Microsoft Windows NT 4.0 Security, Audit, and Control

Your guide to enterprise-level security on Windows NT Server 4.0 networks.

Microsoft Windows NT 4.0 Security, Audit, and Control provides guidelines for monitoring and controlling Windows NT Server 4.0 network security. Developed in cooperation with Microsoft and members of the PricewaterhouseCoopers IT Security Services teram, this handbook presents an integrated network security plan. Proven techniques facilitate authorized usage while thwarting unauthorized use, hacking, and other virulent threats to system integrity. Network architects, administrators, Webḿasters, and other enterprise information gatekeepers will learn how to audit and help safeguard their networked assets by reviewing and implementing each facet of these proven techniques.

Raise enterprise network security to the Nth degree with Microsoft Windows NT 4.0 Security, Audit, and Control:

• Discover the relative security of your system
• Gain a conceptual understanding of security issues and philosophy
• Understand the issues behind network-access security with proven audit and control techniques
• Exploit the built-in security and audit references of Windows NT — components that control who can log on, what they can use, and where they can go on the network
• Learn how to roll out a Windows NT security audit review program for proactive results
• Use field-tested procedures for establishing a secure installation and maintaining its integrity

1. The IT Security Control Model
• Objectives
• Corporate Business Objectives
• Corporate IT Objectives
• IT Security Objectives
• Controls
• IT Security Controls
• IT Security Controls and Windows NT Security Features
2. A Typical Environment of Windows NT Implementations
• Domain Controller
• File and Print Member Server
• Application Server: Web Server
• Application Server: Database Server
• Application Server: Remote Access Server
• Workstation
3. Effective Security Management
• Approach to Developing Corporate Security Culture
• Corporate Security Policy
• Legal Notice
• Understanding C2
• Is Windows NT C2 Compliant?
• Making Windows NT C2 Certified
4. Effective Security Monitoring
• Performance Monitor
• Chart View
• Alert View
• Log View
• Report View
• Recommended Settings
• Windows NT Diagnostics
• Windows NT Diagnostics Information
• Recommended Settings
• Network Monitor
• Capturing Data
• Recommendations
• Auditing
• System Auditing
• Recommended System Auditing Settings
• File and Directory Auditing
• Recommended File and Directory Auditing Settings
• Registry Auditing
• Recommended Registry Auditing Settings
• Printer Auditing
• Recommended Printer Auditing Settings
• Remote Access Server (RAS) Auditing
• Event Viewer
• Recommended Event Viewer Settings
• Securing the Audit Logs
5. Securing Physical Access to All Critical Systems
• Physical Security
• Physical Security in the Computer Room
• Physical Security in the Communications Room
• Physical Security on the Workstation
• Physical Security on the Network Access Points
6. Securing All External and Internal Network Connections
• Network Security Management
• Domain Administration
• Trust Relationships
• Protocols
• External Networking
• RAS Authentication
• Secure Remote Access Services
• Administering Users
• Recommendations Considerations and for Securing External Networking
7. Implementing Security through User Management
• Group and User Accounts
• Groups
• Users
• Creating and Modifying Accounts
• Group Accounts
• User Accounts
8. Securing Accounts with Account Policies
• Account Policy
• Password Restrictions
• Account Lockout
• Recommendations for Account Policy
• User Rights
• Standard Rights
• Recommendations for Securing Standard User Rights
• Advanced User Rights
• Recommendations For Securing Advanced User Rights
9. Managing Resource Security
• File Systems
• NTFS
• FAT
• Converting between File Systems
• Recommendations for Choosing a File Systems
• File and Directory Permissions
• Implementing Permissions
• Ownership
• Recommendations
• Shared File and Directory Permissions
• Managing Printers
• Permissions
• Ownership
10. Managing Server Security
• Computer Properties
• Users
• Shares
• In Use
• Replication
• Alerts
• Services
• Changing Startup Accounts for Services
• Recommendations
• Promote to Primary Domain Controller (PDC)
• Considerations and Recommendations for Using Server Manager
11. System Security Management
• The Registry
• HKEY_LOCAL_MACHINE
• HKEY_CURRENT_CONFIG
• HKEY_CLASSES_ROOT
• HKEY_USERS
• HKEY_CURRENT_USER
• HKEY_DYN_DATA
• Registry and Security
• Securing the Registry Files and Directories
• Securing the Registry Keys
• Registry Key Values
• Workstation Lockout
12. Ability to Recover from Operational Failure
• Environmental Protection
• Backing Up the Registry
• Viruses
• Fault Tolerance
• Disk Mirroring
• Data Striping
• Uninterruptable Power Supply (UPS)
• Data Backup and Recovery
• Backups
• Backup Media
• Backup Types
• Recovery
• Recovery Recommendations
• Last Known Good Configuration
• Emergency Repair Disk (ERD)
• ERD Recommendations
• Disaster Recovery and Business
• Continuity Planning
13. Auditing Windows NT Security Features and Controls
• The Systems Security Audit Process
• PricewaterhouseCoopers' Windows NT Security Audit Program (PwC-NTSAP)
• Background of the NT Environment
• Effective Security Management
• Effective Security Monitoring
• Securing Physical Access to All Critical Systems
• Securing All External and Internal Network Connections
• Securing the System
• Auditing User Rights
• Server Security Management
• Ability to Recover from Operational Failure

• Appendixes
1. Baseline Security Configurations
2. Service Pack 3 Features and Enhancements
3. Option Pack
4. Windows NT Commands
5. Resource Kit Security Programs

Puke, I was in the end forced to buy a book about NT. Written by auditors at PriceWaterhouseCoopers. Could have been worse.