary
Chapter11.DHCPandDNSSecurity
Section11.1.DHCP
Section11.2.DNS
Section11.3.DNSandDHCPTogether
Section11.4.Summary
Chapter12.InternetInformationServicesSecurity
Section12.1.WhatIsIIS?
Section12.2.HowDoesIISWork?
Section12.3.UsingIISSecurely
Section12.4.Summary
Chapter13.ActiveDirectorySecurity
Section13.1.WhatIsActiveDirectory?
Section13.2.StructuralComponentsofActiveDirectory
Section13.3.DomainControllers
Section13.5.ProvidingSecurityforDomains
Section13.7.ProvidingSecurityforActiveDirectoryObjects
Section13.4.DefaultSecurityThroughGPOs
Section13.6.ProvidingSecurityforForests
Section13.8.ProvidingSecurityforDomainControllers
Section13.9.Summary
Chapter14.RemoteAccessSecurity
Section14.1.WhatIsRemoteAccess?
Section14.2.ControllingAccess
Section14.3.AuthenticationandEncryptionProtocols
Section14.4.VirtualPrivateNetworks
Section14.5.ExampleImplementationsforRemoteAccess
Section14.6.Summary
Chapter15.AuditingandOngoingSecurity
Section15.1.SecurityPoliciesandProcedures
Section15.2.Auditing
Section15.3.OperatingSystemUpdates
Section15.4.Summary
AppendixA.SendingSecureEmail
SectionA.1.WhatIsSecureEmail?
SectionA.2.HowDoesSecureEmailWork?
SectionA.4.SecureEmailImplementation
SectionA.3.ConsiderationsforSecureEmail
SectionA.5.Summary
Colophon
Index
Copyright©2005O'ReillyMedia,Inc.Allrightsreserved.
PrintedintheUnitedStatesofAmerica.
PublishedbyO'ReillyMedia,Inc.,1005GravensteinHighway
North,Sebastopol,CA95472.
O'Reillybooksmaybepurchasedforeducational,business,or
salespromotionaluse.Onlineeditionsarealsoavailablefor
mosttitles().Formoreinformation,
contactourcorporate/institutionalsalesdepartment:(800)
998-9938or
NutshellHandbook,theNutshellHandbooklogo,andthe
O'ReillylogoareregisteredtrademarksofO'ReillyMedia,Inc.
SecuringWindowsServer2003,theimageofawandering
albatross,andrelatedtradedressaretrademarksofO'Reilly
Media,Inc.
Microsoft,MSDN,the.NETlogo,VisualBasic,VisualC++,
VisualStudio,andWindowsareregisteredtrademarksof
MicrosoftCorporation.
Manyofthedesignationsusedbymanufacturersandsellersto
distinguishtheirproductsareclaimedastrademarks.Where
thosedesignationsappearinthisbook,andO'ReillyMedia,Inc.
wasawareofatrademarkclaim,thedesignationshavebeen
printedincapsorinitialcaps.
Whileeveryprecautionhasbeentakeninthepreparationofthis
book,thepublisherandauthorsassumenoresponsibilityfor
errorsoromissions,orfordamagesresultingfromtheuseof
theinformationcontainedherein.
Preface
Asthetitleimplies,thisbookisaboutsecurityintheWindows
Server2003operatingsystemandhowtoputittoworkon
behalfofyourorganizationandyourusers.
WindowsServer2003hasquiteanumberofuses.Itcanserve
inanetworksupportrole,supplyingservicessuchasDHCPand
DNS.Itcantakeamoreactivepartinobjectmanagement,
suchaswhenusedasanActiveDirectorydomaincontroller.It
canalsoserveasapersonaloperatingsystem,sinceitisso
closelytiedwithitsbrother,WindowsXP.Inthisrole,itmight
providesecurityoflocaldataandhost-basednetwork
communications.
I'vebrokendownthebookbytechnology.Eachchaptercovers
oneormoreofthetechnologiesthatWindowsServer2003
provides.MostofthesesuchasIPSecareprimarilysecurityfocused.However,somesuchasDHCParenot.
Eachchapteranswersthreequestionsaboutthetechnologyit
covers:
Whatthetechnologyisandhowit'sused
Eachchapterbeginswithabriefintroductiontothe
technology.Ifyouhavenoideawhatthistechnologydoes,
thisisaquickwaytolearnaboutit.Idon'tboreyouwith
marketingspinorpolishedterms.Ijusttellyouwhatthe
technologydoesandwhatafewofthemostlikelyuses
mightbe.
Howthetechnologyworks
Tounderstandatechnology'ssecurityimplications,you
usuallyneedtoknowhowitworks.Thissectioniskept
deliberatelybriefandsometimesexcludesdetailsthatyou
don'tneedtoknow.Idothis,nottokeepyouinthedark,
buttomakesurethatyou'refocusedonhowthething
worksandthatyoudon'tbogdowninminutiathat,inyour
jobandscope,wouldbeuselessanddistracting.
Howtousethetechnologyproperlytoserveyoursystem
Throughlotsofresearchanddirectinteraction,thebook's
contributorsandIhavecomeupwithasetofcommonuses
forthetechnologiesdetailedinthisbook.Alloftheseare
basedonrealexperience,nottheoreticalenvironmentsor
marketing-basedblueskyscenarios.Itakeyouthrough
theseexamplesandshowyouexactlyhowtogetthe
desiredresults.Inmostcases,Iprovideakeystrokelevelof
detailtoensureyoudon'tmissathing.
Ofcourse,allpossiblescenarioscan'tbecoveredinthis
book.BecausethedifferentWindowscomponentscanbe
configuredsomanyways,itwouldbeimpossibletopresent
allapproachestoallpossiblescenarios.Butthecontentof
thisbookshouldprovidemorethanenoughinformationfor
youtomakedecisionsonthetechnologiesaswellastest
andunderstandthem.
Onethingyou'llseeinthisbookthatyoumaynothaveseen
beforeisSecurityShowdownsections.Thisisapointcounterpointdebatebetweenmyselfandasemifictional
coworker,Don.Iuseitseveraltimesthroughoutthebookto
showthatsomedebatesaboutsecuritymethodologiesand
techniquesarenoteasilyanswered.Someofthemareso
contentiousthattheyseemlikereligiousdebatesattimes.You
shouldunderstandthatsecurity-focusedindividualstendto
haveopinionsaboutsecurityandthattheyliketoarguewith
peoplewhoholddifferentvalues.Thesearegood-naturedand
oftenhelpexplainbothpositions.Sopleasereadthesesections
asI'veintended,asanopendiscussionofthemeritsand
hazardsofmultipletacticstoachievethesamegoal.
What'sinThisBook?
Thisbookconsistsof15chaptersandanappendix.Hereisa
briefoverviewofeachchapter:
Chapter1
Thischaptersetsthestageforthebookbyprovidingan
introductiontoWindowsServer2003.
Chapter2
Thischaptercoversbasiccomputersecurityconcepts,
includingcryptographyandfundamentalpracticesfor
securityadministrators.
Chapter3
Thischaptercoversvariousaspectsofphysicalsecurity,
whichisessentialforanydatasecuritytosucceed.
Chapter4
ThischapterisallaboutsecuringfileswithEncryptingFile
Systemandotherfile-orientedtechnologies.
Chapter5
ThischapterfocusesonusingGroupPolicyasasecuritytool
andutilizingSecurityTemplates.
Chapter6
Thischapterdiscusseswaysyoucanprotectagainst
runningbadapplications.
Chapter7
Thischaptercoversthevariousauthenticationprotocols
supportedbyWindowsServer2003,includingKerberos.
Chapter8
ThischapterexaminesIPSecurityanditsproper
deploymenttosecurenetworkcommunication.
Chapter9
ThischapterisanexhaustiveexaminationofPKIand
certificate-basedcryptography.
Chapter10
Thischaptercoverssmartcardtechnologiesandtheir
properdeployment.
Chapter11
Thischapterfocusesonthegrotesquelackofsecurityin
DHCPandDNStechnologiesandhowyoucantrytoshore
themup.
Chapter12
ThischaptercoversInternetInformationServicessecurity,
orthelackthereof.
Chapter13
ThischapterexaminesActiveDirectorydesignand
operationfromasecuritystandpoint,includingproper
planninganddeployment,aswellassecuringdatabetween
domaincontrollers.
Chapter14
ThischaptercoversthesecurityfeaturesofRemoteAccess,
includingdial-upandVPNconnectivity.
Chapter15
Thischaptercoversadditionaltopicssuchasadministrative
security,patchmanagement,andauditing.
Appendix,SendingSecureEmail
Thisappendixcoverstopicsrelatingtosecureemail.
Audience
I'vewrittenthisbookforthefolkswhoactuallyuseWindows
Server2003.IfyouuseWindowsServer2003inany
environment,youmostlikelyalreadyhaveabasicknowledgeof
theoperatingsystemandhowitworks.Sothatfundamental
knowledgeisassumedinthisbook.
Ijumpstraightintothetopicsofinterestinthesecurityarea.
However,Idon'tassumeyouhaveadeeparchitectural
knowledgeofeveryWindowscomponentandsubsystem.So,
whenappropriate,Iusediagramsandflowchartstohelp
illustratesecurity-specificfeaturesandcomponentsthatyou
maynothaveencountered.
AboutThisBook
ThisbookcoversWindowsServer2003andsomeamountof
WindowsXPsecurity.ItisalmostentirelyfocusedonWindowsbasedsecurity,buthasseveralsectionsonnon-Windows
securitytopicsthatmustbeunderstood.Theseincludephysical
security,securitypolicy,andriskmanagement.
Nowthatyouknowwhatthisbookisabout,Ishouldexplain
whatthisbookisnotabout.Thisbookisnotacompendious
referenceofeverypossiblesettingorfeatureinWindows.It's
notintendedtobeasit-on-the-shelfbook.I'vewrittenitsothat
youcanactuallyusethecontenttodothings.Assuch,it's
directandbrief.I'veincludedlinkstoresourceswhen
appropriatesoyoucanaccessthereference-stylematerialyou
mightneedwithouthavingtoslogthroughithere.
AssumptionsThisBookMakes
YoushouldhaveafundamentalunderstandingofWindows
serveroperatingsystemstousethisbook.Ifyouhave
experienceinstallingandrunningWindowsServer2003and
WindowsXP,youwillgetalotoutofthisbook.
Toanextent,Iassumeyou'rerunningWindowsServer2003in
abusinessofsomesignificantsize.Manyoftheexamplesinthe
bookassumeanetworkinfrastructurethatismostoftenseenin
mid-tolarge-sizebusinesses,suchasadistributedActive
Directoryforest.However,Idoattempttoframeeachexample
withtheassumptionsImakeforit.Inmostcases,these
exampleswillscaleupordowntofityourspecificenvironment.
Youdonotneedanin-depthunderstandingofsecuritytopicsor
aPh.D.inmathematicstoreadthisbook.Whowouldusea
booklikethatanyway?Thosepeoplealreadyknoweverything.
ConventionsUsedinThisBook
Thefollowingtypographicalconventionsareusedinthisbook:
Plaintext
Indicatesmenutitles,menuoptions,menubuttons,and
keyboardaccelerators(suchasAltandCtrl).
Italic
Indicatesnewterms,URLs,emailaddresses,filenames,file
extensions,pathnames,directories,andUnixutilities.
Constantwidth
Indicatescommands,options,switches,parameters,the
contentsoffiles,ortheoutputfromcommands.
Constantwidthbold
Showscommandsorothertextthatshouldbetyped
literallybytheuser.
Constantwidthitalic
Showstextthatshouldbereplacedwithuser-supplied
values.
Thisiconsignifiesatip,suggestion,orgeneralnote.
Thisiconindicatesawarningorcaution.
CommentsandQuestions
Pleaseaddresscommentsandquestionsconcerningthisbookto
thepublisher:
O'ReillyMedia,Inc.
1005GravensteinHighwayNorth
Sebastopol,CA95472
(800)998-9938(intheUnitedStatesorCanada)
(707)829-0515(internationalorlocal)
(707)829-0104(fax)
Wehaveawebpageforthisbook,wherewelisterrata,
examples,andanyadditionalinformation.Youcanaccessthis
pageat:
/>Tocommentorasktechnicalquestionsaboutthisbook,send
emailto:
Formoreinformationaboutourbooks,conferences,Resource
Centers,andtheO'ReillyNetwork,seeourwebsiteat:
Acknowledgments
Thisbookwouldnotbepossiblewithoutthegracioushelpofthe
followingindividuals,whoarelistedinnoparticularorder.
Content
DerekMelberwrotetheActiveDirectorychapterofthis
book.Withoutthatcontent,therewouldhavebeenahuge
holeincoverageofActiveDirectory.Welldone,Derek.
Technicalinput
Nosinglepersoncouldpossiblyknoweverythingabout
Windowssecurity.Iwashappytoreceivetechnicalinput
fromallofthesepeople,withoutwhomthebookwould
havebeenaseriesoferrorsandoverstatements:
DarrenCanavor,DrewCooper,MichaelCretzman,David
Cross,WilliamDixon,EricFitzgerald,TrevorFreeman,
RobertGu,CliffHall,VicHeller,PatHoffer,DonJones,
ConnieLaChasse,DerekMelber,JamesMcIllece,Jeremy
Moskowitz,RadiaPerlman,XiaohongSu,LaudonWilliams,
andHelleVuandherMicrosoftPKITestTeam(whomIpaid
inbeerandtoysfortheirservices).
Writinginput
Knowinghowtosaysomethingisoftenmoreimportant
thansayingit.Ireceivedgreatadviceonthisfrontfrom
Vince"Kahuna"Abella,JenBayer,JohnCoates,Jason
Garms,KenKlavonic,JasonRush,MichikoShort,Dionysia
Sofos,andJimWickham.Weworked(andargued)through
manyideastogetherandwereabletoturnthemintouseful
informationinthisbook.
Technicalediting
IfeelluckyinthatIhadgreattechnicaleditingfeedback
fromRickKingslan,JoeRichards,PaulRobichaux,Mitch
Tulloch,andBobWilliams.Mythankstothemforcatching
alltheerrorsandomissionsbeforethereadersdid.
Editing
RobbieAllendidaphenomenaljobofputtingupwithmy
crapandstillgettingthebookout.Hemademelookgood
byfixingsomanyerrors.Mostimportantly,Robbieran
interferencewhenheknewIcouldn'tdealwithsituations.
Forthat,I'llbeeternallygrateful.Icouldneverhave
shippedthisbookwithouthim.
NormaEmorydidaverythoroughcopyedit,andBrian
MacDonaldsuppliedavaluabledevelopmentaleditatjust
therighttimethathelpedstreamlinethecontent,especially
inthePKIchapter.RobRomanoofO'Reillydidabang-up
jobofthebook'sart.JohnOsbornofO'Reillywasagreat
supportwhenRobbieandIneededhelpbutsparedtherod
moreoftenthannot.
Specialthanks
SpecialthanksgotoJeremyEisenmanofnCipherforthe
useofanHSM,BrianValentinefortheWIM,andmy
studentsforhelpingmethinkinnewwaysduringevery
class.
DeepestthanksgotomywifeHeide,whosupportedmeall
throughtheprocessofthisbook'screation.Thisbooktook
precedenceoversomanyotherthings,andshealways
understoodandmadeitOK.ShealsomadesureIgotthe
workdone!
Chapter1.IntroductiontoWindows
Server2003Security
Securityisoneoftheprimaryfunctionsofanyserver-based
operatingsystem.Withoutsecurity,anyuserorprogramcould
doanythingtoyourserversandwreakhavoconyourabilityto
effectivelymanagetheenvironment.Asasecurity
administrator,youwanttoprovidefunctionalityandsecurityto
youruserswithoutburdeningthemorrestrictingtheminaway
thathinderstheirwork.Thisisthemarkofagreatsecurity
administrator:theabilitytosuccessfullybalancethesecurityof
proprietaryandpersonaldataandtheusabilityofyoursystems
inawaythatmaximizestheproductivityofyourorganization.
Thisbookwillshowyouhowtodoexactlythat.
1.1WhatIsSecurity?
TohaveameaningfuldiscussionofsecurityinWindowsServer
2003,weshouldfirstestablishwhatsecurityis.Adictionary
definitionmightrefertosecurityas"measuresadoptedto
providesafety."Forthepurposesofthisbook,thatdefinition
willworkverywell.
Computersecurityisnotnormallydefinedasastateofsafety.
Rather,itisdefinedasthecollectionofprotectivemeasures
(includingtechnology-basedandnon-technology-based
measures)thatprovideadefinedlevelofsafety.Whensecurity
ismentionedthroughoutthebook,youshouldkeepthis
definitioninmind.Securityisneitherasingleprotective
measurenoracompleteprotectionagainstallattacks.Itisa
setofmeasuresthatprovidethedesiredlevelofprotection.
Manyreadersmaysay"Iwantcompletesecurityformydata
againstallattacks.Tellmehowtodothat."Theonlysolution
thatprovidescompletesecurityistoputthatdataonahard
drive,incineratethedriveuntilitiscompletelyturnedtovapor,
andthenrandomlymixtheharddrivevaporwithoutsideair
untilcompletelydissipated.Anythinglessisacompromiseof
securityintheinterestofanotherbusinessfactorsuchas
usabilityorcost.Theneedforsuchcompromisesisacommon
themethroughoutallcomputersecuritytopicsandisdiscussed
ineverychapterofthisbook.
1.2WhatIsWindowsServer2003?
WindowsServer2003initsseveraleditionsisthelatest
generationoftheMicrosoftfamilyofserveroperatingsystems,
incorporatingtheadvancesachievedbytheearlierWindowsNT
andWindows2000Serverfamiliesofproducts.Theseoperating
systemshavebeentestedandprovensince1993tobeasolid
platformforapplicationsandserver-basedfunctions.
WindowsXPisalsoderivedfromthesamecodebaseas
WindowsServer2003.Thiscommonbaseensuresthatthecore
functionalityofthetwooperatingsystemsremainsidentical.
Thenumerousbenefitsthisapproachprovidesincludethe
following:
Commondevicedrivers
Ifyou'veevergonesearchingforadevicedriverfora
specificoperatingsystem,youcanimmediatelyrecognize
thisbenefit.Hardwarevendorsneedtowriteonlyone
devicedriverthatwillworkonbothoperatingsystems.
Softwarecompatibility
IfsoftwareworksonWindowsXP,it'llworkonWindows
Server2003.
Morestablecore
AlltheworkdonetomakeWindowsXPasolidandstable
operatingsystembenefitsWindowsServer2003,asit's
