SA customers. See Software Assurance customers
SACLs. See System ACLs
Safari, 246
vulnerabilities v. market share, 247
Safe Exception Handling switch (/SafeSEH), 5
safe mode
built-in Administratoraccount in, 146, 147
SAL. See Standard Annotation Language
SAM. See Security Accounts Manager
SAMjuicer, 112
SCM. See Service Control Manager
Script ActiveX controls marked safe for scripting (setting), 268, 279
Scripting (security zone setting), 275-277, 281
Active Scripting, 275, 281
Allow programmatic clipboard access, 275-276, 281
Allow status bar updates via script, 276, 281
Allow websites to prompt for information using scripted window, 276, 281
Scripting of Java applets, 277, 281
Scripting of Java applets (setting), 277, 281
scriptlets, 266, 278
scripts
elevating in, 166
Sdbot, 226
SDDL. See Security Descriptor Definition Language
SDI. See Server and Domain Isolation
SDL. See Security Development Lifecycle
SDs. See security descriptors
SeChangeNotifyPrivilege, 186
SeCreateSymbolicLink-Privilege, 143
securable objects, 172. See also objects
examples of, 172-173
SDs and, 173-174
secure desktop, 21, 132-133
switch to, 133, 134
disabling, 133, 152
UAC dialog boxes and, 21
Secure Windows Initiative Attack Team (SWIAT), 4
Security (IE advanced settings), 283-286, 287-288
Security Accounts Manager (SAM), 77
Active Directory v., 112
key, 102-103
security awareness programs, 546, 547. See also information security
Security Center, 230-231
features, 230
view/configure, 230-231
Windows Firewall and, 421
Security Descriptor Definition Language (SDDL), 174
discussion of, 174
learn, 201
security descriptors (SDs), 173-174
securable objects and, 173-174
Security Development Lifecycle (SDL), 3-4
security features, Vista
essential, 128
new, 3-42
future, 40
Group Policy settings, 38-39
host-based, 8-31
IE 7, 32-34, 248-260
IIS 7, 34
networking, 34-38
64-bit platform, 39-40
Windows Mail, 31
Security Guide, Vista, 510-513, 547. See also Group Policy
benefits of, 511
importance of, 513
limitations, 511-513
need for, 511
security identifiers (SIDs), 18, 124-125. See also specific security identifiers
ACEs and, 174
components of, 124-125
definition, 124
icacls and substitute, 193-194
integrity, 22-23
network location, 181-182
new, 181-182
NT ServiceTrusted Installer, 181
OWNER RIGHTS, 182-183
Security key, 103
security options, Vista, 498-504
with modified defaults, 498, 500-503
new, 499-500
removed, 504
security policies
application of, 88
security principals, 171
security settings, default, 12-13
security strategies. See information security
security tokens
changes to, 189-190
contents, 125-127
Whoami command and, 125
security tweaks, 532-538. See also information security
auditing, 533
bad, 536-538
ACL changes, 536-537
disabling MSV1_0, 537
disabling Process Tracking auditing, 538
too many user rights/privileges, 537
UAC disabling, 538
don't use public, shared computers, 536
e-mail conversion to plain text, 391-393, 535
hard disk encryption, 534-535
LMCompatibilityLevel setting, 534
password strength, 533, 535
remove logon privileges from service accounts, 534
run services on non-default ports, 535-536
SDI, 534
turn on DEP, 536
security zone settings, 264-281. See also specific settings
ActiveX controls and plug-ins, 265-268, 278-279
Downloads, 268-270, 279
Java VM-Java Permissions, 270, 279
Miscellaneous, 270-275, 279-281
.NET Framework, 264-265, 277-278
recommendations, 277-281
Scripting, 275-277, 281
summary of, 277-281
User Authentication, 277, 281
security zones, 260-264
Internet site, 261-262
Local Computer, 260-261
Local intranet, 262-263
Restricted sites, 263-264
Trusted Sites, 263
SeIncreaseWorkingSet-Privilege, 141
sender white/black lists, Windows Mail, 387
SeRelabelPrivilege, 141
Server and Domain Isolation (SDI), 445-459, 530, 531, 534, 536. See also information security
AuthIP and, 451-452
best practices, 459
configuration user interface, 453-458
documentation, 446
Domain Isolation and, 36-37, 446-447
negotiation flow and, 452-453
network threat modeling and, 450, 451
overview, 445-448
perimeters and, 448-449
rules, 454-458
domain, 454-457
server, 457-458
security tweak, 534
Server Isolation and, 447-448
value of, 458-459
Server Core, 40
Server Message Block (SMB) 2.0, 38, 97-98
access, 148
UAC and, 148
CIFs and, 97-98
disabling, 98
Server service, 98, 99
disabling, 99
server to server rules, 428
service(s), 92-94. See also specific services
accounts, 92, 93
complete list, 17
delayed start, 18
desktop interaction with, 93, 94
essential, 94-100
failure, 94
hardening, 17-18, 92, 181, 204, 222
features, 204-207
Windows Firewall and, 411, 525
less privileged, 205
number of, 92
privilege reduction in, 205-207
restriction, 93
firewall policies and, 207
security, 17-18
SIDs, 204-205
write-restricted tokens and, 207
Service Control Manager (SCM), 18, 92
Service Host Process. See Svchost
Service Set Identifier (SSID), 462
broadcasting, 479-480
disabling, 479-480
Session 0 isolation, 210-213, 222
mechanics of, 212-213
sessions, 210-211
isolation, 16-17
need for, 211-212
security, 16-17
SeTimeZonePrivilege, 141-142
SeTrustedCredManAcces-Privilege, 141
share permissions, 115
default, 189
NTFS permissions v., 115
Sharing tab, 190
shatter attacks, 212. See also Session 0 isolation
ShellOpenCommand subkey, 106
shoulder-surfing, 50
SIDs. See security identifiers
Silentrunner.vbs script, 70
http://www.simplicita.com, 63
64-bit platform
EFI on, 74
improvements to, 39-40
smart cards
support, 15, 16
SMB. See Server Message Block
sniffing attacks, web servers and, 297-298
sniffing, network, 48, 50, 111
Cain & Abel and, 50, 51
Kismet and, 57
social engineering, 50, 59-60, 546. See also information security
examples, 59
sockets, permissions, 24
SoftGrid, Microsoft, 221
Software Assurance (SA) customers, 221, 223
Software channel permissions (setting), 274, 281
Software Explorer, 235
Windows Defender and, 235, 236
Software Restriction Policies (SRP), 524-525, 529. See also information security
software, unintended consequences of, 56
Solomon, David, 73
spam, 226
Spectorsoft, 64
SpyNet, 12, 231, 233. See also Windows Defender
online community, 13
spyware, 64
browser cookies, 237
HKCU and, 107
SQL Slammer, 62, 448
SRP. See Software Restriction Policies
SRT. See Startup Recovery Tool
SSID. See Service Set Identifier
SSL VPNs, 448
SSL/TSL Client Side Mapping, 323
Standard Annotation Language (SAL), 4
coding and, 4
website information, 4
standard users
elevation of, 150-151, 168
Startup Recovery Tool (SRT), 10, 11
stealth feature, Windows Firewall, 408
Storage Root Key, 78
strict source mapping, Windows Firewall and, 410-411
SUA. See Subsystem for Unix-Based Applications
subinacl tool, 199, 201. See also icacls.exe command-line tool
ACLs management and, 199, 201
subjects, 171. See also security principals
subkeys, 101. See also specific subkeys
Submit non-encrypted form data (setting), 274, 281
Subsystem for Unix-Based Applications (SUA), 28
subtrees, 101. See also hives
sudo, 160-162
UAC v., 160-162
Sullivan, Kevin, 221
Support account, 181
removal of HelpAssistant and, 181
Svchost (Service Host Process), 94-95. See also RPC
processes, 95
SWIAT. See Secure Windows Initiative Attack Team
symbolic links, 23, 143
creation, 143
privilege for, 143
user profile, 91
SYN-ACK packet, 404
Sysinternals, 70, 235
system access control lists (SACLs), 173. See also access control lists
definition, 173
modification of, 199
System ACLs (SACLs), 24
system recovery tools, improvements on, 10-11
System Restore Points, 24