| |
| |
Acknowledgments | |
| |
| |
About the Authors | |
| |
| |
About the Technical Editor | |
| |
| |
Foreword | |
| |
| |
| |
Planning Platform Security | |
| |
| |
Reviewing the Gore Security Principles | |
| |
| |
Planning a Secure Platform from End to Edge and Beyond | |
| |
| |
Understanding Business Requirements | |
| |
| |
Perform Risk Analysis | |
| |
| |
Review Policies, Procedures, Standards, and Guidelines | |
| |
| |
Security Awareness Training | |
| |
| |
Determine Access Control | |
| |
| |
Secure Software Development Strategy | |
| |
| |
Network Security | |
| |
| |
Operating System Security | |
| |
| |
From End to Edge and Beyond Chapter Previews | |
| |
| |
| |
Planning Platform Security | |
| |
| |
| |
Planning Server Role in Windows 8 | |
| |
| |
| |
Deploying Directory Services and Certificate Services | |
| |
| |
| |
Deploying AD FS and AD RMS in Windows Server 2012 | |
| |
| |
| |
Patch Management with Windows Server 2012 | |
| |
| |
| |
Virtualization Security | |
| |
| |
| |
Controlling Access to Your Environment with Authentication and Authorization | |
| |
| |
| |
Endpoint Security | |
| |
| |
| |
Secure Client Deployment with Trusted Boot and BitLocker | |
| |
| |
| |
Mitigating Application's Vulnerabilities | |
| |
| |
| |
Mitigating Network Vulnerabilities | |
| |
| |
| |
Unified Remote Access and BranchCache | |
| |
| |
| |
DirectAccess Deployment Scenarios | |
| |
| |
| |
Protecting Legacy Remote Clients | |
| |
| |
| |
Cloud Security | |
| |
| |
Summary | |
| |
| |
| |
Planning Server Role in Windows Server 2012 | |
| |
| |
Server Role and Security Considerations | |
| |
| |
Using Security Configuration Wizard to Harden the Server | |
| |
| |
Using Server Manager to Add a New Role or Feature | |
| |
| |
Using Security Compliance Manager to Hardening Servers | |
| |
| |
Planning Before Hardening Your Server with SCM | |
| |
| |
Staying Up to Date with SCM | |
| |
| |
Administrator's Punch List | |
| |
| |
Summary | |
| |
| |
| |
Deploying Directory Services and Certificate Services | |
| |
| |
Evolving Threats Against Certificates | |
| |
| |
Implementing Directory Services on Windows Server 2012 | |
| |
| |
Installing the Active Directory Domain Services Role | |
| |
| |
Creating a New Forest with the Windows Server 2012 Server Manager | |
| |
| |
Implementing Certificate Services on Windows Server 2012 | |
| |
| |
Planning AD CS Implementation | |
| |
| |
Installing AD CS Role | |
| |
| |
Installing AD CS Using Server Manager | |
| |
| |
Site-Aware Certificate Enrollment | |
| |
| |
Configuring CA Site | |
| |
| |
Renew with the Same Key | |
| |
| |
Validate Your Knowledge in AD CS | |
| |
| |
Administrator's Punch List | |
| |
| |
Summary | |
| |
| |
| |
Deploying AD FS and AD RMS in Windows Server 2012 | |
| |
| |
Planning for Active Directory Federation Services | |
| |
| |
Deploying Active Directory Federation Services | |
| |
| |
Installing AD FS Role Service Using PowerShell | |
| |
| |
Installing and Deploying AD FS Using Server Manager | |
| |
| |
Troubleshooting Active Directory Federation Services | |
| |
| |
Active Directory Rights Management Services | |
| |
| |
General Considerations When Planning to Deploy AD RMS | |
| |
| |
Installing and Deploying Active Directory Rights Management Services | |
| |
| |
Validate Your Knowledge in AD RMS | |
| |
| |
Summary | |
| |
| |
| |
Patch Management with Windows Server 2012 | |
| |
| |
Why Should You Have a Patch Management Strategy in Place? | |
| |
| |
Planning WSUS Deployment on Windows Server 2012 | |
| |
| |
Planning WSUS on Windows Server 2012 | |
| |
| |
Deploying WSUS | |
| |
| |
Managing Updates with WSUS | |
| |
| |
Configure Synchronization | |
| |
| |
Configure Target Group | |
| |
| |
Review and Approve Updates | |
| |
| |
Using Group Policy to Configure WSUS | |
| |
| |
Validating the Configuration | |
| |
| |
Administrator's Punch List | |
| |
| |
Summary | |
| |
| |
| |
Virtualization Security | |
| |
| |
Considerations Regarding Virtualization Security in Microsoft Platform | |
| |
| |
Understanding and Deploying Windows Server 2012 Hyper-V Security Capabilities | |
| |
| |
ARP Poisoning/Spoofing Protection | |
| |
| |
DHCP Guard Protection | |
| |
| |
Port ACLs | |
| |
| |
Network Traffic Monitoring | |
| |
| |
Isolated Private VLAN (PVLAN) | |
| |
| |
High Availability for Virtualization Security | |
| |
| |
Beyond the Hypervisor | |
| |
| |
Scenario: Virtualization Security Considerations for a Cloud Infrastructure | |
| |
| |
Private Cloud Security | |
| |
| |
Administrator's Punch List | |
| |
| |
Summary | |
| |
| |
| |
Controlling Access to Your Environment with Authentication and Authorization | |
| |
| |
Planning Authentication, Authorization, and Access Control | |
| |
| |
Data Classification | |
| |
| |
Data Control | |
| |
| |
Auditing | |
| |
| |
Understanding Dynamic Access Control | |
| |
| |
DAC Requirements | |
| |
| |
Planning for DAC | |
| |
| |
Planning Authentication | |
| |
| |
KDC Proxy | |
| |
| |
Resource-Based Constrained Delegation | |
| |
| |
Picture Password | |
| |
| |
Setting Up Picture Password | |
| |
| |
Logging on with Picture Password | |
| |
| |
Picture Password Management Issues | |
| |
| |
Configuring Dynamic Access Control | |
| |
| |
Summary | |
| |
| |
| |
Endpoint Security | |
| |
| |
Considerations Regarding Endpoint Security | |
| |
| |
Planning Endpoint Security | |
| |
| |
Windows 8 Security Enhancements | |
| |
| |
Windows Defender | |
| |
| |
Windows SmartScreen | |
| |
| |
Action Center | |
| |
| |
Encrypting File System | |
| |
| |
Administrator's Punch List | |
| |
| |
Summary | |
| |
| |
| |
Secure Client Deployment with Trusted Boot and BitLocker | |
| |
| |
Security Considerations for Mobile Users | |
| |
| |
Data Breaches: A Growing Problem | |
| |
| |
Consequences of a Data Breach | |
| |
| |
Protecting Against Data Breaches | |
| |
| |
Understanding the Trusted Boot Process | |
| |
| |
How UEFI Enables Secure Boot | |
| |
| |
Windows 8 and UEFI | |
| |
| |
Windows 8 Boot Hardening Features | |
| |
| |
Understanding BitLocker Full Volume Encryption | |
| |
| |
FVE vs. File/Folder Encryption | |
| |
| |
How BitLocker Works Together with Other Technologies to Protect Mobile Users | |
| |
| |
How BitLocker Works | |
| |
| |
Deploying BitLocker | |
| |
| |
Troubleshooting, Recovery, and Repair | |
| |
| |
Summary | |
| |
| |
| |
Mitigating Application's Vulnerabilities | |
| |
| |
Living in the World of Apps | |
| |
| |
Windows App Store Security | |
| |
| |
Browser Protection | |
| |
| |
A Sandbox Called AppContainer | |
| |
| |
SmartScreen | |
| |
| |
The Old Friends Are Still Here: UAC and AppLocker | |
| |
| |
Harderiing Application Environment | |
| |
| |
Extra Tools | |
| |
| |
SDL Threat Modeling Tool | |
| |
| |
Attack Surface Analyzer | |
| |
| |
Enhanced Mitigation Experience Toolkit | |
| |
| |
Security Tools Community Edition | |
| |
| |
Summary | |
| |
| |
| |
Mitigating Network Vulnerabilities | |
| |
| |
Understanding Windows Firewall with Advanced Security | |
| |
| |
Evolution of the Windows Firewall | |
| |
| |
Deploying and Managing the Windows Firewall with Advanced Security | |
| |
| |
What Is New in Windows 8 and Windows Server 2012 | |
| |
| |
Configuring the Windows Firewall with Advanced Security | |
| |
| |
Controlling the Windows Firewall Through Group Policy | |
| |
| |
Managing the Windows Firewall with PowerShell and Netsh | |
| |
| |
Troubleshooting the Windows Firewall with Advanced Security | |
| |
| |
Protecting the Windows Endpoint with IPsec Rules | |
| |
| |
Configuring IPsec Rules on Windows Firewall with Advanced Security | |
| |
| |
Common Deployment Scenarios | |
| |
| |
Host Firewall with Network Location Awareness | |
| |
| |
Server and Domain Isolation with Windows Firewall and IPsec | |
| |
| |
Using SMB Encryption to Protect Data Traversing the Network | |
| |
| |
Enabling SMB Encryption | |
| |
| |
Under the Hood | |
| |
| |
Summary | |
| |
| |
| |
Unified Remote Access and BranchCache | |
| |
| |
The Evolving Remote Access Landscape | |
| |
| |
New Capabilities in DirectAccess | |
| |
| |
DirectAccess and RRAS Better Together | |
| |
| |
Simplified DirectAccess Management | |
| |
| |
Deploy DirectAccess Without a PKI | |
| |
| |
Say Goodbye to IPv6 and Hello to IPv4 | |
| |
| |
Put the DirectAccess Server Behind Your Firewall | |
| |
| |
Real High Availability | |
| |
| |
Multiple Domains Made Easy | |
| |
| |
NAP Integration | |
| |
| |
One-Time Password Support | |
| |
| |
Split Tunnel or Forced Tunneling? It Is Your Choice | |
| |
| |
Improved IP-HTTPS Performance and Authentication Support | |
| |
| |
Force Manage Out Only | |
| |
| |
DirectAccess at Multiple Sites | |
| |
| |
Support for Server Core | |
| |
| |
DirectAccess Remote Domain Offline Join | |
| |
| |
DirectAccess and Windows To Go | |
| |
| |
DirectAccess Reqmrements and Planning | |
| |
| |
What is BranchCache? | |
| |
| |
Overview of BranchCache Deployment | |
| |
| |
Content Server Configuration | |
| |
| |
Hosted Cache Server Configuration | |
| |
| |
Preloading the Hosted Cache Servers | |
| |
| |
Configure the Clients | |
| |
| |
Administrator's Punch List | |
| |
| |
Summary | |
| |
| |
| |
DirectAccess Deployment Scenarios | |
| |
| |
The Simplified DirectAccess Server Test Lab | |
| |
| |
Create a Security Group for DirectAccess Clients on DC1 | |
| |
| |
Install the Unified Remote Access Server Role on EDGE1 | |
| |
| |
Run the Getting Started Wizard on EDGE1 | |
| |
| |
Setup and Test Client1 for DirectAccess Connectivity | |
| |
| |
Overview of Traditional DirectAccess Single Server Deployment | |
| |
| |
Administrator's Punch List | |
| |
| |
Summary | |
| |
| |
| |
Protecting Legacy Remote Clients | |
| |
| |
Virtual Private Networking with Windows Server 2012 | |
| |
| |
Brief History of Windows VPN Protocols | |
| |
| |
The RRAS Unified Server Role | |
| |
| |
Deploying a VPN Server on Windows Server 2012 via the GUI | |
| |
| |
Installing Remote Access Services on Windows Server 2012 via PowerShell | |
| |
| |
Deploying Network Access Protection (NAP) Through Network Policy and Access Services | |
| |
| |
NAP Overview | |
| |
| |
Deploying NAP on Windows Server 2012 | |
| |
| |
Summary | |
| |
| |
| |
Cloud Security | |
| |
| |
General Considerations for Cloud Security (SaaS) | |
| |
| |
Cloud Security Readiness Tool | |
| |
| |
General Considerations for Cloud Security (IaaS) | |
| |
| |
Network Security | |
| |
| |
Compute Security | |
| |
| |
Guest Compute Security | |
| |
| |
Host Compute Security | |
| |
| |
Building a Private Cloud with Windows Server 2012 | |
| |
| |
Summary | |
| |
| |
Index | |