Details

Windows Security Monitoring


Windows Security Monitoring

Scenarios and Patterns
1. Aufl.

von: Andrei Miroshnikov

32,99 €

Verlag: Wiley
Format: PDF
Veröffentl.: 13.03.2018
ISBN/EAN: 9781119390893
Sprache: englisch
Anzahl Seiten: 648

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p><b>Dig deep into the Windows auditing subsystem to monitor for malicious activities and enhance Windows system security</b></p> <p>Written by a former Microsoft security program manager, DEFCON "Forensics CTF" village author and organizer, and CISSP, this book digs deep into the Windows security auditing subsystem to help you understand the operating system′s event logging patterns for operations and changes performed within the system. Expert guidance brings you up to speed on Windows auditing, logging, and event systems to help you exploit the full capabilities of these powerful components. Scenario–based instruction provides clear illustration of how these events unfold in the real world. From security monitoring and event patterns to deep technical details about the Windows auditing subsystem and components, this book provides detailed information on security events generated by the operating system for many common operations such as user account authentication, Active Directory object modifications, local security policy changes, and other activities.</p> <p>This book is based on the author′s experience and the results of his research into Microsoft Windows security monitoring and anomaly detection. It presents the most common scenarios people should be aware of to check for any potentially suspicious activity.</p> <p><b>Learn to:</b></p> <ul> <li>Implement the Security Logging and Monitoring policy</li> <li>Dig into the Windows security auditing subsystem</li> <li>Understand the most common monitoring event patterns related to operations and changes in the Microsoft Windows operating system</li> </ul> <h3>About the Author</h3> <p><b>Andrei Miroshnikov</b> is a former security program manager with Microsoft. He is an organizer and author for the DEFCON security conference "Forensics CTF" village and has been a speaker at Microsoft′s Bluehat security conference. In addition, Andrei is an author of the "Windows 10 and Windows Server 2016 Security Auditing and Monitoring Reference" and multiple internal Microsoft security training documents. Among his many professional qualifications, he has earned the (ISC)<sup>2</sup> CISSP and Microsoft MCSE: Security certifications.</p>
<p>Introduction xxix</p> <p><b>Part I Introduction to Windows Security Monitoring 1</b></p> <p>Chapter 1 Windows Security Logging and Monitoring Policy 3</p> <p><b>Part II Windows Auditing Subsystem 11</b></p> <p>Chapter 2 Auditing Subsystem Architecture 13</p> <p>Chapter 3 Auditing Subcategories and Recommendations 47</p> <p><b>Part III Security Monitoring Scenarios 81</b></p> <p>Chapter 4 Account Logon 83</p> <p>Chapter 5 Local User Accounts 141</p> <p>Chapter 6 Local Security Groups 201</p> <p>Chapter 7 Microsoft Active Directory 237</p> <p>Chapter 8 Active Directory Objects 285</p> <p>Chapter 9 Authentication Protocols 323</p> <p>Chapter 10 Operating System Events 367</p> <p>Chapter 11 Logon Rights and User Privileges 419</p> <p>Chapter 12 Windows Applications 437</p> <p>Chapter 13 Filesystem and Removable Storage 485</p> <p>Chapter 14 Windows Registry 523</p> <p>Chapter 15 Network File Shares and Named Pipes 559</p> <p>Appendix A Kerberos AS_REQ, TGS_REQ, and AP_REQ Messages Ticket Options 585</p> <p>Appendix B Kerberos AS_REQ, TGS_REQ, and AP_REQ Messages Result Codes 589</p> <p>Appendix C SDDL Access Rights 597</p> <p>Object-Specific Access Rights 598</p> <p>Index 603</p>
<p><b>Andrei Miroshnikov</b> is a former security program manager with Microsoft. He is an organizer and author for the DEFCON security conference "Forensics CTF" village and has been a speaker at Microsoft's Bluehat security conference. In addition, Andrei is an author of the "Windows 10 and Windows Server 2016 Security Auditing and Monitoring Reference" and multiple internal Microsoft security training documents. Among his many professional qualifications, he has earned the (ISC)<sup>2</sup> CISSP and Microsoft MCSE: Security certifications.
<p><b>Dig deep into the Windows auditing subsystem to monitor for malicious activities and enhance Windows system security</b> <p>Written by a former Microsoft security program manager, DEFCON "Forensics CTF" village author and organizer, and CISSP, this book digs deep into the Windows security auditing subsystem to help you understand the operating system's event logging patterns for operations and changes performed within the system. Expert guidance brings you up to speed on Windows auditing, logging, and event systems to help you exploit the full capabilities of these powerful components. Scenario-based instruction provides clear illustration of how these events unfold in the real world. From security monitoring and event patterns to deep technical details about the Windows auditing subsystem and components, this book provides detailed information on security events generated by the operating system for many common operations such as user account authentication, Active Directory object modifications, local security policy changes, and other activities. <p>This book is based on the author's experience and the results of his research into Microsoft Windows security monitoring and anomaly detection. It presents the most common scenarios people should be aware of to check for any potentially suspicious activity. <p><b>Learn to:</b> <ul> <li>Implement the Security Logging and Monitoring policy</li> <li>Dig into the Windows security auditing subsystem</li> <li>Understand the most common monitoring event patterns related to operations and changes in the Microsoft Windows operating system</li> </ul>

Diese Produkte könnten Sie auch interessieren:

Symbian OS Explained
Symbian OS Explained
von: Jo Stichbury
PDF ebook
32,99 €
Symbian OS Internals
Symbian OS Internals
von: Jane Sales
PDF ebook
56,99 €
Parallel Combinatorial Optimization
Parallel Combinatorial Optimization
von: El-Ghazali Talbi
PDF ebook
120,99 €