Windows 2012 Server Network Security -...
Transcript of Windows 2012 Server Network Security -...
Windows 2012 Server Network Security
Save 30% on Syngress books and eBooks n Save 30% on all Syngress books and eBooks at the Elsevier
Store when you use promo code CW3013.n Free shipping on all orders. No minimum purchase.n Offer valid only on Syngress books sold by the Elsevier store until
31 December 2014.
Click here to order a copy of: Windows Server 2012 Server Network Security
How it works: 1. Choose a Syngress title.2. Add the title to your shopping cart.3. Click on “Enter Discount Code” in your shopping cart.4. Enter code CW3013 to obtain your discount and click apply.
AMSTERDAM • BOSTON • HEIDELBERG • LONDONNEW YORK • OXFORD • PARIS • SAN DIEGO
SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO
Syngress is an Imprint of Elsevier
Derrick Rountree
Richard Hicks, Technical Editor
Windows 2012 Server Network Security
Securing Your Windows Network Systems and
Infrastructure
Acquiring Editor: Chris KatsaropoulosEditorial Project Manager: Heather SchererProject Manager: Priya KumaraguruparanDesigner: Mark Rogers
Syngress is an imprint of Elsevier225 Wyman Street, Waltham, MA 02451, USA
Copyright © 2013 Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrange-ments with organizations, such as the Copyright Clearance Center and the Copyright Licens-ing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
NoticesKnowledge and best practice in this field are constantly changing. As new research and experi-ence broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication DataApplication submitted.
British Library Cataloguing-in-Publication DataA catalogue record for this book is available from the British Library.
ISBN: 978-1-59749-958-3
Printed in the United States of America13 14 15 10 9 8 7 6 5 4 3 2 1
v
Contents
DEDICATION ixACKNOWLEDGMENTS xiABOUT THE AUTHOR xiiiABOUT THE TECHNICAL EDITOR xvPREFACE xvii
CHAPTER 1 Introduction ������������������������������������������������������������������������ 1 Intro to Windows 8 and Windows Server 2012 ��������������������������1 Server Manager ������������������������������������������������������������������������1 Powershell ��������������������������������������������������������������������������������6 Intro to IPv6 �����������������������������������������������������������������������������������6 IPv6 Architecture ���������������������������������������������������������������������7 Summary ��������������������������������������������������������������������������������������10
CHAPTER 2 Network Infrastructure���������������������������������������������������� 11 Introduction ���������������������������������������������������������������������������������11 DHCP ��������������������������������������������������������������������������������������������11 DHCP Overview����������������������������������������������������������������������11 DHCP Installation and Initial Configuration ������������������������12 Initial DHCP Configuration ����������������������������������������������������16 Protecting Your DHCP Environment �������������������������������������18 DNS �����������������������������������������������������������������������������������������������26 DNS Overview ������������������������������������������������������������������������26 DNS Installation and Initial Configuration ���������������������������26 Protecting Your DNS Environment����������������������������������������32 WINS ��������������������������������������������������������������������������������������������37 WINS Overview ����������������������������������������������������������������������38 WINS Feature Installation and Initial Configuration �����������39 Protecting Your WINS Environment �������������������������������������40 Summary ��������������������������������������������������������������������������������������44
CHAPTER 3 Securing Network Access ����������������������������������������������� 45 Introduction �������������������������������������������������������������������������������� 45
Contentsvi
General Network Settings ��������������������������������������������������������� 45 Network Discovery ���������������������������������������������������������������� 45 Network Location ������������������������������������������������������������������ 46 Wireless Security ������������������������������������������������������������������������ 47 Wireless Properties ��������������������������������������������������������������� 47 Security Types ����������������������������������������������������������������������� 47 Wireless Encryption �������������������������������������������������������������� 48 Windows Firewall ���������������������������������������������������������������������� 49 Network Profiles �������������������������������������������������������������������� 49 Windows Firewall Configuration ����������������������������������������� 51 Windows Firewall with Advanced Security ������������������������ 53 IPSEC ������������������������������������������������������������������������������������������� 64 IPSec Overview ��������������������������������������������������������������������� 65 Configuring IPSec ������������������������������������������������������������������ 67 IPSec Monitoring in Windows Firewall with Advanced Security ������������������������������������������������������������� 72 Windows 8 Resource Sharing ��������������������������������������������������� 74 HomeGroup ���������������������������������������������������������������������������� 74 Advanced Sharing Settings �������������������������������������������������� 75 Windows Server 2012 Resource Sharing���������������������������������� 80 Summary ������������������������������������������������������������������������������������� 87
CHAPTER 4 Secure Remote Access ���������������������������������������������������� 89 Introduction �������������������������������������������������������������������������������� 89 TELNET �������������������������������������������������������������������������������������� 90 Telnet Server �������������������������������������������������������������������������� 90 Telnet Client �������������������������������������������������������������������������� 91 Remote Desktop Services ���������������������������������������������������������� 92 Remote Desktop on Windows 8 ������������������������������������������� 92
Remote Desktop Services Role on Windows Server 2012 ������������������������������������������������������������������������� 94
Remote Desktop Connection Client ������������������������������������� 99 Remote Access Role ����������������������������������������������������������������� 107 Remote Access Role Installation and Configuration �������� 107 DirectAccess ������������������������������������������������������������������������ 112 VPN ��������������������������������������������������������������������������������������� 112 Network Policy and Access Services �������������������������������������� 114 NPAS Installation and Configuration ��������������������������������� 114 Network Policy Server ��������������������������������������������������������� 118 Health Registration Authority �������������������������������������������� 120 Host Credential Authorization Protocol ���������������������������� 121 Summary ����������������������������������������������������������������������������������� 121
Contents vii
CHAPTER 5 Internet Connection Security ���������������������������������������� 123 Internet Explorer Security ������������������������������������������������������� 123 Domain Highlighting ����������������������������������������������������������� 124 Frequently Visited Sites������������������������������������������������������ 124 Safety Features �������������������������������������������������������������������� 125 Internet Options ����������������������������������������������������������������������� 130 General ��������������������������������������������������������������������������������� 132 Security �������������������������������������������������������������������������������� 137 Privacy ���������������������������������������������������������������������������������� 155 Content ��������������������������������������������������������������������������������� 158 Connections ������������������������������������������������������������������������� 161 Programs ������������������������������������������������������������������������������ 162 Advanced ����������������������������������������������������������������������������� 165
CHAPTER 6 Network Diagnostics and Troubleshooting ����������������� 167 Task Manager ��������������������������������������������������������������������������� 167 Processes ����������������������������������������������������������������������������� 168 Performance Tab ����������������������������������������������������������������� 169 App History �������������������������������������������������������������������������� 172 Startup ���������������������������������������������������������������������������������� 172 Users ������������������������������������������������������������������������������������� 173 Services �������������������������������������������������������������������������������� 173 Resource Monitor ��������������������������������������������������������������������� 173 Resource Monitor Overview Tab ��������������������������������������� 175 Resource Monitor Network Tab ����������������������������������������� 177 Performance Monitor ��������������������������������������������������������������� 178 Data Collector Sets �������������������������������������������������������������� 178 Event Viewer ���������������������������������������������������������������������������� 182 Windows Logs ��������������������������������������������������������������������� 182 Applications and Services Logs ����������������������������������������� 184 Network Monitor ���������������������������������������������������������������������� 185 Summary ����������������������������������������������������������������������������������� 185
CHAPTER 7 Network Tools and Utilities ������������������������������������������ 187 Introduction ������������������������������������������������������������������������������ 187 Local Security Policy ���������������������������������������������������������������� 187 Local Policies ����������������������������������������������������������������������� 188 Network List Manager Policies ������������������������������������������ 192 IP Security Policies on the Local Computer ���������������������� 193 Advanced Audit Policy Configuration ������������������������������� 196 Group Policy ����������������������������������������������������������������������������� 199
Contentsviii
Computer Configuration > Policies > Windows Settings ����������������������������������������������������������������������������� 199 Computer Configuration > Policies > Administrative Templates: Policy Definitions (ADMX Files)
Retrieved from the Local Computer ������������������������������� 200 Computer Configuration > Preferences > Windows Settings ����������������������������������������������������������������������������� 200 Computer Configuration > Preferences > Control Panel Settings ������������������������������������������������������������������ 201 User Configuration > Policies > Windows Settings���������� 201 User Configuration > Policies > Administrative Templates ������������������������������������������������������������������������� 201 Computer Configuration > Preferences > Windows Settings ����������������������������������������������������������������������������� 201 Computer Configuration > Preferences > Control Panel Settings ������������������������������������������������������������������ 201 Security Configuration Wizard ������������������������������������������������ 201 Using the Security Configuration Wizard �������������������������� 202 Command-Line Tools ��������������������������������������������������������������� 219 Ipconfig �������������������������������������������������������������������������������� 219 Ping ��������������������������������������������������������������������������������������� 220 Tracert ���������������������������������������������������������������������������������� 220 Netstat ���������������������������������������������������������������������������������� 221 NBTStat �������������������������������������������������������������������������������� 222 ARP ��������������������������������������������������������������������������������������� 222 Getmac ��������������������������������������������������������������������������������� 222 NET ��������������������������������������������������������������������������������������� 223 Pathping ������������������������������������������������������������������������������� 224 Route ������������������������������������������������������������������������������������ 224 NETSH ���������������������������������������������������������������������������������� 225 PowerShell Commands ������������������������������������������������������������ 227 General Networking ������������������������������������������������������������ 227 Network Management �������������������������������������������������������� 228 Other Relevant Tools ��������������������������������������������������������������� 228 PortQry ��������������������������������������������������������������������������������� 228 Microsoft Security Compliance Manager �������������������������� 229 Microsoft Baseline Security Analyzer �������������������������������� 229 Enhanced Mitigation Experience Toolkit �������������������������� 229 Attack Surface Analyzer ����������������������������������������������������� 229 Summary ����������������������������������������������������������������������������������� 229
INDEX ������������������������������������������������������������������������������������������������������ 231
Dedication
This book is dedicated to my daughter Riley, the most amazing two-year-old ever.
ix
This page is intentionally left blank
xi
Acknowledgments
I would like to thank my wife Michelle, my mother Claudine, and my sister Kanesha. I would also like to thank the Elsevier staff, especially Angelina Ward and Heather Scherer. It has truly been a pleasure working with you.
This page is intentionally left blank
xiii
About the Author
Derrick Rountree (CISSP, CASP, MCSE) has been in the IT field for almost 20 years. He has a Bachelor of Science degree in Electrical Engineering. Derrick has held positions as a network administrator, an IT consultant, a QA engineer, and an Enterprise Architect. He has experience in network security, operating system security, application security, and secure software development. Derrick has contributed to several other Syngress and Elsevier publications on Citrix, Microsoft, and Cisco technologies.
This page is intentionally left blank
xv
About the Technical Editor
Richard Hicks is a network and information security expert specialized in Microsoft technologies, an MCP, MCSE, MCITP Enterprise Administrator, CISSP, and four-time Microsoft Most Valuable Professional (MVP). He has traveled around the world speaking to network engineers, security adminis-trators, and IT professionals about Microsoft edge security and remote access solutions. A former information security engineer for a Fortune 100 financial services company in the US. He has nearly two decades of experience work-ing in large-scale corporate computing environments. He has designed and deployed perimeter defense and secure remote access solutions for some of the largest companies in the world. Richard has served as a technical reviewer on several Windows networking and security books and is a contributing au-thor for WindowsSecurity.com and ISAserver.org. He is an avid fan of Major League Baseball and in particular the Los Angeles Angels (of Anaheim!), and enjoys craft beer and single malt Scotch whisky. Born and raised in Southern California, he still resides there with Anne, the love of his life and wife of 27 years, along with their four children. You can keep up with Richard by visiting http://www.richardhicks.com/.
This page is intentionally left blank
xvii
Windows 8 and Windows Server 2012 are major releases for Microsoft. There are a lot of new networking features and improvements to old features. We will be looking at these features from a security perspective. We will cover general functionality where necessary, but our focus will be on security. We will discuss how to secure your general networking features. We will also discuss how to implement security-related features.
You must keep in mind that security is not just about cryptography and virus protection. The basis of information security is the CIA triad. This includes confidentiality, integrity, and availability. We’re going to discuss ways of mak-ing your networked systems secure, stable, and highly available.
This book is not an administrator’s guide. We won’t be going over where to find tools and utilities. We also won’t be going over general configuration informa-tion, unless we are configuring a security-related feature. If you need in-depth information about features and functionality, it’s recommended that you use supplemental reference material.
INTENDED AUDIENCE
This book is intended for anyone who will be using, administering, or securing Windows 8 or Windows Server 2012 systems and networks. In the past, security was just for security professionals. They were the only ones who cared about making sure systems were safe. Nowadays, we realize that everyone has a hand in making sure the environment is secure. A DNS Administrator, for example, must make sure that not only is the DNS infrastructure doing name resolu-tion properly, but also that it’s available when needed and is protected against unauthorized requests.
To get the full value from this book, an individual should have a good understanding of general networking concepts. You should also have a good understanding of how to administer Windows systems. Since the book will not
Preface
Prefacexviii Preface
be covering general Windows functionality, it’s important to have an under-standing of how to navigate the new look and feel of Windows system.
WHY IS THIS INFORMATION IMPORTANT
Nowadays, we realize it’s everyone’s responsibility to make sure the system they use is secure. With the release of a new operating system comes a new set of attacks. It’s important that you have the right information needed to mitigate these attacks. This is what this book will provide you with.
The cyber world is evolving. Companies not only have to worry about external threats, but also internal threats. Attacks are becoming more complex and more calculated. Attackers don’t always attack the system they want directly. They may compromise another system and use that system to attack their ulti-mate target. Even if you don’t want a certain system to have valuable informa-tion on it, it still needs to be protected. You don’t want that system to be the one used to compromise another system.
New initiatives like BYOD (Bring Your Own Device) are allowing corporate users to bring their personal devices into the workplace. This has caused a blur in the line between corporate and personal systems. You have both types of devices on the network. So, it’s important that both types of devices be secured.
THE STRUCTURE OF THE BOOK
This book is broken down into seven chapters, including the Introduction. The chapters flow from infrastructure outward to Internet connectivity. Then it’s wrapped up with the tools you need to monitor and administer these environments.
Chapter 1: Introduction
The Introduction will give you a general overview of the tools needed to man-age Windows systems. We provide this overview to ensure that there is a good foundation for the concepts we cover later. We will also go over IPv6. The con-figuration and management of an IPv6 environment is different from an IPv4 environment. So we want to make sure you have a good understanding of some of the new concepts before we move forward.
Preface xix
Chapter 2: Network Infrastructure
This chapter will discuss how to securely deploy your network infrastruc-ture. The infrastructure is what will provide the basis for the rest of your net-work connectivity. We will cover how to secure your DHCP, DNS, and WINS infrastructure.
Chapter 3: Securing Network Access
This chapter will cover how to connect a system to network. We will cover both wired and wireless access. We will go over to basic connectivity and access as well as to more advanced concepts like Windows Firewall and IPSec.
Chapter 4: Secure Remote Access
This chapter will cover remote access to your network and to individual sys-tems. It’s important that this be done in a secure way to prevent unauthorized access and information leakage.
Chapter 5: Internet Connection Security
In this chapter, we will discuss how to secure Internet Connections. We will start with Internet Explorer and then move to general Internet security settings.
Chapter 6: Network Diagnostics and Troubleshooting
In this chapter, we will cover tools that can be used to monitor and troubleshoot your systems. They can be used to help ensure availability. They can also be used to detect unwanted or malicious activity.
Chapter 7: Network Tools and Utilities
This chapter discusses some of the network tools and utilities that can be used to configure, manage, and secure Windows networking components. We will cover some simple command-line utilities as well as more robust tools.
This page is intentionally left blank
Windows 2012 Server Network Security. © 2013 Elsevier Inc. All rights reserved.
http://dx.doi.org/10.1016/B978-1-59749-958-3.00001-71
CHAPTER 1
Introduction
CONTENTS
Intro to Windows 8 and Windows Server 2012 ������������������1Server Manager..................1Dashboard .................................. 2Local Server ................................ 2Add Roles and Features ............ 2Notifications ............................... 4Manage ....................................... 6Tools ........................................... 6Powershell ..........................6
Intro to IPv6 �����������������6IPv6 Architecture ...............7IPv6 Addressing ......................... 7IPv6 Address Types ................... 8IPv6 Special Addresses ............. 8IPv6 Addressing ......................... 9
Summary �������������������10
n Intro to Windows 8 and Windows Server 2012n Intro to IPv6
INFORMATION IN THIS CHAPTER
Networking is a key component of any environment. Windows 8 and Windows Server 2012 offer a wide range of networking features and functionality. It’s important that you understand these features and functionality so that you can properly secure them. But, before we get into those, we will start with some more general information. In this chapter, we will start with an overview of some of the key components of Windows 8 and Windows Server 2012 that will help you as we go through the rest of the chapters. Then we will move into a discussion of IPv6, and how it’s implemented in Windows 8 and Windows Server 2012.
INTRO TO WINDOWS 8 AND WINDOWS SERVER 2012When you look at Windows 8 and Windows Server 2012, the first thing you will notice is a big difference in the UI. But, that’s not the only difference. There are some important differences in the management of the operating systems. There is a new Server Manager console that offers new management function-ality and there has been increased functionality built into Powershell.
Server ManagerIn Windows Server 2012, Server Manager has been enhanced to provide greater management and monitoring functionality. It’s your starting point for a lot of gen-eral administrative functions you will need to perform. You can access event and performance information. You can also install new roles and services from here.
CHAPTER 1: Introduction2
Dashboard
When you log into Windows Server 2012, Server Manager will open. You will be presented with the Dashboard view, as seen in Figure 1.1. The Dashboard view allows you to access information about different roles and services that have been installed on the system. You can view information on manageabil-ity, events, performance, and BPA results.
Local ServerThe Local Server section, as seen in Figure 1.2, will give you detailed informa-tion about the server to which you are currently connected. You can view server properties, events, services, Best Practices Analyzer information, performance information, and roles and features information.
Add Roles and FeaturesServer Manager is where you go to Add Roles and Features to your server. In upcoming chapters, we will be installing different roles and features. Most of these installs will be launched from Server Manager. The first few steps of all the installs will be the same. So, instead of repeating these steps multiple times, we will go through these steps now:
1. In the Server Manager Dashboard, select Add Roles and Features. This will launch the Add Roles and Features Wizard. First, you will be presented with the Before You Begin screen, as seen in Figure 1.3. This screen describes what can be done using the wizard. It also gives configuration suggestions to follow before you continue with the wizard. Click Next.
FIGURE 1.1 Server Manager Dashboard View
Intro to Windows 8 and Windows Server 2012 3
2. Next, you will see the Installation Type screen, as seen in Figure 1.4. You have two options. You can install roles or features on the system; or you can install VDI (Virtual Disk Infrastructure) services on the system. Select Role-based or feature-based installation, and click Next.
FIGURE 1.2 Server Manager Local Server View
FIGURE 1.3 Add Roles and Features Wizard Before You Begin Screen
CHAPTER 1: Introduction4
3. Next you will see the Server Selection screen, as seen in Figure 1.5. Here, you can choose to install to a server or to a VHD (virtual hard disk). If you choose a VHD, you have the option to install to a VHD attached to an online server, or to install to an offline VHD. Select Select a server from the server pool. Then choose the server you want to install onto, and click Next.
Config ExportOne useful feature of the Roles and Features Wizard is the ability to export an installation configuration. After you have finished configuring the settings for an installation, you have the option to save the configuration to an XML file. You can then use Powershell to script an install with the same settings on a different server. This not only makes it easier to install multiple servers, but it also helps to ensure consistent installations. The command you would use to perform the install is as follows:
Install-WindowsFeature-ConfigurationPathFile <exportedconfig.xml>.
NotificationsThe Notifications section of Server Manager, as seen in Figure 1.6, will pro-vide notification and alert messages. For example, after you install a role,
FIGURE 1.4 Add Roles and Features Wizard Installation Type Screen
Intro to Windows 8 and Windows Server 2012 5
FIGURE 1.5 Add Roles and Features Server Selection Screen
FIGURE 1.6 Server Manager Notifications Sections
CHAPTER 1: Introduction6
a notification will be posted letting you know that the install was successful. You will also get a notification after an install, if there is post-install configura-tion that needs to be done.
ManageThe Manage menu provides you the ability to add and remove roles and features. You can add servers to be managed by Server Manager. You can also create server groups.
ToolsThe Tools menu brings up a list of various tools that you can use to manage your server. There are entries for Local Security Policy, Performance Monitor, Resource Monitor, the Security Configuration Wizard, and many other options. Some of these security-related tools will be covered later in this book.
PowershellPowershell is a very powerful management language used with Windows sys-tem. Windows Powershell is a combination command-line shell and scripting language. Powershell allows access to COM and WMI management compo-nents. This greatly expands the potential of the Powershell language.
Powershell is one of the main tools used for managing Windows systems. In fact, many Windows management consoles are actually built on top of Powershell. Powershell includes a hosting API that can be used by GUI appli-cations to access Powershell functionality. Powershell commands can be exe-cuted as cmdlets, Powershell scripts, Powershell functions, and standalone executables. The Powershell process will launch cmdlets within the Powershell process. Standalone executables will be launched as a different process. As Windows moves forward, there will be an increasing reliance on Powershell. It's important that you understand how to use it to manage and administer your systems. As we go through this book we will periodically reference differ-ent Powershell commands than may be useful to you.
INTRO TO IPv6IPv6 is the newest version of the IP protocol. It was designed to replace IPv4, which is the version used throughout most of the Internet. The problem was that there weren’t enough IPv4 addresses to satisfy the needs of the growing Internet. IPv6 has been long talked about, but it is just now picking up steam. More and more Internet Service Providers are supporting the protocol. World IPv6 Launch Day was June 6, 2012. This was the day many ISPs and vendors permanently enabled IPv6 on for their products and services.
Intro to IPv6 7
IPv6 Architecture
The IPv6 architecture is very different from the IPv4 architecture. These archi-tecture differences are what make IPv6 the choice for the future. IPv6 is scal-able, secure, and relatively easy to set up.
IPv6 AddressingIPv6 addresses are 128 bits long. Compare that to IPv4 addresses which are 32 bits. This means there are 3.4 × 1038 addresses. That’s approximately 4.8 × 1028 addresses for each person on earth. There is almost no way we will ever use any-where near that many addresses. The main benefit of having that many addresses available is that you can waste addresses. With IPv4 addresses, there was no room for waste. You had to make sure you made the most efficient use of addresses pos-sible. With IPv6, that’s no longer a concern. You should make sure you come up with a scheme that is best for your organization, but it’s ok if you waste addresses.
IPv6 NotationIPv6 addresses consist of eight groups of 16-bit numbers, separated by colons. The 16-bit numbers are represented as hex digits:
abcd:1234:1234:abcd:0230:0bcd:1234:a0cd
As you can see IPv6 addresses can be quite long and very hard to remember. To make things a little bit easier, IPv6 addresses can be abbreviated. There are two ways IPv6 addresses which can be abbreviated. The abbreviations are based on the existence of zeros. First of all you can remove one or more leading zeros from a group of 4 hex digits:
abcd:1234:0000:abcd:0230:0bcd:1234:a0cd
becomes
abcd:1234:0:abcd:230:bcd:1234:a0cd
Also, you can remove an entire section of zeros and replace with a double colon (::). The double colon can only be used once in an address:
0000:0000:abcd:1234: abcd:1234:abcd:1234
becomes
::abcd:1234: abcd:1234:abcd:1234
or
abcd:1234:0000:0000:0000:abcd:1234:abcd
becomes
abcd:1234::abcd:1234:abcd
CHAPTER 1: Introduction8
In IPv4 you had the network portion of the address and the host portion of the address. The subnet mask is used to tell you which portion of the address is which. There are two ways to write IPv4 subnet masks. You can use the traditional form, 255.255.255.0, for example. Or you can use the CIDR format, /24. In IPv6, the network portion of the address is called the prefix. The prefix is also denoted by the subnet mask. But, IPv6 subnet masks are only written using the CIDR format.
IPv6 Address Types
There are three types of addresses used with IPv6: unicast, multicast, and anycast. Unicast addresses are what you would call regular addresses. They are the addresses usually bound to your network card. Unicast addresses should be unique on a network, meaning a single unicast address should only represent a single system. Multicast addresses are used to make a one-to-many connection. Multiple systems can listen on the same multicast address. So, when a system sends out a message using a multicast address, multiple systems may respond. Multicast addresses will start with FF0 or FF1. FF02::2 is the multicast address used by routers. IPv6 uses multicast addresses to accomplish a lot of the functionality performed by broadcast addresses in IPv4. Anycast addresses are addresses that are shared by multiple system. Anycast addresses are generally used to find network devices like routers. When a message is sent out via an anycast address, any system using that address may respond.
Unicast addresses come in four flavors: global, site-local, link-local, and unique local. Global addresses are routable throughout the Internet. Global IPv6 addresses start with 001. Site-local addresses are only routable within a specified site within an organization. Link-local and unique local addresses will be covered in the next section on special addresses.
Note: The concept of sites has been deprecated in IPv6, so site-local addresses are no longer used.
IPv6 Special AddressesThere are several special addresses in IPv6. These addresses or groups of addresses serve very specific function. We will cover the loopback address, link-local addresses, and unique local addresses.
Loopback AddressThe loopback address, also called localhost, is probably familiar to you. It is an internal address that routes back to the local system. The loopback address in IPv4 is 127.0.01. In IPv6, the loopback address is 0:0:0:0:0:0:0:1 or ::1.
Intro to IPv6 9
Link-Local AddressesLink-local addresses are intended to only be used on a single network segment or subnet. Routers will not route link-local addresses. Link-local addresses also existed in IPv4. They existed in the address block 169.254.0.0/16. These addresses were used by the DHCP autoconfiguration service on a system when a DHCP address could not be obtained. Link-local addresses allow you to have network connectivity until another more suitable address can be obtained. In IPv6, the address block fe80::/64 has been reserved for link-local addresses. The bottom 64 bits used for the address are random. In IPv6 link-local addresses may be assigned by the stateless address autoconfiguration process. IPv6 sys-tem must have a link-local address in order for some of internal protocol func-tions to work properly. So, during a normal startup process, an IPv6 system will obtain a link-local address before it receives a regular, routable IP address.
Unique Local AddressUnique local addresses are a set of addresses that are intended for use in inter-nal networks. They are similar to “private” IPv4 addresses. These addresses can only be used within a specified organization. They are not routable on the global Internet. Using unique local addresses can help prevent external systems from having direct access to your internal systems. The address block fc00::/7 has been reserved to use for unique local addresses.
IPv6 AddressingWhen you look at the IP configuration on an IPv6 system, you will see mul-tiple addresses. First you will see the public address. The public address is the address used by other systems to contact an IPv6 system. This is the address that would be registered in the DNS server. You will also see what is called a temporary address. It’s called temporary because it may change after a given interval. The temporary address is the address used when making connections to other systems, such as when you browse the Internet. This adds an addi-tional layer of security because it would be very difficult to trace this temporary address back to the originating system.
Note: On Windows systems, the public address is simply label IPv6 address.
The third type of address you may see is a tentative address. After the system generates an address, it is considered tentative until the verification process to make sure the address does not exist elsewhere on the network completes. The verification process happens so quickly that you will probably never actu-ally see an address labeled tentative.
Stateless Address AutoconfigurationIPv6 systems can automatically configure themselves when on a network with an IPv6 compliant router. The process is as follows:
CHAPTER 1: Introduction10
1. The system boots up and generates a link-local address.2. A message is sent to the multicast address FF02::2 to find a router.3. The router sends back a link address or prefix.4. The system uses the prefix as the beginning portion of the address and
randomly generates the ending portion of the address.
SUMMARY
Windows 8 and Windows Server 2012 have many similarities to older versions of Windows, but there are also many new aspects. There are new features and improvements on old features. The new Server Manager offers an improved management interface. There are also improvements to Windows Powershell that greatly expand its effectiveness.
IPv6 has been around for a while. It's also been supported in Windows systems for quite some time. But, as IPv6 grows in popularity, it’s essential that you have a good understanding of it and how it works on Windows systems.
FM Header
231
Index
AActive directory, 16, 25, 30, 32, 34, 37,
49, 78, 188, 199–200, 229–230ActiveX Filtering, 128Additional services, 206Adding sites to the Internet zone, 148Address Resolution Protocol
(ARP), 23, 222Advanced audit policy configuration
configure basic system auditing, 198
DS access, 196granular audit control, 196–199local group policy object
node, 196tracking, 196
Advanced Encryption Standard (AES), 48
Advanced sharing settingsdevice sharing
all networks, 79–80guest or public, 77–78private network, 75–77
AES. See Advanced Encryption Standard
Audit policyaudit object access, 188audit policy change, 188audit privilege use, 188audit process tracking, 188audit system events, 188detect malicious network
activity, 188Applications and services logs
network-related informationInternet Explorer, 184Microsoft Windows
nodes, 184ARP. See Address Resolution ProtocolAttack surface analyzer, 229
BBinary and script behaviors
COM components, 140HTML, 140Windows Script
components, 140
CCommand line tools
ARPtranslate IP addresses
to MAC addresses, 222Getmac
query system MAC addresses, 222–223
Ipconfigdisplay and manipulate IP
information, 219NET command, 223NETSH
command-line network management utility, 225
network management interface, 225
NETSH Context Commands, 225NETSH Sub-Contexts
netsh<context>command, 226Netstat
current connection information, 221
protocol information, 221TCP SYN attack, 221
Pathpingsource to destination
computer, 224Ping
denial of service attack, 220ICMP echo request
message, 220
ping command, 220ping flood, 220round-trip time, 220
Routenetwork routing table, 224
Tracertrouters or hops, 220–221tracert command, 220–221Windows version of
traceroute, 220–221Components of Windows Server
DHCP, 11DNS, 11WINS, 11
Computer certificatesKerberos v5, 70–71NTLMv2, 70–71
Computer configuration policiesadministrative templates
local computer, 200network, 200policy definitions (ADMX
Files) retrieved, 200system, 200Windows components, 200
Windows settingsname resolution policy, 199policy-based QoS, 200security settings, 199–200
Computer configuration preferences
control panel settingconfigure preferences, 201
Windows settings node, 200–201Configuration database, 204Connection files
notepad, 106.rdp file, 106
Connect from anywherecredentials, 105
232 Index Index
RD gateway server setting, 105Connection request policy
nodep, 105Creating zones
lookup zonesforward lookup zones, 30reverse lookup zones, 30
name resolutiondomain name (FQDN), 26IP address, 26
DData collector sets
kernel trace setting, 179performance configuration, 179performance counter, 179performance monitor, 178system diagnostics, 178system performance, 178user defined section, 179
Data settingscaches and databases
application cache, 135indexed database caches, 135
historylisting of websites, 134–135
temporary Internet filesview files button, 134view objects button, 134
DCM. See Desired Configuration Management
Delete browsing historydelete browsing history on
exit, 133delete manually, 133
Denial of service (DOS), 220Desired Configuration Management
(DCM), 229DHCP. See Dynamic Host
Configuration Protocol DHCP audit logging
bootIP address, 24DHCP management console, 23dynamic BOOTP request, 24NAP policy
Microsoft NAP, 114packet dropped, 24scope address pool, 23
DHCP environment protectionbogus IP address, 19design anonymous, 18MAC address generation
software, 19
malicious client system, 19DHCP installation, 12, 16
DHCP server, 12–13DHCP overview
broadcast messages, 11DHCP server authorization
DHCP management console, 23rogue DHCP server attack, 22–23
DHCP server roleconfirmation screen, 13, 15feature screen, 13–14server information screen, 13–14server role screen, 13
DHCP snoopingARP spoofing, 23layer 2 network switch, 23rogue DHCP servers, 23
DHCP unique identifier. See also DUID
Differentiated Services Code Point (DSCP), 200–201
DNS. See Domain Name ServiceDNS environment
DNS cache, 34secure cache, 34
DNS forwarders, 34DNS installation and initial
configurationconfirmation screen, 26, 28DNS server information
screen, 26, 28feature screen, 26installation complete, 26, 29post installation alert, 30result screen, 26, 29server role screen
DNS feature window, 27, 30DNS name resolution services, 44DNSSEC
authenticated denial-of- existence, 34
digital signaturesresponse verification, 34
secure the DNS protocol, 34trust anchors, 34zone signing, 34
DNS server activityLogging
debug logging, 37, 39event logging, 37–38
monitoringautomatic testing, 37manual testing, 37
DNS settingsDNS registration
DNS A, 24PTR records, 24
name protection, 25DNSUPDATEPROXY
secure dynamic updates, 25Windows Active Directory
environment, 25DNS zone security
DNS zone information, 35Domain highlighting, 124Domain Name Service
(DNS), 24–26, 37–38DOS. See Denial of serviceDownloads
file download, 141font download, 141
DSCP. See Differentiated Services Code Point
Dynamic host configuration protocol (DHCP), 11–26
DHCPbootstrap protocol, 11hard disk configuration
information, 11IP configuration
information, 11, 20network configuration
information, 11proxy configuration
information, 11DUID, 21Dynamic updates option
allow, 37do not allow, 37only allow secure, 37
EEMET. See Enhanced Mitigation
Experience ToolkitEMET
security vulnerabilities prevention, 229
threat mitigation technologies, 229
Enhanced Mitigation Experience Toolkit (EMET), 229
Event viewerevent properties window, 183 event viewer session, 182Windows system
application information, 182
233Index
monitoring and logging, 182system information, 182user information, 182
External media playercontrols media files
disable, 140enable, 140
FForward lookup zones
dynamic update screensecured dynamic updates, 32unsecured dynamic
updates, 32newzones wizard, 30welcome screen, 30zone file screen, 32zone name screen
domain name, 30, 31
GGroup policy
local security policy, 199multiple system configuration
settings, 199
HHCAP See Host Credential
Authorization PolicyHCAP
Cisco network access control server, 114
connection request policy node, 121
Microsoft NAP solution, 114network policy server console, 121
Health registration authority (HRA), 114, 117, 120
Host credential authorization policy (HCAP), 114, 121
HRAcertification authority
settings, 120console, 120request policies
cryptographic policies, 120transport policies, 120–121
HRA, See Health Registration Authority
IIAID, 21Infrastructure
DHCP, 44DNS, 44WINS, 44
Initial DHCP configurationactive directory servicesauthorization screen, 16–18DHCP post-initial configuration
server manager alert, 16wizard, 16–17
management console, 18post-deployment
configuration, 16summary screen, 18–19
InPrivate, 158Interface association identifier. See
also IAIDInternet Explorer security, 123Internet options
advanced, 165applet, 130–131connections, 161content, 158general
browsing history, 132home page, 132
privacy, 162programs, 130–131security, 137–155
Internet Protocol security, 64Internet Service Provider (ISP), 6IPSec. See Internet Protocol securityIP address, 12, 18–26, 34IPsec monitoring in Windows
Firewalladvanced security, 74connection security rules, 72security associations
security connection information, 74
IPSec overviewconfiguring IPSec
authentication exemption rules, 67
connection security rules plug-in, 67
custom rules, 67isolation rules, 67server-to-server rules, 67tunnel rules, 74
host-to-host network, 65host-to-network, 65Internet Protocol security
(IPSec), 64IPSec AH
authentication header, 65IP packet, 65–66replay attack, 65–66
network-to-network, 65IPSec ESP
confidentialty, 66encapsulation security
payload, 66IPSec security association
network flow authentication, 67
network flow encrption, 67IP security policies
IP filter list management, 193IPSec policies configuration, 193IP security policy name
screen, 195IP security policy screen, 195, 197local computer, 193manage filter actions, 196, 198manage IP filter list tab, 195, 197name screen, 195secure communications
screen, 195–196wizard welcome screen,
193–194IPv4
CIDR format, 8IPv4 network portion, 8IPv4 subnet mask, 8prefix, 8
IPv6IP protocol, 6ISP, 6vendors, 6
IPv6 addressing128 bits long, 73.4×1038 address, 7IP configuration
DNS server, 9multiple address, 9public address, 9 temporary address, 9
tentative addressaddress labled tentative, 9verification process, 9
IPv6 architecture, 7–10IPv6 notation
16-bit numbers, 7double colon (::), 7hex digits, 7leading zeros, 7
IPv6 address typesmulticast addresses, 8
234 Index Index
unicast addressesglobal addresses, 8link-local addresses, 8regular address, 8site-local addresses, 8unique local addresses, 8
IPv6 special addresseslink-local addresses
DHCP autoconfiguration service, 9
internal protocol functions, 9 routable IP address, 9single network segment or
subnet, 9stateless address auto-
configuration process, 9loopback address
localhost, address, 8unique local addresses
internal networks, 9ISP. See Internet Service Provider
KKernel trace settings, 179
LLAN. See Local area networkLAN
proxy server settings, 161LDAP signing screen, 209Local Area Network (LAN), 61, 104,
161–162, 177, 191, 226Local devices and resources
local resource usageclipboard, 103drive, 103ports, 103printers, 103smart cards, 103, 105
Local security policyaccount policies, 187IPSec policies, 187local policies
audit policy, 188security option, 188
IP security policies, 187, 193–196Loose XAML
content rendering, 138
MMalware try, 219Media devices
password configuration, 74Media sharing
file sharing connections40-bit encrption, 7956-bit encrpytion, 79128-bit encrption, 79
Media streamingoptions window, 79, 81
Microsoft Baseline Security Analyzer
command-line, 229GUI interface, 229vulnerability assessment, 229
Microsoft security compliance manager
desired configuration management, 229
guide recommendations, 229Microsoft website, 229
Microsoft Windowsapplications and
services, 184–185Microsoft node, 184–185
NNAP. See Network Access ProtectionNAP
drop client packet, 25restricted access, 25
Navigate windows, 144.NET Framework
Loose XAML—disable, 146reliant components
components with manifests, 139
XAML browser applications— disable, 146
XPS documents—enable, 146Networking, 1, 227–228Network access
client-server, 45resource sharing, 45secure resource, 45
Network Access Protection (NAP), 24–25, 70, 114, 118, 184, 200, 226
Network configuration, 45Network discovery
DNS client, 46function discovery resource
publication, 46SSDP discovery, 46UPnP DeviceHost Service, 46
Network flooding, 176Network infrastructure, 11Networking features, 1Networking functionality, 1Network list manager policies
all networks, 192unidentified networks, 192
Network locationdomain administrator, 46–47home network
homegroup option, 46trusted network option, 46
network settingspre-list of settings, 46
public networkuntrusted network, 46
work networkworkplace, 46
Network managementDHCP server, 228DHCP server role, 228DNS reverse lookup zone, 228
Network monitorMicrosoft web site, 185network capture and analysis, 185network interface, 185network traffic filtering, 185parsing options, 185
Network namename section, 192–193user permission section,
192–193Network not broadcasting name
malicius users, 47SSID, 47
Network Policy and Access Services (NPAS), 114–121
Network Policy Server (NPS), 25, 114, 118–121
Network profilesdomain networks
active directory domain, 49guest or public networks, 49private networks
home network, 49private profile, 75–76workgroupmode, 49work network, 49
Windows Firewall configuration, 49Network profile information
active<profile type> network, 50incoming connections
block all connections, 50
235Index
block all connections including apps, 50
notification state, 51status information, 50–51Windows Firewall state, 50
Network properties windowsnetwork icon, 193network location, 193–194network name, 192–193
NPASdeploy RADIUS, 114installation and configuration
authentication requirements screen, 114–118
certification authority screen, 114, 117
confirmation screen, 118–119health registration authority
role service, 114, 117information screen, 114, 116results screen, 118role, 114–115role services screen, 114, 116server authentication screen,
118–119server roles screen, 114–115
NPSconfiguration wizard, 118, 120
RADIUS server for 802.1X Wire-less /Wired Connections, 118
RADIUS server for Dial-up/VPN Connections, 118
NPAS. See Network policy and access services
NPS. See Network Policy ServerNetwork security
networking monitoring, 167trouble-shooting, 167
NULL session, 189
OOutbound authentication methods,
212– 213Outbound rules, 62–63
PPacket Internet groper utility, 220Password protection sharing, 80Performance counter, 178, 180Peformance monitor, 178, 181Ping. See Packet Internet groper
utility
PKU2U, 189Pop-up Blocker
notifications and blocking level, 158
PortQryPortQRYUI, 228port scanner, 228
Post-install configuration, 18, 16, 23Powershell
combination command-line shell and scripting language, 6
COM management component, 6hosting API, 6Power management language, 6Powershell functions, 6Powershell scripts, 6Standalone executables, 6Windows management
consoles, 6Windows system, 6WMI management components, 6
Powershell commandsconfigure a static IP address, 227list IP Addresses, 227management commands
to authorize a DHCP server, 228
create a DNS reverse lookup zone, 228
install DHCP Server role, 228perform an install using an
exported configuration, 228NetAdapter, 227NetTCPIP
TCP/IP protocol, 227Powershell module, 227set DNS address, 228show network adapter
information, 227Windows system management,
227Privacy
tracking information, 155Programs
local security policy, 105performance
persistent bitmap caching, 104reconnect if the connection is
dropped, 104programs tab, 103server authentication, 105start a program
file name, 104
program path, 104section, 104
Protected modesecurity zones back to default
levels, 138Proxy server, 12, 22PTR records, 24
QQuality of service, 200QOS. See Quality of service
RRegistry settings, 212Remote audio, 102–103Remote access
VPN settingsrouting and remote access
console, 112–113Remote access role
directaccessapplication servers, 112configuration node, 112–113infrastructure server, 112remote access management
console, 112–113remote access server, 112remote client, 112reporting node, 112
installation and configurationapplying settings
window, 112configure remote access,
109–110confirmation screen, 109–110getting started wizard, 109, 111overview screen, 107–108results screen, 109server manager notifications
area, 109server role screen, 107services screen, 109window, 107–108
VPNpacket filtering, 112–113PKI, 112–113remote access console,
112–113RRAS VPN, 107, 109secure authentication
method, 112–113RRAS routing, 107
RD. See Remote DesktopRemote access VPN, 112–113Remote assistance
advanced buttonsettings window, 93–94
configure, 93invitations, 93remote tab, 93section, 93system Properties window, 93Windows Vista, 93
Remote Desktop (RD), 92–107Remote desktop connection client
GUI, 100connection properties, 101mstsc command, 100
Remote Desktop Gateway Role Service
installation and initial configurationconfirmation screen, 97–98feature screen, 97results screen, 97role feature, 97–98
remoteapp program, 97secure remote access, 97session-based desktops, 97virtual desktops, 97
Remote desktop servicesconnections, 93–94local administrators group, 94network level
authentication, 93–94remote desktop
functionality, 93–94Windows 8
remote assistance, 93Remote desktop services role
Web accessremote session desktop, 99session collection, 99start menu, 99web browser, 99
Windows Server 2012connection broker, 94features screen, 94gateway, 94, 97–99information
screen, 94–95installation and configuration,
94, 99licensing, 94remoteapp program, 94, 99
security-related configuration, 94
server roles screen , 94–95session-based desktop, 94session host, 94virtual desktop, 94virtualization host, 94
Remote system accesscomputer room, 89data center, 89
Render legacy filters, 125Reserved IP address
DHCP reservationDHCP scope, 21–22
firewall entries, 20IPv4
IP address, 21MAC address, 21reservation name, 21
IPv6DUID, 21IAIA, 21IPv6 address, 21reservation, 21
MAC address, 20–21physical security
network entry point, 22password protection, 22
static IP address, 20Resource monitor
overview tabCPU, 175–176disk, 175–176general overview, 175–176memory, 175–176network, 175–176
troubleshooting, 173–175performance monitor
configuration information setting, 178
data, 179, 181event trace data, 178log statistics, 178performance counter, 178real time statistics, 178
performance tabfiles window, 173–175listening ports, 178network activity,
process, 177resmon.exe, 173–175run window, 173–175search programs, 173–175
suspicious activity, tracking, 173–175
Resource monitor network tabconnection information, 177filtering option, 178four section
listening ports, 177–178network activity, 177–178processes with network
activity, 177–178TCP connection, 177–178
local LAN usage, 177network activity, 177network usage information, 177number of TCP connections, 177port information, 177wireless network usage, 177
Report unsafe website, 130–131Rogue DHCP server
denial of service attack, 22domain-based
administrators, 22Role-based service, 204
SS4U2Self, 189Safety features, 125Scripting
active scripting, 145Secure Cache Against
Pollution, 34name server record, 34
Securitythe Internet zone, 137local intranet zone, 137restricted sites, 137trusted sites, 137
Security configuration wizardadditional services screen,
206, 208administration and other options
screen, 206–207apply security policy screen,
216, 218audit policy sections, 214audit policy summary screen,
212, 215completing screen, 216, 218configuration action
screen, 203configuration database
screen, 204
236 Index Index
Oriyano
237
confirm service changes screen, 206, 209
domain accounts, 212–213include security templates button
window, 216–217LDAP Signing screen, 209, 212network security rules screen,
209–210network security section, 209–210outbound authentication
methods screen, 212registry settings section, 209, 211registry settings summary screen,
212, 214role-based service configuration
wizard, 204–205save security policy
section, 216security configuration wizard,
204–205select client features screen,
205, 207security policy file name, 216–217select server screen, 202–203select server roles screen, 204, 206SMB security signatures screen,
209, 211system audit policy screen,
212, 215unspecified services screen,
206, 208welcome screen, 202
Security optionsconfigured, 189–192domain member, 189Microsoft network client, 189network access, 189network security, 190incoming traffic, 191PKU2U authentication, 191registry key, 189–192sign secure channel data
secure channel traffic, 189Security types, 47, 49
802.1x authentication, 48open authentication, 47WPA2, 48WPA authentication
preshared key, 48WiFi protected access, 48
WPA-Enterprisecentral authentication
server, 48Server authentication, 105Server manager
add roles and featureadd roles and features wizard,
2–4before you begin screen, 2installation type screen, 3–4role-based or feature-based
installation, 3, 5server manager dashboard,
2–3VDI (Virtual Disk
Infrastructure), 3config export
installation configuration, 4install-WindowsFeature-
ConfigurationPathFile <exportedconfig.xml>, 4
multiple servers, 4Powershell, 4XML file, 4
dashboardBPA results, 2events, 2manageability, 2performance, 2
local serverbest practices analyzer
information, 2section, 2–3
managemanage menu-6
notificationsalert messages, 4–6section, 5
server selection screen, 4–5server pool, 4VHD, 4
Server manager consolemonitoring, 1performance, 1services, 1
Server roles, 202–209Server-to-server connection rule
advanced certificate criteria properties window, 70–71, 73
advanced optioncustom authentication
method, 70authentication method
computer certificate, 70
custom method, 70screen, 70
connection security rules, 68customize button
add first authentication method window as seen, 70, 72
customize advanced authen-tication methods screen, 70–71
endpoints screen, 68–69health certificate, 70new connection security rule
wizard, 68profile screen, 71, 73requirements screen, 68–69rule type screen, 68
SMB security signatures, 209Start of authority (SOA)
master of recordowns the records for the
zone, 35Stateless address autoconfiguration
IPv6 compliant router, 9–10Straightforward process, 202Subtle malicious activity
loggingdebug logging, 37event logging, 37
monitoringprovide real-time information,
37–38
TTask manager
Windows 8, 167Windows 2012, 167
Task manager seven tabsApp history, 172Performance tab, 169–171, 175processes, 168services, 173startup, 172–173users, 173
TELNETclient component
command prompt, 91escape character, 91NTLM authentication, 91– 92only password
authentication, 91programs and features, 91–92
Index
Oriyano
238 Index Index
security considerations, 92Telnet Client prompt, 91–92TELNET ENVIRON, 92Telnet session switch, 91Windows Server 2012, 90
security considerationsTelnet traffic, 92
server componentconfiguring, 90–91host system, 90installings, 90–91Windows 8, 90
Tlntadmn command, 90–91Temporal key integrity protocol
(TKIP), 48TKIP. See Temporal key integrity
protocolTools
local security policy, 6performance monitor, 6, 167task manager, 167tools menu
entries, 6Tracking protection, 127–128Turn off smartscreen filter, 130Two versions of Internet Explorer
classic version, 123–124new Windows Store app version,
123–124
UUI, 1Uniform resource locator, 201User authentication
anonymous logon, 146automatic logon only in Intranet
zone, 146automatic logon with current
username and password, 146prompt for username and
password, 146User configuration policies
administrative templatesnetwork, 201system, 201Windows Components, 200
Windows settingsdifferentiated services code
point, 201policy-based QoS, 201
User rights assignmentpolicies control
access this computer from the
network, 188add workstations to the
domain, 188allow log on through Remote
Desktop Services, 188deny access to this computer
from the network, 188deny log on through Remote
Desktop Services, 188force shutdown from a remote
system, 189generate security audit, 189
Use smartscreen filter, 145
VVHD. See virtual hard diskVirtual hard disk, 4View objects button, 134
WWebpage privacy policy, 128WEP. See wired equivalent privacyWiFi Protected Access (WPA), 48Windows, 185Windows 1, 8, 167, 189, 220, 228Windows Firewall
Protects network connections, 49Protects systems Internet
connections, 49Windows Firewall configuration
advanced settings, 53–64change notification settings, 52restore defaults
restore defaults button, 53–54trouble shooting my network, 51turn Windows Firewall
on-off, 53Windows Firewall rule properties
advancedadvanced tab, 61, 64allow the connection, 55–56allow the connection if it is
secure, 55–56edge travesal, 61interface type, 61profile, 61
general tab, 55–56local principles
local user, 61–62tab, 61–62
programs and servicescustom application package
settings, 58–59
custom service setting, 58–59tab, 57–58
protocol and portsICMP protocol, 60, 62local port, 60remote port, 60tab, 60–61
remote computer tab, 58–60computer specific
condition, 58remote users
tab, 58, 66scope
IP address, 60subnet address, 60tab, 60, 63
Windows Internet Name Service (WINS), 37–44
Windows Logsdate and time, 183event ID, 183five logs
application, 183forwarded events, 184security, 183–184setup, 184system, 184
levellogging level of event, 182
keywordsaudit failure, 183audit success, 183security log, 183
sourcetask category, 183
Windows 8 resource sharinghomegroup
homegroup screen, 74–75home network, 74PC settings, 74secure password, 74
libraries and devicesdocuments, 74music, 74pictures, 74printers and devices, 74read only acess, 74videos, 74
Windows Server 2012anycast.addresses, 8DHCP name protection
non-windows systems, 25multicast addresses
Oriyano
239Index
broadcast addresses, 8FF0, 8FF1, 8one-to-many connection, 8routers, 8
operating system, 1Powershell, 1resource sharing
confirmation screen, 82, 86file and storage service, 80–81management properties screen,
82, 85new share wizard, 80, 82–86other setting screen, 82, 84permission screen, 82, 84profile screen, 80result screen, 82, 86server manager, 1, 80share location screen, 82–83share name screen, 82–83quota screen, 82, 85
WINS. See Windows Internet Name Service
WINSadditional feature installation
add feature, 39
confirmation screen, 39feature screen, 40result screen, 35
burst handlingDOS attack, 42registration requests, 42
database verification, 42initial configuration, 38–39malicious hosts, 38mapping Windows NetBIOS
names, 38NetBIOS, 39protection, 39server database verification, 40server logging
Windows event logging, 42WINS replication
consistency, 44fault tolerance, 44integrity, 44replication partner node, 44replication types
pull replication, 44push replication, 44
Wired Equivalent Privacy (WEP), 48Wireless encryption
AES256-bit keys, 48fedral government, 48FIPS complaint
environment, 48data transmission, 48TKIP, 48WEP
encrption method, 48Wireless properties
active inbound firewall rule, 64wireless connection, 47
Wireless securityconfiguring wireless
network, 47secure wireless network, 47
WPA. See WiFi Protected Access
XXAML browser applications, 138
ZZone transfer, 36
This page is intentionally left blank