Meet the challenges of Windows security with the exclusive Hacking Exposed "attack-countermeasure" approach. Learn how real-world malicious hackers conduct reconnaissance of targets and then exploit common misconfigurations and software flaws on both clients and servers. See leading-edge exploitation techniques demonstrated, and learn how the latest countermeasures in Windows XP, Vista, and Server 2003/2008 can mitigate these attacks. Get practical advice based on the authors' and contributors' many years as security professionals hired to break into the world's largest IT infrastructures. Dramatically improve the security of Microsoft technology deployments of all sizes when you learn to: * Establish business relevance and context for security by highlighting real-world risks * Take a tour of the Windows security architecture from the hacker's perspective, exposing old and new vulnerabilities that can easily be avoided * Understand how hackers use reconnaissance techniques such as footprinting, scanning, banner grabbing, DNS queries, and Google searches to locate vulnerable Windows systems * Learn how information is extracted anonymously from Windows using simple NetBIOS, SMB, MSRPC, SNMP, and Active Directory enumeration techniques * Prevent the latest remote network exploits such as password grinding via WMI and Terminal Server, passive Kerberos logon sniffing, rogue server/man-in-the-middle attacks, and cracking vulnerable services * See up close how professional hackers reverse engineer and develop new Windows exploits * Identify and eliminate rootkits, malware, and stealth software * Fortify SQL Server against external and insider attacks * Harden your clients and users against the latest e-mail phishing, spyware, adware, and Internet Explorer threats * Deploy and configure the latest Windows security countermeasures, including BitLocker, Integrity Levels, User Account Control, the updated Windows Firewall, Group Policy, Vista Service Refactoring/Hardening, SafeSEH, GS, DEP, Patchguard, and Address Space Layout Randomization

This brilliant new offering is written with a passion for security that will help you make the necessary upgrades and take the necessary steps to secure your Windows systems. The concise and consistent approach breaks down security into digestible parts, giving you actions to take immediately, information on hardening your system from the top down, and finally when to go back and make further upgrades. From the Back Cover "The definitive tool to learn what’s proper for Microsoft Windows systems. Roberta’s excellent guidance will easily help you build secure, resiliant systems." --Steve Riley, Security Business and Technology Unit, Windows Division, Microsoft Corporation Take a proactive approach to network security by hardening your Windows systems against attacks before they occur. Written by security evangelist Roberta Bragg, this hands-on resource provides concrete steps you can take immediately as well as ongoing actions to ensure long-term security. Whether you have one Windows server or one hundred, you’ll get complete details on how to systematically harden your network from the ground up, as well as strategies for getting company-wide support for your security plan. With coverage of Windows 95/98/NT 4.0/2000/XP and Windows Server 2003, this book is an essential security tool for on-the-job IT professionals. Features a four-part hardening methodology: *Do This Now!--Checklist of immediate steps to take to lockdown your system from further attack *Take It From The Top--Systematic approach to hardening your enterprise from the top down, focusing on authentication, access controls, borders, logical security boundaries, communications, storage, and administrative authority *Once Is Never Enough!--Ongoing monitoring and assessment plan to keep your network secure, including patch management and auditing *How to Succeed At Hardening Your Windows Systems--Strategies for getting budget approval, management buy-in, and employee cooperation for your security program

The .NET Developer's Guide to Windows Security is required reading for .NET programmers who want to develop secure Windows applications. Readers gain a deep understanding of Windows security and the know-how to program secure systems that run on Windows Server 2003, Windows XP, and Windows 2000. Author Keith Brown crystallizes his application security expertise into 75 short, specific guidelines. Each item is clearly explained, cross-referenced, and illustrated with detailed examples. The items build on one another until they produce a comprehensive picture of what tools are available and how developers should use them. The book highlights new features in Windows Server 2003 and previews features of the upcoming version 2.0 of the .NET Framework. A companion Web site includes the source code and examples used throughout the book. Topics covered include: * Kerberos authentication * Access control * Impersonation * Network security * Constrained delegation * Protocol transition * Securing enterprise services * Securing remoting * How to run as a normal user and live a happy life * Programming the Security Support Provider Interface (SSPI) in Visual Studio.NET 2005 Battle-scarred and emerging developers alike will find in The .NET Developer's Guide to Windows Security bona-fide solutions to the everyday problems of securing Windows applications.