DAC (discretionary access control), 81, 126
DACL (Discretionary Access Control List), 126
Daqa trojan, 73
Data Decryption Field (DDF), 465
data, defending against attacks of, 56
Data Encryption Standard (DES), 299
Data Encryption Standard XOR (DESX), 464
Data Protection API (DPAPI), 180
Data Recovery Agent (DRA) account, 74, 100
Data Recovery Field (DRF), 465
databases. See also Active Directory
Access database, 199
attacks on, 6
SAM password database, 150, 161
Security Association Database (SAD), 300
security policy database, IPSec, 299
.dbg files, 196, 248
DCOM applications, 105
DCOM Server Process Launcher service, 270
DCPromo, Administrator account and, 100
DDF (Data Decryption Field), 465
De Clercq, Jan (Windows Server 2003 Security Infrastructures), 86
debug files, 196, 248
Debug.exe program, 189, 190
debugger, allowing use of, 499
dedicated attackers
compared to automated malware, 4–7
defeating, inability to, 52
defending against, 6–7
forensic analysis of attacks by, 10
methodology used by, 8–10
types of, 10–11
Default Domain Controllers Policy, 528
Default Domain Policy, 528
Default hive, registry, 229
default passwords, 146
Default Recovery Agent (DRA), for EFS, 473–475
defense strategy
automation of, 58
conventional
anti-spam software, 69–70
anti-spyware software, 70
antivirus software, 68–69
host-based firewall, 65–68
patches, keeping up-to-date, 63–65
physical security, 70–71
TCP/IP stack, hardening, 71–73
users not having administrator privileges, 58–63
defense-in-depth principle, 55, 56–57
host-based defense, 55–56
principles of, 52–58
security-by-obscurity, 54
tradeoffs in, 53
unconventional
highly-privileged accounts, renaming, 73–75
services, running on non-default ports, 75–76
software, installing to non-default folders, 76
usability affected by, 53
defense-in-depth principle, 55, 56–57
Define virus, 12
delegation
constrained delegation, 92, 156, 471
definition of, 92–94
in IIS 7, 436
trusted for delegation, 470–471, 499–500
Delete Child Objects permission, for GPOs, 534
Delete permission, 125, 126
Delete permission, registry keys, 242
Delete Subfolders and Files permission, 125, 126, 128
Dell Computers, survey by, 6
denial-of-service (DoS) attacks
account of (Gibson), 15
in archive files, 20
definition of, 15
with IPSec, 322
LAND attack, 15
services increasing risk of, 254
Deny Delete permission, 128
Deny permissions
overriding Allow permissions, 128
setting, 122–123
deny-by-default file attachment blocking, 398
deny-by-default software execution policy, 325–326
DES (Data Encryption Standard), 299
.desklink files, 199
desktop, defense deployed on, 55–56
desktop icons, RunAs feature used with, 60
Desktop.ini file, 24
DESX (Data Encryption Standard XOR), 464
detection bypass, in archive files, 20
device drivers, allowing loading and unloading of, 500
devices, security options for, 504–506
DHCP Administrators group, 104
DHCP Client service, 270
DHCP Server service, 270
DHCP Users group, 105
.dhtml files, 197
Dialup group, 84, 105
Dial-up List (DUL), 410
dictionary-based attacks, 144, 145–146, 172–173
Diffie-Hellman protocol, 300
Digest authentication, IIS, 430, 431, 432, 450
Digest Authentication protocol, 85
directories. See folders
directory service, 519. See also Active Directory
directory service data, synchronizing, 502
Directory Services Restore Mode Administrator account, 100
directory transversal attacks, 18, 362
discretionary access control (DAC), 81, 126
Discretionary Access Control List (DACL), 126
Distributed COM Users group, 86, 105
Distributed File System service, 270
Distributed Link Tracking Client service, 270, 287
Distributed Link Tracking Server service, 270, 287
Distributed Transaction Coordinator service, 271
distribution analysis, anti-spam software using, 410
distribution groups, 96
Dllhost.exe process, 422
DLLs
DLL hell, 12
unregistering, 332–334
vulnerabilities of, 196
DNS Admins group, 105
DNS black lists, 410–411
DNS Client service, 271
DNS lookups, anti-spam software using, 408
DNS namespace, 519
DNS security, 418
DNS Server service, 271, 287
DnsUpdateProxy group, 105
.doc files, 196
docking station, security options for, 501, 503
Document Template files, 196
Document Template files, Microsoft, 196
Documents and Settings folder, 132
dollar sign ($)
indicating computer account, 115
indicating hidden shares, 121
Domain Administrator account, 85, 99–100
Domain Admins group
default GPO permissions for, 535
definition of, 105
protecting, 74
SID for, 85
domain computer accounts, password attacks on, 177–179
Domain Computers group
computer accounts in, 115
definition of, 106
SID for, 85
Domain Controllers group
computer accounts in, 116
definition of, 106
SID for, 85
Domain Controllers OU, 520
Domain Guest account, 85, 100
Domain Guests group, 85, 106
Domain Local groups, 96, 97
Domain Naming Master, FSMO role, 523
Domain Users group, 85, 106
domains
in Active Directory, 521–523
adding computers to, policy settings for, 497
password attacks on, 177–179
DoS attacks. See denial-of-service attacks
DOS batch files, 194, 247
DOSSTART.BAT file, 24
.dot files, 25, 196
Downlevel Client Support, for IIS, 446
downloading files, IE settings for, 370, 376, 380
Download.Ject trojan, 38
DPAPI (Data Protection API), 180
DRA (Data Recovery Agent) account, 74, 100
DRA (Default Recovery Agent), for EFS, 473–475
DRF (Data Recovery Field), 465
driver files, 201
driver installation, security options for, 504
.dsm files, 196, 248
DTC access, for IIS, 444
DUL (Dial-up List), 410
DUN export files, 197, 248
.dun files, 197, 248
DUN scripts, 201
Dynamic Linking Library files. See DLLs