9780072230611

Hacking Exposed Windows Server 2003

by
  • ISBN13:

    9780072230611

  • ISBN10:

    0072230614

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2003-10-22
  • Publisher: McGraw-Hill Osborne Media
  • View Upgraded Edition

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $49.99 Save up to $12.50
  • Buy Used
    $37.49
    Add to Cart Free Shipping Icon Free Shipping

    USUALLY SHIPS IN 2-4 BUSINESS DAYS

Supplemental Materials

What is included with this book?

Summary

Complete coverage of the new security features in Windows Server 2003'¬”all in the best-selling Hacking Exposed format. Hacking Exposed Windows Server 2003 is ideal for any network professional working with a Windows Server 2003 and/or Windows XP system.

Author Biography

Stuart McClure (Mission Viejo, CA) is the co-author of all four editions of Hacking Exposed as well as Hacking Exposed Windows 2000. Stuart co-authored Security Watch, a weekly column in InfoWorld addressing topical security issues, exploits, and vulnerabilities.

Table of Contents

Foreword xix
Acknowledgments xxi
Introduction xxiii
Part I Foundations
Information Security Basics
3(10)
A Framework for Security in the Organization
4(4)
Plan
5(1)
Detect
6(1)
Respond
7(1)
Prevent
7(1)
Basic Security Principles
8(3)
Summary
11(1)
References and Further Reading
11(2)
The Windows Server 2003 Security Architecture from the Hacker's Perspective
13(42)
The Windows Server 2003 Security Model
14(2)
Security Principles
16(12)
Users
16(3)
Groups
19(5)
Computers (Machine Accounts)
24(1)
User Rights
24(3)
The SAM and Active Directory
27(1)
Forests, Trees, and Domains
28(6)
Scope: Local, Global, and Universal
29(1)
Trusts
30(1)
Administrative Boundaries: Forest or Domain?
31(3)
The SID
34(2)
Putting It All Together: Authentication and Authorization
36(8)
The Token
37(3)
Network Authentication
40(4)
Auditing
44(4)
Cryptography
45(1)
The .NET Framework
46(2)
Summary
48(1)
References and Further Reading
49(6)
Part II Profiling
Footprinting and Scanning
55(18)
Footprinting
56(5)
Scanning
61(9)
The Importance of Footprinting and Scanning Continuously
70(1)
Summary
70(1)
References and Further Reading
71(2)
Enumeration
73(44)
Prelude: Reviewing Scan Results
74(2)
NetBios Names vs. IP Addresses
74(2)
NetBios Name Service Enumeration
76(5)
RPC Enumeration
81(3)
SMB Enumeration
84(15)
Windows DNS Enumeration
99(4)
SNMP Enumeration
103(5)
Active Directory Enumeration
108(4)
Summary
112(1)
References and Further Reading
113(4)
Part III Divide and Conquer
Hacking Windows-Specific Services
117(42)
Guessing Passwords
118(16)
Close Existing Null Sessions to Target
119(1)
Review Enumeration Results
119(1)
Avoid Account Lockout
120(2)
The Importance of Administrator and Service Accounts
122(12)
Eavesdropping on Windows Authentication
134(11)
Subverting Windows Authentication
145(8)
Exploiting Windows-Specific Services
153(2)
Summary
155(1)
References and Further Reading
156(3)
Privilege Escalation
159(12)
Named Pipes Prediction
161(2)
NetDDE Requests Run as System
163(2)
Exploiting the Windows Debugger
165(3)
General Privilege Escalation Countermeasures
168(1)
Summary
168(1)
References and Further Reading
168(3)
Getting Interactive
171(16)
Command-Line Control
172(11)
Graphical User Interface Control
183(2)
Summary
185(1)
References and Further Reading
186(1)
Expanding Influence
187(34)
Auditing
188(2)
Extracting Passwords
190(2)
Pulling Reversibly Encrypted Passwords
190(1)
Grabbing Cleartext Passwords from the LSA Cache
191(1)
Password Cracking
192(9)
The LM Hash Weakness
193(8)
File Searching
201(5)
Trojan GINAs
206(2)
Packet Capturing
208(2)
Island Hopping
210(5)
Port Redirection
215(2)
Summary
217(1)
References and Further Reading
218(3)
Cleanup
221(22)
Creating Rogue User Accounts
222(1)
Trojan Logon Screens
223(1)
Remote Control
223(2)
Back-Door Server Packages
223(2)
Where Back Doors and Trojans Are Planted
225(3)
Startup Folders
226(1)
Startup Registry Keys
226(1)
Drivers
227(1)
Using a Web Browser Startup Page to Download Code
227(1)
Scheduled Jobs
228(1)
Rootkits
228(2)
Covering Tracks
230(4)
Erasing the Logs
230(1)
Hiding Files
230(4)
General Countermeasures: A Mini-Forensic Examination
234(5)
Automated Tools
234(5)
Summary
239(1)
References and Further Reading
239(4)
Part IV Exploiting Vulnerable Services and Clients
Hacking IIS
243(46)
IIS Basics
245(6)
HTTP Basics
245(1)
CGI
245(1)
ASP and ISAPI
246(1)
The IIS Process Model
246(4)
Other Changes to IIS 6
250(1)
IIS Buffer Overflows
251(5)
File System Traversal
256(17)
Writing Files to the Web Server
263(5)
Escalating Privileges on IIS 5
268(5)
Source Code Disclosure Attacks
273(7)
Web Server Security Assessment Tools
280(2)
IISLockdown and UrlScan
280(2)
Hacking Web Applications
282(1)
Summary
283(3)
References and Further Reading
286(3)
Hacking SQL Server
289(48)
Case Study: Penetration of a SQL Server
290(4)
SQL Server Security Concepts
294(5)
Network Libraries
294(1)
Security Modes
295(1)
Logins
295(1)
Users
296(1)
Roles
296(1)
Logging
296(2)
SQL Server 2000 Changes
298(1)
Hacking SQL Server
299(26)
SQL Server Information Gathering
299(2)
SQL Server Hacking Tools and Techniques
301(11)
Known SQL Server Vulnerabilities
312(5)
SQL Code Injection Attacks
317(4)
Abusing SQL Extended Stored Procedures to Manipulate Windows 2000
321(4)
Critical Defensive Strategies
325(3)
Discover All SQL Servers on Your Network
325(1)
Block Access to SQL Server Ports from Untrusted Clients
325(1)
Keep Current with Patches
326(1)
Assign a Strong sa Account password
327(1)
Use Windows Only Authentication Mode Whenever Possible
328(1)
Additional SQL Server Security Best Practices
328(5)
Summary
333(1)
References and Further Reading
334(3)
Hacking Terminal Server
337(22)
Terminal Services Overview
338(3)
Server
338(1)
Remote Desktop Protocol
339(1)
Clients
340(1)
Identifying and Enumerating TS
341(4)
Attacking TS
345(6)
General TS Countermeasures
351(5)
Upgrade to Windows Server 2003
352(1)
Remote Desktop Users
352(1)
Software Restriction Policies
352(1)
Terminal Services Configuration Settings
352(2)
Windows 2000 TS Security Tools
354(2)
Summary
356(1)
References and Further Reading
356(3)
Hacking Microsoft Internet Clients
359(50)
Attack Categories
360(1)
Implementing Internet Client Attacks
361(3)
Malicious Web Page
361(1)
Malicious E-mail
361(3)
Malicious Newsgroup/List Posting
364(1)
Attacks
364(25)
Buffer Overflows
364(8)
Executing Commands
372(3)
Writing Local Files
375(6)
Payloads: VBS Address Book Worms
381(3)
Reading Local Files
384(3)
Invoking Outbound Client Connections
387(2)
Putting It All Together: A Complete Client Attack
389(4)
General Countermeasures
393(11)
Why Not Abandon Microsoft Internet Clients?
395(1)
IE Security Zones
396(6)
Antivirus on the Client and Server
402(1)
Gateway-Based Content Filtering
403(1)
Summary
404(1)
References and Further Reading
404(5)
Physical Attacks
409(16)
Replacing the Screensaver
410(1)
Offline Attacks Against the SAM
410(3)
Implications for EFS
413(9)
Summary
422(1)
References and Further Reading
423(2)
Denial of Service
425(20)
Current Windows 2003 DoS Attacks
427(9)
Best Practices for Defending DoS
436(4)
Best Mitigation Practices
436(2)
Windows--Specific DoS Advice
438(2)
Summary
440(1)
References and Further Reading
441(4)
Part V Playing Defense
NT Family Security Features and Tools
445(36)
Secured Default Installation
446(2)
Services Run Under Lower-Privileged Accounts
447(1)
Internet Connection Firewall (ICF)
448(1)
Security Templates and Security Configuration and Analysis
449(5)
Security Templates
450(3)
Security Configuration and Analysis
453(1)
Microsoft Baseline Security Analyzer
454(1)
Group Policy
455(6)
Group Policy Defined
455(1)
Working with Group Policy
456(1)
How Group Policy Is Applied
457(2)
Resultant Set of Policy (RSoP)
459(1)
Software Restriction Policies
459(2)
IPSec
461(12)
Advantages of IPSec Filters
461(1)
Known Limitations of IPSec Filtering
462(5)
Creating an IPSec Policy Step by Step
467(5)
Managing IPSec from the Command Line
472(1)
Stored Usernames and Passwords
473(1)
Encrypting File System
474(1)
Windows File Protection
475(2)
Bypassing WFP
477(1)
Summary
477(1)
References and Further Reading
478(3)
The Future of Windows Security
481(34)
Tools and Add-ins
482(5)
NAT Traversal (NAT-T)
482(1)
Group Policy Management Console (GPMC)
482(1)
Identity Integration Feature Pack
483(1)
Active Directory in Application Mode
484(1)
Microsoft Operations Manager (MOM)
485(1)
Microsoft Audit Collection System (MACS)
486(1)
Systems Management Server (SMS)
486(1)
System Center
487(1)
Longhorn
487(3)
Vision
487(1)
Longhorn Security Features
488(1)
Web Services Security
488(1)
IPv6
489(1)
Summary
490(1)
References and Further Reading
490(5)
Part VI Appendixes
A Windows Server 2003 Security Checklist
495(18)
Caveat Emptor: Roles and Responsibilities
496(1)
Preinstallation Considerations
496(1)
Basic NT Family Hardening
497(1)
Non-Template Recommendations
497(2)
Security Template Recommendations
499(2)
ICF and IPSec Filters
501(1)
Group Policy
501(1)
Miscellaneous Configurations
502(1)
IIS Security Considerations
503(3)
SQL Server Security Considerations
506(2)
Terminal Server Security Considerations
508(1)
Denial-of-Service Considerations
508(2)
Internet Client Security
510(1)
Audit Yourself!
511(1)
References and Further Reading
512(1)
B About the Companion Web Site
513(2)
Index 515

Rewards Program

Reviews for Hacking Exposed Windows Server 2003 (9780072230611)