Windows Security Monitoring: Scenarios and Patterns
- Length: 648 pages
- Edition: 1
- Language: English
- Publisher: Wiley
- Publication Date: 2018-04-17
- ISBN-10: 1119390648
- ISBN-13: 9781119390640
- Sales Rank: #521773 (See Top 100 Books)
Go deep into Windows security tools to implement more robust protocols and processes
Windows Security Monitoring goes beyond Windows admin and security certification guides to provide in-depth information for security professionals. Written by a Microsoft security program manager, DEFCON organizer and CISSP, this book digs deep into the underused tools that help you keep Windows systems secure. Expert guidance brings you up to speed on Windows auditing, logging, and event systems to help you exploit the full capabilities of these powerful native tools, while scenario-based instruction provides clear illustration of how these events unfold in the real world. From security monitoring and event detection to incident response procedures and best practices, this book provides detailed information on all of the security tools your Windows system has to offer.
Windows includes many native tools that can help IT professionals and security experts spot and remedy suspicious activities on servers, networks, and end-user computers. If you’re like many Windows pros, you’re probably not taking full advantage of these features. This book takes you deep into Windows’ underutilized built-in security tools to help you beef up your monitoring, detection, and response processes.
- Detect anomalous events and implement centralized alerting infrastructure
- Dig into the native Windows tools that enable robust security measures
- Understand the details of Powershell, Applocker, LogParser, and other tools
- Adopt effective incident response processes for various common scenarios
Fully applicable to a range of Windows versions—back to Windows Vista and Windows Server 2008—this book is designed for real-world implementation. As the threats to your data grow more numerous by the day, it becomes ever more critical to use every security tool at your disposal. Windows Security Monitoring offers complete, expert guidance toward robust security with specialist-level use of powerful Windows tools.
Table of Contents
Part I: Introduction to Windows Security Monitoring
CHAPTER 1: Windows Security Logging and Monitoring Policy
Part II: Windows Auditing Subsystem
CHAPTER 2: Auditing Subsystem Architecture
CHAPTER 3: Auditing Subcategories and Recommendations
Part III: Security Monitoring Scenarios
CHAPTER 4: Account Logon
CHAPTER 5: Local User Accounts
CHAPTER 6: Local Security Groups
CHAPTER 7: Microsoft Active Directory
CHAPTER 8: Active Directory Objects
CHAPTER 9: Authentication Protocols
CHAPTER 10: Operating System Events
CHAPTER 11: Logon Rights and User Privileges
CHAPTER 12: Windows Applications
CHAPTER 13: Filesystem and Removable Storage
CHAPTER 14: Windows Registry
CHAPTER 15: Network File Shares and Named Pipes
APPENDIX A: Kerberos AS_REQ, TGS_REQ, and AP_REQ Messages Ticket Options
APPENDIX B: Kerberos AS_REQ, TGS_REQ, and AP_REQ Messages Result Codes
APPENDIX C: SDDL Access Rights