IAS (Internet Authentication Service), 284
ICMP traffic, allowing or disallowing, 66
.ico files, 198
Icon graphic files, 198
icons, desktop, RunAs feature used with, 60
ICS (Internet Connection Sharing) service, 272, 281
identification phase, access control, 80
identities, IIS, 422–425
IE (Internet Explorer)
advisor ratings files, 201
attacks using
browser interface manipulation, 364
buffer overflow attacks, 357
cookie manipulation, 363–364
cross-site scripting, 357–358
directory transversal attacks, 362
file execution attacks, 361–362
malicious content, 363
MIME type mismatches, 363
plug-in exploits, 364–365
URL spoofing, 354–357
zone manipulation, 358–361
competitors of, 350
defending against attacks
browsing settings for, 378–379, 384
Enhanced Security Configuration for, 385–387
Java settings for, 379, 384
links in e-mails, not following, 366
security settings for, 379–385
third-party applications for, 387
untrusted web sites, not visiting, 366
updating patches for, 367
using latest browser, 366–367
zone settings for, 367–377
Dll files loaded by, 352
Favorites list files, 197
features of, 347–349
history of, 347
security features of, 348–349, 357
security statistics for, 351–352
security zones for, 358–361, 367–377, 385–387
startup process used by, 352–353
testing for vulnerabilities, 365
URL processing by, 353
version 7, 347, 348–349, 357
versions in use, 347
versions of, which to use, 366–367
Ieframe.dll file, 352
IERESET.INF file, 24
IETF (Internet Engineering Task Force), 296
IIS Admin MMC console, 427
IIS Admin Service, 284
IIS (Internet Information Server)
additional features, installing, 443–448
administration of, 427–428
application pools, 422–425, 453–455
authentication for, 182, 428–433, 449–450
configuration information, metabase file for, 427–428
configuring, 440, 443–451
definition of, 420
Http.sys driver, 421–422
identities, 422–425
IIS_WPG (IIS Worker Process Group), 424–425
installing, 421
IUSR_<computername> account, 101, 425–427
IWAM_<computername> account, 101, 425–427
permissions for, 433–436, 450, 452–453
resources for, 456
securing
application installation and tightening, 456
cleaning and testing, 455–456
deployment, 456
hardware drivers, updating, 438
host firewall configuration, 439
IIS configuration, 443–451
IIS installation, 440
log files, monitoring, 456
logging configuration, 455
network/perimeter configuration, 437–438
operating system hardening, 441–443
operating system installation, 438–439
patch installation, 440–441
penetration tests, 456
physical security, 438
Remote Admin configuration, 439–440
steps for, 437
web sites, securing, 452–455
URLScan tool for, 450–451
version 7 modules, 449–450
versions of, default operating systems for, 420
vulnerabilities of, 419
Web Server Edition, 420
web service extensions, 436, 448–449
worker processes, 422–425
IIS logons, 182
IIS permissions, 433–435
IIS 6 Resource Kit, 456
IIS 6 Technet Resources, Microsoft, 456
IIS_WPG (IIS Worker Process Group), 108, 424–425
IKE (Internet Key Exchange), 300–301
IM (Instant Messaging), attacks using, 8
IMAP CD-Burning COM Service, 284
IMAP4 service, Microsoft Exchange, 285
impersonation
bugs in, 90
of client after authentication, 90, 500
definition of, 90
delegation and, 92
enabling and disabling, 90
levels of, 90–91
policy settings for, 496–497
in security token, 118
viewing, 91
Incoming Forest group, 108
Incoming Forest Trust Builders group, 86
Indexing Service, 272
Inetcorp.adm template, 515
Inetesc.adm template, 515
Inetres.adm template, 515
Inetset.adm template, 515
.inf files, 198
Inf11.adm template, 516
Information Store service, Microsoft Exchange, 285
Information Technology-Information Sharing and Analysis Center, 51
Infrared Monitoring Service, 284
Infrastructure Master, FSMO role, 523
inheritance of permissions, 128–129
.ini files, 198, 227–228
injection attacks, 15
.ins files, 198
insider attacks, 17
Installer Files, Microsoft (MSI), 489
Installer package files, 199
Instalr11.adm template, 516
Instant Messaging (IM), attacks using, 8
Integrated Windows Authentication (IWA), IIS, 429–430, 431, 432
Interactive group
definition of, 108
SID for, 84
Windows trusts and, 117
Interactive Training files, 194
Interactive Training files, Microsoft, 194
Internet Authentication Service (IAS), 284
Internet Connection Sharing (ICS) service, 272, 281
Internet Data Connector, for IIS, 447, 449
Internet Engineering Task Force (IETF), 296
Internet Explorer. See IE
Internet Information Server. See IIS
Internet Information Services Manager, IIS, 445
Internet Key Exchange (IKE), 300–301
Internet Printing, for IIS, 445
Internet Protocol Security working group, IETF, 296
Internet Security Association and Key Management Protocol (ISAKMP), 300
Internet shortcut files, 202
Internet Site Authority, 86
Internet site zone, IE, 360
Internet worms, 391
Internet Zone exception rules, SRP, 223, 341
Intersite Messaging service, 272, 288
Io.sys file, 25
IP address, scanning for, 9
IP Version 6 Help (6to4) Service, 284
IPSec (IP Security) protocol
AH protocol used with, 298, 299
attacks on, defending against, 321–322
authentication method for, 308–309
configuring, 302–303, 306
definition of, 295–296
ESP protocol used with, 299
example scenario for, 320–321
exemptions for, 315–317
filters for, 309–314
firewall for, 318–319, 321
IKE modes for, 300–301
key management for, 300
logging events for, 305
mode types for, 297–298
monitoring, 303–305
NAT or NAT-T used with, 301
open standard for, 296
performance of, 301–302
PFS (Perfect Forward Secrecy) for, 314–315
planning for, 319
policies for
creating, 302–303, 306–315
default, 305–306
definition of, 299
resources for, 322
rules for
creating, 308–315
definition of, 299
security associations (SAs) for, 300
Security Parameters Index (SPI) for, 300
security policy database for, 299
when to use, 319
IPSec policies, group policy, 514
IPSEC Policy Agent, 273
IPSEC Services, 273
Ipseccmd.exe program, 303
Ipsecmon.exe program, 303
ISAKMP (Internet Security Association and Key Management Protocol), 300
island hopping, 183
.isp files, 198
.it files, 196, 248
IUSR_<computername> account, 101, 425–427
IWA (Integrated Windows Authentication), IIS, 429–430, 431, 432
IWAM_<computername> account, 101, 425–427