D

DAC (discretionary access control), 81, 126

DACL (Discretionary Access Control List), 126

Daqa trojan, 73

Data Decryption Field (DDF), 465

data, defending against attacks of, 56

Data Encryption Standard (DES), 299

Data Encryption Standard XOR (DESX), 464

Data Protection API (DPAPI), 180

Data Recovery Agent (DRA) account, 74, 100

Data Recovery Field (DRF), 465

databases. See also Active Directory

Access database, 199

attacks on, 6

SAM password database, 150, 161

Security Association Database (SAD), 300

security policy database, IPSec, 299

.dbg files, 196, 248

DCOM applications, 105

DCOM Server Process Launcher service, 270

DCPromo, Administrator account and, 100

DDF (Data Decryption Field), 465

De Clercq, Jan (Windows Server 2003 Security Infrastructures), 86

debug files, 196, 248

Debug.exe program, 189, 190

debugger, allowing use of, 499

dedicated attackers

compared to automated malware, 4–7

defeating, inability to, 52

defending against, 6–7

forensic analysis of attacks by, 10

methodology used by, 8–10

types of, 10–11

Default Domain Controllers Policy, 528

Default Domain Policy, 528

Default hive, registry, 229

default passwords, 146

Default Recovery Agent (DRA), for EFS, 473–475

defense strategy

automation of, 58

conventional

anti-spam software, 69–70

anti-spyware software, 70

antivirus software, 68–69

host-based firewall, 65–68

patches, keeping up-to-date, 63–65

physical security, 70–71

TCP/IP stack, hardening, 71–73

users not having administrator privileges, 58–63

defense-in-depth principle, 55, 56–57

host-based defense, 55–56

principles of, 52–58

security-by-obscurity, 54

tradeoffs in, 53

unconventional

highly-privileged accounts, renaming, 73–75

services, running on non-default ports, 75–76

software, installing to non-default folders, 76

usability affected by, 53

defense-in-depth principle, 55, 56–57

Define virus, 12

delegation

constrained delegation, 92, 156, 471

definition of, 92–94

in IIS 7, 436

trusted for delegation, 470–471, 499–500

Delete Child Objects permission, for GPOs, 534

Delete permission, 125, 126

Delete permission, registry keys, 242

Delete Subfolders and Files permission, 125, 126, 128

Dell Computers, survey by, 6

denial-of-service (DoS) attacks

account of (Gibson), 15

in archive files, 20

definition of, 15

with IPSec, 322

LAND attack, 15

services increasing risk of, 254

Deny Delete permission, 128

Deny permissions

overriding Allow permissions, 128

setting, 122–123

deny-by-default file attachment blocking, 398

deny-by-default software execution policy, 325–326

DES (Data Encryption Standard), 299

.desklink files, 199

desktop, defense deployed on, 55–56

desktop icons, RunAs feature used with, 60

Desktop.ini file, 24

DESX (Data Encryption Standard XOR), 464

detection bypass, in archive files, 20

device drivers, allowing loading and unloading of, 500

devices, security options for, 504–506

DHCP Administrators group, 104

DHCP Client service, 270

DHCP Server service, 270

DHCP Users group, 105

.dhtml files, 197

Dialup group, 84, 105

Dial-up List (DUL), 410

dictionary-based attacks, 144, 145–146, 172–173

Diffie-Hellman protocol, 300

Digest authentication, IIS, 430, 431, 432, 450

Digest Authentication protocol, 85

directories. See folders

directory service, 519. See also Active Directory

directory service data, synchronizing, 502

Directory Services Restore Mode Administrator account, 100

directory transversal attacks, 18, 362

discretionary access control (DAC), 81, 126

Discretionary Access Control List (DACL), 126

Distributed COM Users group, 86, 105

Distributed File System service, 270

Distributed Link Tracking Client service, 270, 287

Distributed Link Tracking Server service, 270, 287

Distributed Transaction Coordinator service, 271

distribution analysis, anti-spam software using, 410

distribution groups, 96

Dllhost.exe process, 422

DLLs

DLL hell, 12

unregistering, 332–334

vulnerabilities of, 196

DNS Admins group, 105

DNS black lists, 410–411

DNS Client service, 271

DNS lookups, anti-spam software using, 408

DNS namespace, 519

DNS security, 418

DNS Server service, 271, 287

DnsUpdateProxy group, 105

.doc files, 196

docking station, security options for, 501, 503

Document Template files, 196

Document Template files, Microsoft, 196

Documents and Settings folder, 132

dollar sign ($)

indicating computer account, 115

indicating hidden shares, 121

Domain Administrator account, 85, 99–100

Domain Admins group

default GPO permissions for, 535

definition of, 105

protecting, 74

SID for, 85

domain computer accounts, password attacks on, 177–179

Domain Computers group

computer accounts in, 115

definition of, 106

SID for, 85

Domain Controllers group

computer accounts in, 116

definition of, 106

SID for, 85

Domain Controllers OU, 520

Domain Guest account, 85, 100

Domain Guests group, 85, 106

Domain Local groups, 96, 97

Domain Naming Master, FSMO role, 523

Domain Users group, 85, 106

domains

in Active Directory, 521–523

adding computers to, policy settings for, 497

password attacks on, 177–179

DoS attacks. See denial-of-service attacks

DOS batch files, 194, 247

DOSSTART.BAT file, 24

.dot files, 25, 196

Downlevel Client Support, for IIS, 446

downloading files, IE settings for, 370, 376, 380

Download.Ject trojan, 38

DPAPI (Data Protection API), 180

DRA (Data Recovery Agent) account, 74, 100

DRA (Default Recovery Agent), for EFS, 473–475

DRF (Data Recovery Field), 465

driver files, 201

driver installation, security options for, 504

.dsm files, 196, 248

DTC access, for IIS, 444

DUL (Dial-up List), 410

DUN export files, 197, 248

.dun files, 197, 248

DUN scripts, 201

Dynamic Linking Library files. See DLLs