Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010267243 | QA76.76.C68 S48 2010 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Seven Deadliest Microsoft Attacks explores some of the deadliest attacks made against Microsoft software and networks and how these attacks can impact the confidentiality, integrity, and availability of the most closely guarded company secrets. If you need to keep up with the latest hacks, attacks, and exploits effecting Microsoft products, this book is for you. It pinpoints the most dangerous hacks and exploits specific to Microsoft applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable.
The book consists of seven chapters that cover the seven deadliest attacks against Microsoft software and networks: attacks against Windows passwords; escalation attacks; stored procedure attacks; mail service attacks; client-side ActiveX and macro attacks; Web service attacks; and multi-tier attacks. Each chapter provides an overview of a single Microsoft software product, how it is used, and some of the core functionality behind the software. Furthermore, each chapter explores the anatomy of attacks against the software, the dangers of an attack, and possible defenses to help prevent the attacks described in the scenarios.
This book will be a valuable resource for those responsible for oversight of network security for either small or large organizations. It will also benefit those interested in learning the details behind attacks against Microsoft infrastructure, products, and services; and how to defend against them. Network administrators and integrators will find value in learning how attacks can be executed, and transfer knowledge gained from this book into improving existing deployment and integration practices.
Author Notes
Rob Kraus (CISSP, C|EH, MCSE) is a Senior Security Consultant for Solutionary, Inc. Rob is responsible for organizing customer requirements, on-site project management and client support while ensuring quality and timeliness of Solutionary's products and services.
Rob was previously a Remote Security Services Supervisor with Digital Defense, Inc. He performed offensive-based security assessments consisting of penetration testing, vulnerability assessment, social engineering, wireless and VoIP penetration testing, web application penetration tests and vulnerability research. As a supervisor, Rob was also responsible for leading and managing a team of penetration testers who performed assessment services for Digital Defense's customers.
Rob's background also includes contracting as a security analyst for AT&T during the early stages of the AT&T U-verse service as well as provisioning, optimizing, and testing OC-192 fiber-optic networks while employed with Nortel Networks.
Rob also speaks at information security conferences and universities in an effort to keep the information security community informed of current security trends and attack methodologies.
Brian Barber (Linux+, MCSE, MCSA, MCP+I, CNE, CNA-GW) works for the Canada Deposit Insurance Corporation (CDIC) as a project manager and architect for CDIC's IT service management program. He first started using Linux at home with Red Hat 5.1 and since then he has been a staunch advocate of open source software, belonging to the Ottawa Canada Linux User Group (OCLUG) since 2001 and the Ottawa Python Authors Group. His primary areas of interest are operating systems, infrastructure design, multiplatform integration, directory services, and enterprise messaging. In the past he has held the positions of Principal Consultant with Sierra Systems Group Inc., Senior Technical Coordinator at the LGS Group Inc. (now a part of IBM Global Services) and Senior Technical Analyst at MetLife Canada.
Mike Borkin (MCSE, GSEC Gold) is an internationally recognized author and speaker in the area of IT security where he focuses mostly on data protection strategies, Microsoft security, and security architecture/engineering best practices. In addition to contributing articles related to security to magazines and speaking engagements for groups such as SANS and The Open Group in both the US and Europe, Mike is also the Co-Author of Vista Security for Dummies.
Naomi Alpern currently works for Microsoft as a consultant specializing in unified communications. She holds many Microsoft certifications, including an MCSE and MCT, as well as additional industry certifications such as Citrix Certified Enterprise Administrator, Security+, Network+, and A+. Since the start of her technical career she has worked in many facets of the technology world, including IT administration, technical training, and most recently, full-time consulting.
Table of Contents
| Acknowledgments | p. ix |
| About the Authors | p. xi |
| Introduction | p. xiii |
| Chapter 1 Windows Operating System - Password Attacks | p. 1 |
| Windows Passwords Overview | p. 2 |
| Security Accounts Manager | p. 3 |
| System Key (SYSKEY) | p. 3 |
| LAN Manager Hash | p. 3 |
| NT Hash | p. 5 |
| LSA Secrets | p. 5 |
| Password and Lockout Policies | p. 6 |
| How Windows Password Attacks Work | p. 7 |
| Dangers with Windows Password Attacks | p. 9 |
| Scenario 1 Obtaining Password Hashes | p. 10 |
| Scenario 2 Pass the Hash | p. 12 |
| Scenario 3 Timed Attacks to Circumvent Lockouts | p. 14 |
| Scenario 4 LSA Secrets | p. 15 |
| Future of Windows Password Attacks | p. 16 |
| Defenses against Windows Password Attacks | p. 17 |
| Defense-in-Depth Approach | p. 17 |
| Microsoft and Third-Party Software Patching | p. 18 |
| Logical Access Controls | p. 19 |
| Logging Security Events | p. 20 |
| Implementing Password and Lockout Policies | p. 20 |
| Disable LM Hash Storage for Domain and Local Systems | p. 21 |
| SYSKEY Considerations | p. 22 |
| Summary | p. 23 |
| Chapter 2 Active Directory - Escalation of Privilege | p. 25 |
| Escalation of Privileges Attack Anatomy | p. 27 |
| Dangers with Privilege Escalation Attacks | p. 27 |
| Scenario 1 Escalation through Batch Scripts | p. 28 |
| Scenario 2 Attacking Customer Confidence | p. 32 |
| Scenario 3 Horizontal Escalation | p. 33 |
| Future of Privilege Escalation Attacks | p. 34 |
| Defenses against Escalation of Privilege Attacks | p. 35 |
| First Defensive Layer: Stop the Enemy at the Gate | p. 35 |
| Second Defensive Layer: Privileges Must Be Earned | p. 37 |
| Third Defensive Layer: Set the Rules for the Playground | p. 38 |
| Fourth Defensive Layer: You'll Need That Secret Decoder Ring | p. 40 |
| Summary | p. 47 |
| Endnotes | p. 48 |
| Chapter 3 SQL Server - Stored Procedure Attacks | p. 49 |
| How Stored Procedure Attacks Work | p. 51 |
| Initiating Access | p. 51 |
| Accessing Stored Procedures | p. 52 |
| Dangers Associated with a Stored Procedure Attack | p. 54 |
| Understanding Stored Procedure Vulnerabilities | p. 54 |
| Scenario 1 Adding a Local Administrator | p. 56 |
| Scenario 2 Keeping Sysadmin-Level Access | p. 57 |
| Scenario 3 Attacking with SQL Injection | p. 58 |
| The Future of Stored Procedure Attacks | p. 60 |
| Defenses against Stored Procedure Attacks | p. 61 |
| First Defensive Layer: Eliminating First-Layer Attacks | p. 61 |
| Second Defensive Layer: Reduce the First-Layer Attack Surface | p. 64 |
| Third Defensive Layer: Reducing Second-Layer Attacks | p. 66 |
| Fourth Defensive Layer: Logging, Monitoring, and Alerting | p. 66 |
| Identifying Vital Attack Events | p. 66 |
| Fifth Defensive Layer: Limiting the Impacts of Attacks | p. 68 |
| Summary | p. 68 |
| Endnotes | p. 69 |
| Chapter 4 Exchange Server - Mail Service Attacks | p. 71 |
| How Mail Service Attacks Work | p. 75 |
| Mail Flow Architecture | p. 75 |
| Attack Points | p. 76 |
| Dangers Associated with Mail Service Attacks | p. 78 |
| Scenario 1 Directory Harvest Attacks | p. 79 |
| Scenario 2 SMTP Auth Attacks | p. 81 |
| Scenario 3 Mail Relay Attacks | p. 84 |
| The Future of Mail Service Attacks | p. 87 |
| Defenses against Mail Service Attacks | p. 88 |
| Defense in the Perimeter Network | p. 89 |
| Defense on the Internal Network | p. 90 |
| Supporting Services | p. 91 |
| Summary | p. 91 |
| Chapter 5 Office - Macros and ActiveX | p. 93 |
| Macro and Client-Side Attack Anatomy | p. 94 |
| Macro Attacks | p. 94 |
| ActiveX Attacks | p. 96 |
| Dangers Associated with Macros and ActiveX | p. 96 |
| Scenario 1 Metasploit Reverse TCP Connection | p. 97 |
| Scenario 2 ActiveX Attack via Malicious Website | p. 99 |
| Future of Macro and ActiveX Attacks | p. 101 |
| Macro and ActiveX Defenses | p. 102 |
| Deploy Network Edge Strategies | p. 102 |
| Using Antivirus and Antimalware | p. 102 |
| Update Frequently | p. 103 |
| Using Office Security Settings | p. 103 |
| Working Smart | p. 106 |
| Summary | p. 107 |
| Endnote | p. 107 |
| Chapter 6 Internet Information Services - Web Service Attacks | p. 109 |
| Microsoft IIS Overview | p. 110 |
| File Transfer Protocol Publishing Service | p. 110 |
| WebDAV Extension | p. 111 |
| ISAPI | p. 111 |
| How IIS Attacks Work | p. 112 |
| Dangers with IIS Attacks | p. 112 |
| Scenario 1 Dangerous HTTP Methods | p. 114 |
| Scenario 2 FTP Anonymous Access | p. 117 |
| Scenario 3 Directory Browsing | p. 119 |
| Future of IIS Attacks | p. 121 |
| Defenses Against IIS Attacks | p. 121 |
| Disable Unused Services | p. 121 |
| Default Configurations | p. 122 |
| Account Security | p. 122 |
| Patch Management | p. 123 |
| Logging | p. 124 |
| Segregate IIS | p. 124 |
| Penetration Testing | p. 126 |
| URLScan | p. 126 |
| IIS Lockdown | p. 127 |
| Summary | p. 127 |
| Chapter 7 SharePoint - Multi-tier Attacks | p. 129 |
| How Multi-tier Attacks Work | p. 129 |
| Multi-tier Attack Anatomy | p. 132 |
| Dangers with Multi-tier Attacks | p. 132 |
| Scenario 1 Leveraging Operating System Vulnerabilities | p. 133 |
| Scenario 2 Indirect Attacks | p. 136 |
| How Multi-tier Attacks Will Be Used in the, Future | p. 137 |
| Defenses against Multi-tier Attacks | p. 137 |
| First Defensive Layer: Failure to Plan = Plan to Fail | p. 138 |
| Second Defensive Layer: Leave No Hole Unpatched | p. 141 |
| Third Defensive Layer: Form the Protective Circle | p. 141 |
| Summary | p. 145 |
| Endnotes | p. 145 |
| Index | p. 147 |
