Seven Deadliest Microsoft Attacks
Authors: Rob Kraus, Brian Barber, Mike Borkin and Naomi Alpern
Part of Syngress’ “The Seven Deadliest Attack Series”, this book introduces the reader to the anatomy of attacks aimed at Microsoft’s networks and software: Windows, SQL and Exchange Server, Microsoft Office, SharePoint and the Internet Information Services.
About the authors
Rob Kraus is a Senior Security Consultant for Solutionary. His areas of expertise include penetration testing, social engineering, wireless and VoIP penetration testing and vulnerability research.
Brian Barber works for the Canada Deposit Insurance Corporation. His primary areas of interest are operating systems, infrastructure design, multiplatform integration, directory services, and enterprise messaging.
Mike Borkin is an author and speaker in the area of IT security where he focuses on data protection strategies, Microsoft security, and security architecture/engineering best practices.
Naomi Alpern currently works for Microsoft as a consultant specializing in unified communications.
Inside the book
The book consists of an introduction and seven chapters. The chapters usually start with the introduction of the technologies under attack, continue with various possible attack scenarios and a nod to the likely future variations, and finish with a number of defense strategies and a short summary.
The text is peppered with warnings, notes, recommendations and so-called “Epic Fail” text boxes that illustrate some of the typical mistakes made when working with that particular software.
The first chapter gives an overview of the different methods of storing password information on the Windows OS, gives us a peek at password and lockout policies that should be enforced and explains how to defend our system and network against the most common password attacks. The anatomy of escalation of privileges attacks against the Active Directory is thoroughly explained via viable scenarios in the second chapter and the defensive strategy is delineated in four crucial steps.
The third chapter refers to the attacks against SQL databases, which means that these attacks are not strictly tied to Microsoft’s SQL server, but also to all databases that allow SQL queries. One of the analyzed scenarios is the ever-so-popular SQL injection attack.
Different parts of the mail flow architecture are vulnerable to different attacks, targeting the client, the e-mail server and the protocols. The fourth chapter delineates the attack points of Microsoft’s Exchange Server and offers the solution to the most often employed attacks: Directory Harvest, SMTP Auth and Mail Relay.
The next chapter is one that should interest office workers, since it deals with the ActiveX and macros attacks directed towards Office – the most popular and used suite of desktop applications in the world. Teaching office workers about these attacks could do a world of good.
Web service attacks are those that influence directly the way that organizations conduct business, because Web servers provide a medium for supporting a variety of business operations: selling their products, distributing information to employees, and more. They are explained in the sixth chapter, followed by a conclusive one on multi-tier attacks targeting SharePoint and the data stored inside it.
The book and the chapters are short, but long enough to give a good overview of today’s most common attacks targeting some of the most popular Microsoft products. A basic-to-advanced previous knowledge of the technologies described is desirable if you want to read this book.