JSI Tip 6859. Threats and Countermeasures Guide.

Threats and Countermeasures Guide Overview

Downloads

Feedback for this Guide

Updated April 23^rd, 2003

The purpose of this guide is to provide a reference to many of the security settings available in the current versions of the Microsoft® Windows® operating systems. This is a companion guide for The Windows Server 2003 Security Guide, available at http://go.microsoft.com/fwlink/?LinkId=14845 and the Windows XP Security Guide available at http://go.microsoft.com/fwlink/?LinkId=14839.

The chapters of this guide are split up to reflect the major sections that appear in the group policy editing user interface. Each chapter begins with a brief explanation of what will be covered, followed by a list of subsection headers, each one of these corresponds to a setting or group of settings. Each of these, in turn, has a brief explanation of what the countermeasure does.

Within the subsection for each setting there are three additional subsections: Vulnerability, Countermeasure, and Potential Impact. The Vulnerability subsection explains how the countermeasure could be exploited by an attacker if it is configured in a less secure manner. The Countermeasure subsection explains how to implement the countermeasure. The Potential Impact subsection explains the possible negative consequences of putting the countermeasure in place.

While many of the settings available in group policy are documented in this guide, not all of them are. That is because many of the group policy settings are intended to help organizations manage their environments but they aren't necessary directly related to security. This guide only examines the settings and features available in Microsoft® Windows Server 2003™ and Windows XP® that can help an organization secure their enterprises.

The information provided within this guide should help you and your organization decide which specific countermeasures need to be put in place and how to prioritize that list.

This chapter introduces the Threats and Countermeasures Guide, and includes a brief overview of the contents.

This chapter discusses the domain level policies, including Account Policies, Account Lockout Policies, and Kerberos Policies.

This chapter covers the different settings that apply to auditing and provides an example of audit events created by several common tasks.

This chapter details the logon rights and privileges that make up the User Rights Assignment section of the Group Policy editor.

This chapter discusses computer security settings such as digital data signing, renaming Administrator and Guest accounts, , driver installation behavior, and logon prompts.

This chapter discusses the settings in Group Policy that can be used to define attributes related to the application, security, and system event logs.

This chapter provides an overview of the system services included with Windows Server 2003 and Windows XP.

This chapter is dedicated to software restriction policies, which are a new feature in Windows® XP and Windows Server 2003. Software Restriction Policies provide a system for specifying which programs are allowed to execute and which are not.

This chapter discusses the administrative template sections of group policy which include registry – based settings that govern the behavior and appearance of the computers in an environment.

This chapter provides additional registry keys and registry value entries for the baseline security template file that are not defined within the Administrative Template (.adm) file.

This chapter describes how to implement additional countermeasures, such as securing accounts and implementing IPSec filters.

This chapter of the guide recaps the important points of the material in a brief overview of everything discussed in the previous chapters.