Foreword | p. xix |
Acknowledgments | p. xxi |
Introduction | p. xxiii |
Foundations | |
Information Security Basics | p. 3 |
A Framework for Security in the Organization | p. 4 |
Basic Security Principles | p. 8 |
Summary | p. 11 |
References and Further Reading | p. 11 |
The Windows Server 2003 Security Architecture from the Hacker's Perspective | p. 13 |
The Windows Server 2003 Security Model | p. 14 |
Security Principles | p. 16 |
Forests, Trees, and Domains | p. 28 |
The SID | p. 34 |
Putting It All Together: Authentication and Authorization | p. 36 |
Auditing | p. 44 |
Summary | p. 48 |
References and Further Reading | p. 49 |
Profiling | |
Footprinting and Scanning | p. 55 |
Footprinting | p. 56 |
Scanning | p. 61 |
The Importance of Footprinting and Scanning Continuously | p. 70 |
Summary | p. 70 |
References and Further Reading | p. 71 |
Enumeration | p. 73 |
Prelude: Reviewing Scan Results | p. 74 |
NetBIOS Name Service Enumeration | p. 76 |
RPC Enumeration | p. 81 |
SMB Enumeration | p. 84 |
Windows DNS Enumeration | p. 99 |
SNMP Enumeration | p. 103 |
Active Directory Enumeration | p. 108 |
Summary | p. 112 |
References and Further Reading | p. 113 |
Divide and Conquer | |
Hacking Windows-Specific Services | p. 117 |
Guessing Passwords | p. 118 |
Evesdropping on Windows Authentication | p. 134 |
Subverting Windows Authentication | p. 145 |
Exploiting Windows-Specific Services | p. 153 |
Summary | p. 155 |
References and Further Reading | p. 156 |
Privilege Escalation | p. 159 |
Named Pipes Prediction | p. 161 |
NetDDE Requests Run as SYSTEM | p. 163 |
Exploiting the Windows Debugger | p. 165 |
General Privilege Escalation Countermeasures | p. 168 |
Summary | p. 168 |
References and Further Reading | p. 168 |
Getting Interactive | p. 171 |
Command-Line Control | p. 172 |
Graphical User Interface Control | p. 183 |
Summary | p. 185 |
References and Further Reading | p. 186 |
Expanding Influence | p. 187 |
Auditing | p. 188 |
Extracting Passwords | p. 190 |
Password Cracking | p. 192 |
File Searching | p. 201 |
Trojan GINAs | p. 206 |
Packet Capturing | p. 208 |
Island Hopping | p. 210 |
Port Redirection | p. 215 |
Summary | p. 217 |
References and Further Reading | p. 218 |
Cleanup | p. 221 |
Creating Rogue User Accounts | p. 222 |
Trojan Logon Screens | p. 223 |
Remote Control | p. 223 |
Where Back Doors and Trojans Are Planted | p. 225 |
Rootkits | p. 228 |
Covering Tracks | p. 230 |
General Countermeasures: A Mini-Forensic Examination | p. 234 |
Summary | p. 239 |
References and Further Reading | p. 239 |
Exploiting Vulnerable Services and Clients | |
Hacking IIS | p. 243 |
IIS Basics | p. 245 |
IIS Buffer Overflows | p. 251 |
File System Traversal | p. 256 |
Source Code Disclosure Attacks | p. 273 |
Web Server Security Assessment Tools | p. 280 |
Hacking Web Applications | p. 282 |
Summary | p. 283 |
References and Further Reading | p. 286 |
Hacking SQL Server | p. 289 |
Case Study: Penetration of a SQL Server | p. 290 |
SQL Server Security Concepts | p. 294 |
Hacking SQL Server | p. 299 |
Critical Defensive Strategies | p. 325 |
Additional SQL Server Security Best Practices | p. 328 |
Summary | p. 333 |
References and Further Reading | p. 334 |
Hacking Terminal Server | p. 337 |
Terminal Services Overview | p. 338 |
Identifying and Enumerating TS | p. 341 |
Attacking TS | p. 345 |
General TS Countermeasures | p. 351 |
Summary | p. 356 |
References and Further Reading | p. 356 |
Hacking Microsoft Internet Clients | p. 359 |
Attack Categories | p. 360 |
Implementing Internet Client Attacks | p. 361 |
Attacks | p. 364 |
Putting It All Together: A Complete Client Attack | p. 389 |
General Countermeasures | p. 393 |
Summary | p. 404 |
References and Further Reading | p. 404 |
Physical Attacks | p. 409 |
Replacing the Screensaver | p. 410 |
Offline Attacks Against the SAM | p. 410 |
Implications for EFS | p. 413 |
Summary | p. 422 |
References and Further Reading | p. 423 |
Denial of Service | p. 425 |
Current Windows 2003 DoS Attacks | p. 427 |
Best Practices for Defending DoS | p. 436 |
Summary | p. 440 |
References and Further Reading | p. 441 |
Playing Defense | |
NT Family Security Features and Tools | p. 445 |
Secured Default Installation | p. 446 |
Internet Connection Firewall (ICF) | p. 448 |
Security Templates and Security Configuration and Analysis | p. 449 |
Microsoft Baseline Security Analyzer | p. 454 |
Group Policy | p. 455 |
IPSec | p. 461 |
Stored Usernames and Passwords | p. 473 |
Encrypting File System | p. 474 |
Windows File Protection | p. 475 |
Summary | p. 477 |
References and Further Reading | p. 478 |
The Future of Windows Security | p. 481 |
Tools and Add-ins | p. 482 |
Longhorn | p. 487 |
Summary | p. 490 |
References and Further Reading | p. 490 |
Appendixes | |
Windows Server 2003 Security Checklist | p. 495 |
Caveat Emptor: Roles and Responsibilities | p. 496 |
Preinstallation Considerations | p. 496 |
Basic NT Family Hardening | p. 497 |
IIS Security Considerations | p. 503 |
SQL Server Security Considerations | p. 506 |
Terminal Server Security Considerations | p. 508 |
Denial-of-Service Considerations | p. 508 |
Internet Client Security | p. 510 |
Audit Yourself! | p. 511 |
References and Further Reading | p. 512 |
About the Companion Web Site | p. 513 |
Index | p. 515 |
Table of Contents provided by Ingram. All Rights Reserved. |