Wallz worm, 45
war dialing, 8–9
War Games movie, 8–9
.wbk files, 202
Web Element Manager service, 287
Web Manager tool, IIS, 428
Web Server Edition, IIS, 420
web service extensions, IIS, 436, 448–449
web site resources
Ad-Aware (Lavasoft), 70
about Administrative template creation, 517
Advanced Windows Password Recovery program, 181
about anti-phishing and anti-spoofing, 357
Anti-Phishing Workgroup, 5
Austrumi, 163
Automatic Updates, 65
Autoruns program (Sysinternals), 256
Barracuda Spam Firewall, 69
Beagle.AV worm, 195, 200, 391
BeatLM program, 168
Bookmarker trojan, 41
Bropia trojan, 34
browser security statistics, 351
browser test sites, 365
Brutus program, 164
Cachedump utility, 176
Cain & Able program, 16, 166
Carnegie Mellon University CERT Coordination Center, 51
CastleCop's listing of ActiveX controls, 335
CipherTrust, zombie nets tracked by, 13–14
ClearCredCache program, 179
The Complete Patch Management Book (Bradley, Susan and Anne Stanton), 64
CoolWeb Search Adware, 40
CredDump program, 180
about cross-site scripting, 357
Daqa trojan, 73
Define virus, 12
Dell Computers, survey by, 6
denial-of-service attack, account of (Gibson), 15
DES and DESX comparison, 464
EBCD-Emergency Boot CD, 163
about EFS, 478
Elk Cloner virus, 12
exploit research, 9
FakeGina trojan, 165
The File Extension Source, 203
FileMon utility (Sysinternals), 240
fingerprinting tools, 9
Firefox browser, 350
firewalls, 68
ForceSQL program, 165
Gartner Research report, November 2004, 9
"The Great Password Debates: Pass Phrases vs.Passwords" (Microsoft), 145
Group Policy Administrator (NetIQ), 224
guide to hacker personas (Hensing), 11
hacking contest, May 2005, 10–11
Haxor backdoor trojan rootkit, 41
Honeynet Project, botnets tracked by, 13
IE security, third-party tools for, 387
for IIS, 456
Information Technology-Information Sharing and Analysis Center, 51
Internet Security Threat Report (Symantec), 394
Internet Security Threat Report VIII (Symantec), 19
IPSec (IP Security) protocol, 322
John the Ripper program, 166
Kerbcrack program, 170
Kerberos authentication protocol, 156
Konqueror browser, 350
LAND attack, 15
Lsadump2 program, 178
LSPfix program, 73
Lynx browser, 350
MakeMeAdmin application, 62
McAfee Personal firewall, 68
MessageLabs security service provider, 5, 57
Microsoft Baseline Security Analyzer, 65
Microsoft Update, 65
Microsoft's anti-spyware software, 70
Microsoft's patch management document, 64
Microsoft's Ten Immutable Laws of Security, 7
Mozilla browser, 350
MS-Blaster worm, 56
Netscape browser, 350
NewDotNet adware program, 73
Nmap fingerprinting tool, 9
Nordahl boot disk, 161
Norton Personal firewall, 68
NT Resetter, 163
NTLMv2 authentication protocol, 154
Offline EFS, 468
Oleview utility, 335
O&O BlueCon XXL, 163
Opera browser, 350
password complexity, enabling in Windows NT, 144
password guessing programs, 164–165
Password List reader, 181
password resetting programs, 162–163
patch management tools, 64–65
Petch trojan, 33, 41
PolicyMaker (Desktop Standard), 224
Postini security service provider, 57
Psgetsid utility (Sysinternals), 89
Pwdump program, 167
Pwl Tools, 181
Qaz trojan/worm, 190
RBLs (real-time blacklists), 410
Regmon tool (Sysinternals), 239
Riler trojan, 73
RootKitRevealer (Sysinternals), 14
rootkits, Windows, 14
RunAsAdmin application, 63
Safari browser, 350
SANS Handler's Diary article about malware, 19
ScoopLM program, 168
Secret Service report on insider attacks, 17
Secunia web site, 9
security guides, 289
security surveys, 5–6
Share Password Checker, 169
SIDs, list of, 86
Sid2user.exe program, 89
SMB Auditing Tool, 169
SMB Downgrade Attacker, 169
SMBGrind program, 168
SMBRelay program, 168
SQL Auditing Tool, 165
Sqlbf-all program, 165
SRP-like applications, 224, 346
Streams (Sysinternals), 216
Symantec, botnets tracked by, 13
System Management Server, 64
Tiny Firewall, 68
TokenMon utility (Sysinternals), 91
trusts, 523
TSGrinder program, 164
2004 Computer Crime and Security Survey (FBI), 5
2004 ICSA Labs Tenth Annual Computer Virus Prevalence Survey, 5, 391
Unicode characters to avoid in passwords, 143
URLScan tool, 450–451
User2sid.exe program, 89
Wallz worsm, 45
The Wild List, 5
Windows Firewall, 68
Windows Firewall group policy settings, 66
Windows Server Update Service (WSUS), 64–65
Windows Vista, blog regarding, 76
Windows XP/2000/NT Key, 163
Winternals Administrator's Pak, 163
WMF exploit, 393
W2K Server Resource Kit utilities, 156
Xprobe2 fingerprinting tool, 9
ZoneAlarm firewall, 68
web sites. See also browsers; URL (Universal Resource Locator)
EFS (Encrypting File System) and, 469
securing, 452–455
Webber trojan, 38
WebClient service, 281
WebDAV (Web-based Distributed Authoring and Versioning)
definition of, 448
EFS (Encrypting File System) and, 469
enabling, 449
WFP (Windows File Protection), 12
white-listing. See software restriction policies
whitelists, anti-spam software using, 410
Whoami.exe program, 87–88
WIA (Windows Image Acquisition) service, 287
The Wild List web site, 5
WinAmp media files, 196, 248
%Windir% folders, 28
Windows
authentication protocols supported by, 156–157
hardening, for IIS, 441–443
installation of, for IIS, 438–439
patches for, keeping up-to-date, 63–65
services installed by default on, 255
version of, hackers identifying, 9
Windows NT
authentication protocols supported by, 156–157
NT (NTLAN Man) hash algorithm introduced by, 147–148, 149
password complexity, enabling, 144
Windows 2000
Kerberos authentication protocol introduced by, 154
password complexity, enabling, 144
SRP-like features for, 224, 344
Windows Vista
features of, 76
Power Users group removed in, 87
Windows XP
LAND attack on, 15
password complexity enabled in, 144
Windows Animated Cursor files, 193, 247
Windows Audio service, 281
Windows Authorization Access group, 86, 112–113, 116
Windows Compiled Help Files, 195, 247
Windows cursor graphic files, 196, 248
Windows Data Protection, 478
Windows Explorer command files, 201, 248
Windows File Protection (WFP), 12
Windows File System (WinFS), 228
Windows Firewall, 65–68, 318–319
Windows Firewall/Internet Connection Sharing (ICS) service, 272, 281
Windows folder, permissions for, 132–134, 135
Windows Icon graphic files, 198
Windows Image Acquisition (WIA) service, 287
Windows Installer service, 281
Windows Internet Naming Service (WINS), 287
Windows Management Instrumentation Driver Extensions service, 282
Windows Management Instrumentation service, 281
Windows Media Services, 287
Windows Policy file, 200, 248
Windows Scripting Host, attacks using, 191
Windows Server 2003 Security Infrastructures (De Clercq), 86
Windows Server Update Service (WSUS), 64–65
Windows settings, group policy, 490–514
Windows Time service, 282
Windows trusts, permissions and, 116–117
Windows User Mode Driver Framework service, 287
Windows XP/2000/NT Key, 163
Windows.adm template, 515
WinFS (Windows File System), 228
WinHTTP Web Proxy Auto-Discovery Service, 282
WIN.INI file, 27
Wininit.int file, 27
Winlogon.exe process, 159
WinRAR archived files, 200
WINS Users group, 113
WINS (Windows Internet Naming Service), 287
Winsock.dll file, 27
WINSTART.BAT file, 27
Winternals Administrator's Pak, 163
Wired Equivalent Privacy, 16
Wireless (Zero) Configuration service, 282
.wiz files, 202
Wizard files, 202
WLANs (wireless local area networks), sniffing attacks on, 16
.wma files, 196, 248
WMF exploit, 393
WMI filtering, for GPOs, 532
WMI Performance Adapter service, 282
Wmplayer.adm template, 515
Word (Microsoft)
document vulnerabilities, 196, 202
malware in embedded scripts, 21
Word11.adm template, 516
worker processes, IIS, 422–425
Workstation service, 283
World Authority, 84
World Wide Publishing Service, 287
World Wide Web Service, for IIS, 446, 448
WorldSearch adware, 47
worms. See also malware
Beagle.AV worm, 195, 200, 391
Blaster worm, 8
Code Red worm, 419
definition of, 14
e-worms, 391
Internet worms, 391
MS-Blaster worm, 14
password-guessing routines in, 146
prevalence of, 7
SQL.Slammer worm, 5, 14
Write Attributes permission, 125, 126
Write DACL permission, registry keys, 242
Write Data permission, 124, 126
Write Extended Attributes permission, 125, 126
Write Owner permission, registry keys, 242
Write permission
definition of, 123, 126, 127
for GPOs (group policy objects), 534
.ws files, 191, 202, 249
.wsc files, 202, 249
Wscript.exe program, 191
.wsf files, 202, 249
WSH files, 202, 249
WSUS Administrators group, 113
WSUS (Windows Server Update Service), 64–65
W3wp.exe process, 422–423
W2K Server Resource Kit utilities, 156
Wuau.adm template, 515
WuKill worm, 24