Ramdan Hours:
Sun - Thu
9.30 AM - 2.30 PM
Iftar in --:--:--
🌙 Maghrib: --:--
Image from Google Jackets

Seven deadliest Microsoft attacks / Rob Kraus ... [et al.] ; technical editor, Chris Griffin.

Contributor(s): Material type: TextTextSeries: Syngress seven deadliest attacks seriesPublisher: Amsterdam ; Boston : Syngress/Elsevier, c2010Description: xvi, 149 pages. : illustrations ; 24 cmContent type:
  • text
Media type:
  • unmediated
Carrier type:
  • volume
ISBN:
  • 9781597495516 (pbk.)
  • 1597495514 (pbk.)
Subject(s): DDC classification:
  • 005.8 S 22
LOC classification:
  • QA76.76.C68 S48 2010
Contents:
Acknowledgments About the Authors Introduction Chapter 1 Windows Operating System – Password Attacks Windows Passwords Overview Security Accounts Manager System Key (SYSKEY) LAN Manager Hash NT Hash LSA Secrets Password and Lockout Policies How Windows Password Attacks Work Dangers with Windows Password Attacks Scenario 1: Obtaining Password Hashes Scenario 2: Pass the Hash Scenario 3: Timed Attacks to Circumvent Lockouts Scenario 4: LSA Secrets
Acknowledgments About the Authors Introduction Chapter 1 Windows Operating System – Password Attacks Windows Passwords Overview Security Accounts Manager System Key (SYSKEY) LAN Manager Hash NT Hash LSA Secrets Password and Lockout Policies How Windows Password Attacks Work Dangers with Windows Password Attacks Scenario 1: Obtaining Password Hashes Scenario 2: Pass the Hash Scenario 3: Timed Attacks to Circumvent Lockouts Scenario 4: LSA Secrets
Defenses against Stored Procedure Attacks First Defensive Layer: Eliminating First-Layer Attacks Second Defensive Layer: Reduce the First-Layer Attack Surface Third Defensive Layer: Reducing Second-Layer Attacks Fourth Defensive Layer: Logging, Monitoring, and Alerting Identifying Vital Attack Events Fifth Defensive Layer: Limiting the Impacts of Attacks Summary Endnotes Chapter 4 Exchange Server – Mail Service Attacks How Mail Service Attacks Work Mail Flow Architecture Attack Points Dangers Associated with Mail Service Attacks Scenario 1: Directory Harvest Attacks Scenario 2: SMTP Auth Attacks Scenario 3: Mail Relay Attacks The Future of Mail Service Attacks Defenses against Mail Service Attacks Defense in the Perimeter Network Defense on the Internal Network Supporting Services Summary Chapter 5 Office – Macros and ActiveX Macro and Client-Side Attack Anatomy Macro Attacks ActiveX Attacks Dangers Associated with Macros and ActiveX Scenario 1: Metasploit Reverse TCP Connection Scenario 2: ActiveX Attack via Malicious Website Future of Macro and ActiveX Attacks Macro and ActiveX Defenses Deploy Network Edge Strategies Using Antivirus and Antimalware
Update Frequently Using Office Security Settings Working Smart Summary Endnote Chapter 6 Internet Information Services – Web Service Attacks Microsoft IIS Overview File Transfer Protocol Publishing Service WebDAV Extension ISAPI How IIS Attacks Work Dangers with IIS Attacks Scenario 1: Dangerous HTTP Methods Scenario 2: FTP Anonymous Access Scenario 3: Directory Browsing Future of IIS Attacks Defenses Against IIS Attacks Disable Unused Services Default Configurations Account Security Patch Management Logging Segregate IIS Penetration Testing URLScan IIS Lockdown Summary Chapter 7 SharePoint – Multi-tier Attacks How Multi-tier Attacks Work Multi-tier Attack Anatomy Dangers with Multi-tier Attacks Scenario 1: Leveraging Operating System Vulnerabilities Scenario 2: Indirect Attacks How Multi-tier Attacks Will Be Used in the Future Defenses against Multi-tier Attacks First Defensive Layer: Failure to Plan = Plan to Fail Second Defensive Layer: Leave No Hole Unpatched Third Defensive Layer: Form the Protective Circle Summary Endnotes Index
Star ratings
    Average rating: 0.0 (0 votes)
Holdings
Item type Current library Collection Call number Status Date due Barcode
Books Books Main library A2 Computers & Information Technology ( General ) 005.8 S (Browse shelf(Opens below)) Available 00013054

Includes bibliographical references and index.

Acknowledgments

About the Authors

Introduction

Chapter 1 Windows Operating System – Password Attacks

Windows Passwords Overview

Security Accounts Manager

System Key (SYSKEY)

LAN Manager Hash

NT Hash

LSA Secrets

Password and Lockout Policies

How Windows Password Attacks Work

Dangers with Windows Password Attacks

Scenario 1: Obtaining Password Hashes

Scenario 2: Pass the Hash

Scenario 3: Timed Attacks to Circumvent Lockouts

Scenario 4: LSA Secrets

Acknowledgments

About the Authors

Introduction

Chapter 1 Windows Operating System – Password Attacks

Windows Passwords Overview

Security Accounts Manager

System Key (SYSKEY)

LAN Manager Hash

NT Hash

LSA Secrets

Password and Lockout Policies

How Windows Password Attacks Work

Dangers with Windows Password Attacks

Scenario 1: Obtaining Password Hashes

Scenario 2: Pass the Hash

Scenario 3: Timed Attacks to Circumvent Lockouts

Scenario 4: LSA Secrets

Defenses against Stored Procedure Attacks

First Defensive Layer: Eliminating First-Layer Attacks

Second Defensive Layer: Reduce the First-Layer Attack Surface

Third Defensive Layer: Reducing Second-Layer Attacks

Fourth Defensive Layer: Logging, Monitoring, and Alerting

Identifying Vital Attack Events

Fifth Defensive Layer: Limiting the Impacts of Attacks

Summary

Endnotes

Chapter 4 Exchange Server – Mail Service Attacks

How Mail Service Attacks Work

Mail Flow Architecture

Attack Points

Dangers Associated with Mail Service Attacks

Scenario 1: Directory Harvest Attacks

Scenario 2: SMTP Auth Attacks

Scenario 3: Mail Relay Attacks

The Future of Mail Service Attacks

Defenses against Mail Service Attacks

Defense in the Perimeter Network

Defense on the Internal Network

Supporting Services

Summary

Chapter 5 Office – Macros and ActiveX

Macro and Client-Side Attack Anatomy

Macro Attacks

ActiveX Attacks

Dangers Associated with Macros and ActiveX

Scenario 1: Metasploit Reverse TCP Connection

Scenario 2: ActiveX Attack via Malicious Website

Future of Macro and ActiveX Attacks

Macro and ActiveX Defenses

Deploy Network Edge Strategies

Using Antivirus and Antimalware

Update Frequently

Using Office Security Settings

Working Smart

Summary

Endnote

Chapter 6 Internet Information Services – Web Service Attacks

Microsoft IIS Overview

File Transfer Protocol Publishing Service

WebDAV Extension

ISAPI

How IIS Attacks Work

Dangers with IIS Attacks

Scenario 1: Dangerous HTTP Methods

Scenario 2: FTP Anonymous Access

Scenario 3: Directory Browsing

Future of IIS Attacks

Defenses Against IIS Attacks

Disable Unused Services

Default Configurations

Account Security

Patch Management

Logging

Segregate IIS

Penetration Testing

URLScan

IIS Lockdown

Summary

Chapter 7 SharePoint – Multi-tier Attacks

How Multi-tier Attacks Work

Multi-tier Attack Anatomy

Dangers with Multi-tier Attacks

Scenario 1: Leveraging Operating System Vulnerabilities

Scenario 2: Indirect Attacks

How Multi-tier Attacks Will Be Used in the Future

Defenses against Multi-tier Attacks

First Defensive Layer: Failure to Plan = Plan to Fail

Second Defensive Layer: Leave No Hole Unpatched

Third Defensive Layer: Form the Protective Circle

Summary

Endnotes

Index

There are no comments on this title.

to post a comment.