Condividi tramite


Appendix M: Document Links and Recommended Reading

 

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012

The following table contains a list of links to external documents and their URLs so that readers of hard copies of this document can access this information. The links are listed in the order they appear in the document.

Links

URLs

10 Immutable Laws of Security Administration

https://technet.microsoft.com/library/cc722488.aspx

Microsoft Security Compliance Manager

https://technet.microsoft.com/library/cc677002.aspx

Gartner Symposium ITXPO

https://www.gartner.com/technology/symposium/orlando/

2012 Data Breach Investigations Report (DBIR)

https://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

Ten Immutable Laws of Security (Version 2.0)

https://technet.microsoft.com/security/hh278941.aspx

Using Heuristic Scanning

https://technet.microsoft.com/library/bb418939.aspx

Drive-by download

https://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx

Microsoft Support article 2526083

https://support.microsoft.com/kb/2526083

Microsoft Support article 814777

https://support.microsoft.com/kb/814777

Open Web Application Security Project (OWASP)

https://www.owasp.org/index.php/Main_Page

Microsoft Security Development Lifecycle

https://www.microsoft.com/security/sdl/default.aspx

Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques

https://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques_English.pdf

Determined Adversaries and Targeted Attacks

https://www.microsoft.com/download/details.aspx?id=34793

Solution for management of built-in Administrator account's password via GPO

https://code.msdn.microsoft.com/windowsdesktop/Solution-for-management-of-ae44e789

Microsoft Support article 817433

https://support.microsoft.com/?id=817433

Microsoft Support article 973840

https://support.microsoft.com/kb/973840

Administrator account is disabled by default

https://technet.microsoft.com/library/cc753450.aspx

The Administrator Accounts Security Planning Guide

https://technet.microsoft.com/library/cc162797.aspx

Microsoft Windows Security Resource Kit

https://www.microsoft.com/learning/en/us/book.aspx?ID=6815&locale=en-us

Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide

https://technet.microsoft.com/en-us/library/dd378897(WS.10).aspx

Windows Server Update Services

https://technet.microsoft.com/windowsserver/bb332157

Personal Virtual Desktops

https://technet.microsoft.com/library/dd759174.aspx

Read-Only Domain Controller Planning and Deployment Guide

https://technet.microsoft.com/library/cc771744(WS.10).aspx

Running Domain Controllers in Hyper-V

https://technet.microsoft.com/library/dd363553(v=ws.10).aspx

Hyper-V Security Guide

https://www.microsoft.com/download/details.aspx?id=16650

Ask the Directory Services Team

https://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspx

How to configure a firewall for domains and trusts

https://support.microsoft.com/kb/179442

2009 Verizon Data Breach Report

https://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf

2012 Verizon Data Breach report

https://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

Introducing Auditing Changes in Windows 2008

https://blogs.technet.com/b/askds/archive/2007/10/19/introducing-auditing-changes-in-windows-2008.aspx

Cool Auditing Tricks in Vista and 2008

https://blogs.technet.com/b/askds/archive/2007/11/16/cool-auditing-tricks-in-vista-and-2008.aspx

Global Object Access Auditing is Magic

https://blogs.technet.com/b/askds/archive/2011/03/10/global-object-access-auditing-is-magic.aspx

One-Stop Shop for Auditing in Windows Server 2008 and Windows Vista

https://blogs.technet.com/b/askds/archive/2008/03/27/one-stop-shop-for-auditing-in-windows-server-2008-and-windows-vista.aspx

AD DS Auditing Step-by-Step Guide

https://technet.microsoft.com/library/a9c25483-89e2-4202-881c-ea8e02b4b2a5.aspx

Getting the Effective Audit Policy in Windows 7 and 2008 R2

https://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

Sample script

https://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

Audit Option Type

https://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

Advanced Security Auditing in Windows 7 and Windows Server 2008 R2

https://social.technet.microsoft.com/wiki/contents/articles/advanced-security-auditing-in-windows-7-and-windows-server-2008-r2.aspx

Auditing and Compliance in Windows Server 2008

https://technet.microsoft.com/magazine/2008.03.auditing.aspx

How to use Group Policy to configure detailed security auditing settings for Windows Vista-based and Windows Server 2008-based computers in a Windows Server 2008 domain, in a Windows Server 2003 domain, or in a Windows 2000 Server domain

https://support.microsoft.com/kb/921469

Advanced Security Audit Policy Step-by-Step Guide

https://technet.microsoft.com/library/dd408940(WS.10).aspx

Threats and Countermeasures Guide

https://technet.microsoft.com/library/hh125921(v=ws.10).aspx

MaxTokenSize and Kerberos Token Bloat

https://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspx

Authentication Mechanism Assurance

https://technet.microsoft.com/library/dd391847(v=WS.10).aspx

Microsoft Data Classification Toolkit

https://technet.microsoft.com/library/hh204743.aspx

Dynamic Access Control

https://blogs.technet.com/b/windowsserver/archive/2012/05/22/introduction-to-windows-server-2012-dynamic-access-control.aspx

Absolute Software

https://www.absolute.com/en/landing/Google/absolute-software-google/computrace-and-absolute-manage?gclid=CPPh5P6v3rMCFQtxQgodFEQAnA

Absolute Manage

https://www.absolute.com/landing/Google/absolute-manage-google/it-asset-management-software

Absolute Manage MDM

https://www.absolute.com/landing/Google/MDM-google/mobile-device-management

SolarWinds

https://www.solarwinds.com/eminentware-products.aspx

EminentWare WSUS Extension Pack

https://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-WSUS-Extension-Pack-005-Datasheet2.pdf

EminentWare System Center Configuration Manager Extension Pack

https://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-Extension-Pack-for-CM-Datasheet-006-Revised.pdf

GFI Software

https://www.gfi.com/?adv=952&loc=58&gclid=CLq9y5603rMCFal7QgodMFkAyA

GFI LanGuard

https://www.gfi.com/network-security-vulnerability-scanner/?adv=952&loc=60&gclid=CP2t-7i03rMCFQuCQgodNkAA7g

Secunia

https://secunia.com/

Secunia Corporate Software Inspector (CSI)

https://secunia.com/products/corporate/csi/

Vulnerability Intelligence Manager

https://secunia.com/vulnerability_intelligence/

eEye Digital Security

https://www.wideeyesecurity.com/?gclid=CK6b0sm13rMCFad_QgodhScAiw

Retina CS Management

https://www.wideeyesecurity.com/products.asp

Lumension

https://www.lumension.com/?rpLeadSourceId=5009&gclid=CKuai_e13rMCFal7QgodMFkAyA

Lumension Vulnerability Management

https://www.lumension.com/Solutions/Vulnerability-Management.aspx

Threats and Countermeasures Guide: User Rights

https://technet.microsoft.com/library/hh125917(v=ws.10).aspx

Threats and Vulnerabilities Mitigation

https://technet.microsoft.com/library/cc755181(v=ws.10).aspx

User Rights

https://technet.microsoft.com/library/dd349804(v=WS.10).aspx

Access Credential Manager as a trusted caller

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_2

Access this computer from the network

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_1

Act as part of the operating system

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_3

Add workstations to domain

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_4

Adjust memory quotas for a process

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_5

Allow log on locally

https://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_6

Allow log on through Terminal Services

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_7

Back up files and directories

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_8

Bypass traverse checking

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_9

Change the system time

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_10

Change the time zone

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_11

Create a pagefile

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_12

Create a token object

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_13

Create global objects

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_14

Create permanent shared objects

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_15

Create symbolic links

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_16

Debug programs

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_17

Deny access to this computer from the network

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18

Deny log on as a batch job

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18a

Deny log on as a service

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_19

Deny log on locally

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_20

Deny log on through Terminal Services

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_21

Enable computer and user accounts to be trusted for delegation

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_22

Force shutdown from a remote system

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_23

Generate security audits

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_24

Impersonate a client after authentication

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_25

Increase a process working set

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_26

Increase scheduling priority

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_27

Load and unload device drivers

https://technet.microsoft.com/en-us/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_28

Lock pages in memory

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_29

Log on as a batch job

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_30

Log on as a service

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_31

Manage auditing and security log

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_32

Modify an object label

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_33

Modify firmware environment values

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_34

Perform volume maintenance tasks

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_35

Profile single process

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_36

Profile system performance

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_37

Remove computer from docking station

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_38

Replace a process level token

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_39

Restore files and directories

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_40

Shut down the system

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_41

Synchronize directory service data

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_42

Take ownership of files or other objects

https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_43

Access Control

https://msdn.microsoft.com/library/aa374860(v=VS.85).aspx

Microsoft Support article 251343

https://support.microsoft.com/kb/251343

rootDSE Modify Operations

https://msdn.microsoft.com/library/cc223297.aspx

AD DS Backup and Recovery Step-by-Step Guide

https://technet.microsoft.com/library/cc771290(v=ws.10).aspx

Windows Configurations for Kerberos Supported Encryption Type

https://blogs.msdn.com/b/openspecification/archive/2011/05/31/windows-configurations-for-kerberos-supported-encryption-type.aspx

UAC Processes and Interactions

https://technet.microsoft.com/library/dd835561(v=WS.10).aspx#1

EmpowerID

https://www.empowerid.com/products/authorizationservices

Role-based access control (RBAC)

https://pic.dhe.ibm.com/infocenter/aix/v7r1/index.jsp?topic=%2Fcom.ibm.aix.security%2Fdoc%2Fsecurity%2Fdomain_rbac.htm

The RBAC model

https://docs.oracle.com/cd/E19082-01/819-3321/6n5i4b7ap/index.html

Active Directory-centric access control

https://www.centrify.com/solutions/it-security-access-control.asp

Cyber-Ark’s Privileged Identity Management (PIM) Suite

https://www.cyber-ark.com/digital-vault-products/pim-suite/index.asp

Quest One

https://www.quest.com/landing/?id=7370&gclid=CJnNgNyr3rMCFYp_QgodXFwA3w

Enterprise Random Password Manager (ERPM)

https://www.liebsoft.com/Random_Password_Manager/

NetIQ Privileged User Manager

https://www.netiq.com/products/privileged-user-manager/

CA IdentityMinder™

https://awards.scmagazine.com/ca-technologies-ca-identity-manager

Description of security events in Windows Vista and in Windows Server 2008

https://support.microsoft.com/kb/947226

Description of security events in Windows 7 and in Windows Server 2008 R2

https://support.microsoft.com/kb/977519

Security Audit Events for Windows 7

https://www.microsoft.com/download/details.aspx?id=21561

Windows Server 2008 R2 and Windows 8 and Windows Server 2012 Security Event Details

https://www.microsoft.com/download/details.aspx?id=35753

Georgia Tech’s Emerging Cyber Threats for 2013 report

https://www.gtsecuritysummit.com/report.html

Microsoft Security Intelligence Report

https://www.microsoft.com/security/sir/default.aspx

Australian Government Defense Signals Directory Top 35 Mitigation Strategies

https://www.dsd.gov.au/infosec/top35mitigationstrategies.htm

Cloud Computing Security Benefits

https://www.microsoft.com/news/Press/2012/May12/05-14SMBSecuritySurveyPR.aspx

Applying the Principle of Least Privilege to User Accounts on Windows

https://www.microsoft.com/download/details.aspx?id=4868

The Administrator Accounts Security Planning Guide

https://www.microsoft.com/download/details.aspx?id=19406

Best Practice Guide for Securing Active Directory Installations for Windows Server 2003

https://www.microsoft.com/download/details.aspx?id=16755

Best Practices for Delegating Active Directory Administration for Windows Server 2003

https://www.microsoft.com/en-us/download/details.aspx?id=21678

Microsoft Support Lifecycle

https://support.microsoft.com/common/international.aspx?RDPATH=%2flifecycle%2fdefault.aspx

Active Directory Technical Specification

https://msdn.microsoft.com/library/cc223122(v=prot.20).aspx

Error message when nonadministrator users who have been delegated control try to join computers to a Windows Server 2003-based or a Windows Server 2008-based domain controller: “Access is denied”

https://support.microsoft.com/kb/932455

Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide

https://technet.microsoft.com/library/dd378897(WS.10).aspx

Strict KDC Validation

https://www.microsoft.com/download/details.aspx?id=6382

The following table contains a list of recommended reading that will assist you in enhancing the security of your Active Directory systems.

Recommended Reading

Georgia Tech’s Emerging Cyber Threats for 2014 Report

Microsoft Security Intelligence Report

Mitigating Pass-the-Hash (PTH) Attacks and Other Credential Theft Techniques

Australian Government Defense Signals Directory Top 35 Mitigation Strategies

2012 Data Breach Investigations Report - (Verizon, US Secret Service)

2009 Data Breach Investigations Report

Cloud Computing Security Benefits

Applying the Principle of Least Privilege to User Accounts on Windows

The Administrator Accounts Security Planning Guide

Best Practice Guide for Securing Active Directory Installations for Windows Server 2003

Best Practices for Delegating Active Directory Administration for Windows Server 2003

Microsoft Support Lifecycle

Active Directory Technical Specification - dSHeuristics information

Error message when nonadministrator users who have been delegated control try to join computers to a Windows Server 2003-based or a Windows Server 2008-based domain controller: “Access is denied”

Best Practice Guide for Securing Active Directory Installations.doc

Hyper-V Security Guide

Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide.

Strict KDC Validation

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This white paper is for informational purposes only. Microsoft makes no warranties, express or implied, in this document.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Microsoft, Active Directory, BitLocker, Hyper-V, Internet Explorer, Windows Vista, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

© 2013 Microsoft Corporation. All rights reserved.