| 安全管理的 10 项不变法则 |
https://technet.microsoft.com/library/cc722488.aspx |
| Microsoft 安全合规管理器 |
https://technet.microsoft.com/library/cc677002.aspx |
| Gartner 研讨会 ITXPO |
http://www.gartner.com/technology/symposium/orlando/ |
| 2012 年数据泄露调查报告 (DBIR) |
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf |
| 安全性的十项不变法则(版本 2.0) |
https://technet.microsoft.com/security/hh278941.aspx |
| 使用启发式扫描 |
https://technet.microsoft.com/library/bb418939.aspx |
| 下载 |
/windows/win32/secgloss/security-glossary |
| Microsoft 支持文章 2526083 |
https://support.microsoft.com/kb/2526083 |
| Microsoft 支持文章 814777 |
https://support.microsoft.com/kb/814777 |
| 开放式 Web 应用程序安全方案 (OWASP) |
https://www.owasp.org/index.php/Main_Page |
| Microsoft 安全开发生命周期 |
/windows/security/threat-protection/msft-security-dev-lifecycle |
| 降低传递哈希 (PtH) 攻击和其他凭据被盗风险的技术 |
https://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating传递哈希 (PtH) 攻击和其他凭据盗用技术_English.pdf |
| 确定的对手和针对性攻击 |
https://www.microsoft.com/download/details.aspx?id=34793 |
| 通过 GPO 管理内置 Administrator 帐户密码的解决方案 |
https://code.msdn.microsoft.com/windowsdesktop/Solution-for-management-of-ae44e789 |
| Microsoft 支持文章 817433 |
https://support.microsoft.com/?id=817433 |
| Microsoft 支持文章 973840 |
/microsoft-365/admin/get-help-support |
| 默认情况下,Administrator 帐户处于禁用状态 |
https://technet.microsoft.com/library/cc753450.aspx |
| 管理员帐户安全计划指南 |
https://technet.microsoft.com/library/cc162797.aspx |
| Microsoft Windows 安全资源工具包 |
https://www.microsoft.com/learning/en/us/book.aspx?ID=6815&locale=en-us |
| Windows Server 2008 R2 中的 AD DS 身份验证机制保证分步指南 |
https://technet.microsoft.com/library/dd378897(WS.10).aspx |
| Windows Server Update Services |
https://technet.microsoft.com/windowsserver/bb332157 |
| 个人虚拟桌面 |
https://technet.microsoft.com/library/dd759174.aspx |
| 只读域控制器规划和部署指南 |
https://technet.microsoft.com/library/cc771744(WS.10).aspx |
| 在 Hyper-V 中运行域控制器 |
https://technet.microsoft.com/library/dd363553(v=ws.10).aspx |
| Hyper-V 安全指南 |
/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn741280(v=ws.11) |
| 询问目录服务团队 |
https://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspx |
| 如何为域和信任配置防火墙 |
https://support.microsoft.com/kb/179442 |
| 2009 年 Verizon 数据泄露报告 |
http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf |
| 2012 年 Verizon 数据泄露报告 |
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf |
| Windows 2008 中的审核更改简介 |
https://blogs.technet.com/b/askds/archive/2007/10/19/introducing-auditing-changes-in-windows-2008.aspx |
| Vista 和 2008 中的酷炫审核技巧 |
https://blogs.technet.com/b/askds/archive/2007/11/16/cool-auditing-tricks-in-vista-and-2008.aspx |
| 奇妙的全局对象访问审核 |
https://blogs.technet.com/b/askds/archive/2011/03/10/global-object-access-auditing-is-magic.aspx |
| Windows Server 2008 和 Windows Vista 中用于审核的一站式商店 |
https://blogs.technet.com/b/askds/archive/2008/03/27/one-stop-shop-for-auditing-in-windows-server-2008-and-windows-vista.aspx |
| AD DS 审核分步指南 |
https://technet.microsoft.com/library/a9c25483-89e2-4202-881c-ea8e02b4b2a5.aspx |
| 在 Windows 7 和 2008 R2 中获取有效审核策略 |
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf |
| 示例脚本 |
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf |
| 审核选项类型 |
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf |
| Windows Server 2008 中的审核与合规性 |
https://technet.microsoft.com/magazine/2008.03.auditing.aspx |
| 如何使用组策略为 Windows Server 2008 域、Windows Server 2003 域或 Windows 2000 Server 域中基于 Windows Vista 和基于 Windows Server 2008 的计算机配置详细的安全审核设置 |
/troubleshoot/windows-server/group-policy/configure-group-policies-set-security |
| 高级安全审核策略循序渐进指南 |
https://technet.microsoft.com/library/dd408940(WS.10).aspx |
| 威胁和对策指南 |
https://technet.microsoft.com/library/hh125921(v=ws.10).aspx |
| MaxTokenSize 和 Kerberos 令牌膨胀 |
https://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspx |
| 身份验证机制保证 |
https://technet.microsoft.com/library/dd391847(v=WS.10).aspx |
| Microsoft 数据分类工具包 |
https://technet.microsoft.com/library/hh204743.aspx |
| 动态访问控制 |
https://blogs.technet.com/b/windowsserver/archive/2012/05/22/introduction-to-windows-server-2012-dynamic-access-control.aspx |
| 绝对软件 |
https://www.absolute.com/company/press-releases/2009/computrace-by-absolute-software-now-supported-in-firmware-of-getac-computers/ |
| 绝对管理 |
https://www.absolute.com/resources/solution-sheets/itam/ |
| 绝对管理 MDM |
https://www.absolute.com/company/press-releases/2012/absolute-manage-the-first-mdm-solution-with-integrated-secure-document-distribution-and-management-for-ipads/?campaignid=983063266&adgroupid=136612784634&feeditemid=&loc_physical_ms=9003653&matchtype=&network=g&device=c&gclid=CjwKCAjwyryUBhBSEiwAGN5OCHt2V4ncG6tH-QxzCEYK-OV4yQhIOyQp-n51UZZjS87_vrK5qPcE-xoCDL8QAvD_BwE&creative=583299092096&keyword=&adposition=&utm_term=&gclid=CjwKCAjwyryUBhBSEiwAGN5OCHt2V4ncG6tH-QxzCEYK-OV4yQhIOyQp-n51UZZjS87_vrK5qPcE-xoCDL8QAvD_BwE |
| SolarWinds |
https://www.solarwinds.com/ |
| EminentWare WSUS 扩展包 |
http://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-WSUS-Extension-Pack-005-Datasheet2.pdf |
| EminentWare Configuration Manager 扩展包 |
http://solarwinds-marketing.s3.amazonaws.com/solarwinds/Datasheets/EminentWare-Extension-Pack-for-CM-Datasheet-006-Revised.pdf |
| GFI 软件 |
http://www.gfi.com/?adv=952&loc=58&gclid=CLq9y5603rMCFal7QgodMFkAyA |
| GFI LanGuard |
http://www.gfi.com/network-security-vulnerability-scanner/?adv=952&loc=60&gclid=CP2t-7i03rMCFQuCQgodNkAA7g |
| Secunia |
http://secunia.com/ |
| Secunia Corporate Software Inspector (CSI) |
http://secunia.com/products/corporate/csi/ |
| 漏洞智能管理器 |
http://secunia.com/vulnerability_intelligence/ |
| eEye Digital Security |
http://www.wideeyesecurity.com/?gclid=CK6b0sm13rMCFad_QgodhScAiw |
| Retina CS 管理 |
http://www.wideeyesecurity.com/products.asp |
| Lumension |
http://www.lumension.com/?rpLeadSourceId=5009&gclid=CKuai_e13rMCFal7QgodMFkAyA |
| Lumension 漏洞管理 |
http://www.lumension.com/Solutions/Vulnerability-Management.aspx |
| 威胁和对策指南:用户权限 |
https://technet.microsoft.com/library/hh125917(v=ws.10).aspx |
| 威胁和漏洞缓解 |
https://technet.microsoft.com/library/cc755181(v=ws.10).aspx |
| 用户权限 |
https://technet.microsoft.com/library/dd349804(v=WS.10).aspx |
| 以受信任调用方身份访问凭据管理器 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_2 |
| 从网络访问此计算机 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_1 |
| 以操作系统的方式操作 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_3 |
| 将工作站添加到域 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_4 |
| 为进程调整内存配额 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_5 |
| 允许本地登录 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_6 |
| 允许通过终端服务登录 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_7 |
| 备份文件和目录 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_8 |
| 绕过遍历检查 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_9 |
| 更改系统时间 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_10 |
| 更改时区 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_11 |
| 创建页面文件 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_12 |
| 创建令牌对象 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_13 |
| 创建全局对象 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_14 |
| 创建永久共享对象 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_15 |
| 创建符号链接 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_16 |
| 调试程序 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_17 |
| 拒绝从网络访问此计算机 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18 |
| 拒绝以批处理作业身份登录 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_18a |
| 拒绝以服务身份登录 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_19 |
| 拒绝本地登录 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_20 |
| 拒绝通过终端服务登录 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_21 |
| 支持信任计算机和用户帐户以执行委派 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_22 |
| 强制从远程系统关闭 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_23 |
| 生成安全审核 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_24 |
| 身份验证后模拟客户端 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_25 |
| 增加进程工作集 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_26 |
| 提高计划优先级 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_27 |
| 加载和卸载设备驱动程序 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_28 |
| 锁定内存中的页面 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_29 |
| 作为批处理作业登录 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_30 |
| 作为服务登录 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_31 |
| 管理审核和安全日志 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_32 |
| 修改对象标签 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_33 |
| 修改固件环境值 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_34 |
| 执行卷维护任务 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_35 |
| 配置文件单一进程 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_36 |
| 配置文件系统性能 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_37 |
| 从扩展坞中移除计算机 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_38 |
| 替换进程级令牌 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_39 |
| 还原文件和目录 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_40 |
| 关闭系统 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_41 |
| 同步目录服务数据 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_42 |
| 获取文件或其他对象的所有权 |
https://technet.microsoft.com/library/db585464-a2be-41b1-b781-e9845182f4b6(v=ws.10)#BKMK_43 |
| 访问控制 |
https://msdn.microsoft.com/library/aa374860(v=VS.85).aspx |
| Microsoft 支持 |
/microsoft-365/admin/get-help-support |
| rootDSE 修改操作 |
https://msdn.microsoft.com/library/cc223297.aspx |
| AD DS 备份和恢复分步指南 |
https://technet.microsoft.com/library/cc771290(v=ws.10).aspx |
| 适用于 Kerberos 支持的加密类型的 Windows 配置 |
/archive/blogs/openspecification/windows-configurations-for-kerberos-supported-encryption-type |
| UAC 进程和交互 |
https://technet.microsoft.com/library/dd835561(v=WS.10).aspx#1 |
| 基于角色的访问控制 (RBAC) |
https://www.ibm.com/docs/en/aix/7.3?topic=control-aix-rbac |
| RBAC 模型 |
http://docs.oracle.com/cd/E19082-01/819-3321/6n5i4b7ap/index.html |
| 以 Active Directory 为中心的访问控制 |
http://www.centrify.com/solutions/it-security-access-control.asp |
| Cyber-Ark Privileged Identity Management (PIM) 套件 |
http://www.cyber-ark.com/digital-vault-products/pim-suite/index.asp |
| 任务一 |
https://www.quest.com/products/gpoadmin/ |
| 企业随机密码管理器 (ERPM) |
https://www.beyondtrust.com/blog/entry/bomgar-privileged-identity |
| NetIQ 特权用户管理器 |
https://www.netiq.com/products/privileged-user-manager/ |
| CA IdentityMinder |
https://www.scmagazine.com/feature/sc-awards-2007-time-to-be-counted |
| Windows Vista 和 Windows Server 2008 中安全事件的说明 |
/windows/win32/wmisdk/event-security-constants |
| Windows 7 和 Windows Server 2008 R2 中安全事件的说明 |
/windows/win32/win7appqual/security |
| Windows 7 的安全审核事件 |
https://www.microsoft.com/download/details.aspx?id=21561 |
| Windows Server 2008 R2 和 Windows 8 和 Windows Server 2012 安全事件详细信息 |
https://www.microsoft.com/download/details.aspx?id=35753 |
| 佐治亚理工学院 2013 年新兴网络威胁报告 |
https://journalistsresource.org/economics/emerging-cyber-threats-report-2013/ |
| Microsoft 安全智能报告 |
/azure/defender-for-cloud/threat-intelligence-reports |
| 澳大利亚国防通信目录前 35 个缓解策略 |
http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm |
| 云计算安全优势 |
/azure/defender-for-cloud/enhanced-security-features-overview |
| 将最低权限的原则应用于 Windows 上的用户帐户 |
/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models |
| 管理员帐户安全计划指南 |
/sharepoint/security-for-sharepoint-server/plan-for-administrative-and-service-accounts |
| 适用于 Windows Server 2003 的保护 Active Directory 安装最佳做法指南 |
/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn487446(v=ws.11) |
| 适用于 Windows Server 2003 的委派 Active Directory 管理的最佳做法 |
/azure/active-directory/external-identities/b2b-fundamentals |
| Microsoft 支持生命周期 |
https://support.microsoft.com/common/international.aspx?RDPATH=%2flifecycle%2fdefault.aspx |
| Active Directory 技术规范 |
https://msdn.microsoft.com/library/cc223122(v=prot.20).aspx |
| 当已委派控制权的非管理员用户尝试将计算机加入基于 Windows Server 2003 或基于 Windows Server 2008 的域控制器时出现错误消息:“访问被拒绝” |
https://support.microsoft.com/kb/932455 |
| Windows Server 2008 R2 中的 AD DS 身份验证机制保证分步指南 |
https://technet.microsoft.com/library/dd378897(WS.10).aspx |
| 严格的 KDC 验证 |
https://www.microsoft.com/download/details.aspx?id=6382 |