rainbow tables, 173–174
random password generators, 187
.rar files, 200
RAS and IAS Servers group, 86, 110
RAS Servers group, 86, 110
Rasphone.pbk file, 26
.rat files, 201
RAT (remote access trojan), 13
rate controls, anti-spam software using, 409–410
RBAC (Role-Based Access Control), 537
RBLs (real-time blacklists), 410–411
.rdp files, 201
RDP (Remote Desktop Protocol) connection objects, 181
Read and Execute permission, 123, 126, 127
Read Attributes permission, 124, 126, 127
Read Control permission, registry keys, 242
Read Data permission, 124, 126, 127
Read Extended Attributes permission, 124, 126
Read permission
definition of, 119–121, 123, 126
for GPOs (group policy objects), 534
interactions with other permissions, 127
Read Permissions permission
definition of, 125, 126
interactions with other permissions, 127
Reading pane, disabling, 404–405
realm trusts, 523
real-time blacklists (RBLs), 410–411
recovery console, security options for, 510
recovery policy for EFS
backing up keys individually, 471–473
Certificate Services (Microsoft), 475–476
comparison of methods for, 475–476
DRA (Default Recovery Agent), 473–475
Recycler folder, 28
RECYCLER folder, 132
Redfall trojan, 46
RedHat Linux, exploitations of, 53
.reg files, 201, 248
Reg_Binary data type, registry, 230
Reg_Dword data type, registry, 230
Regedit.exe program, 82–83, 133, 228
Regedt32.exe program, 228
Reg_Expand_Sz data type, registry, 230
registry
alternate locations for, 237–238
data types in, 230
definition of, 227–228
editing tools for, 228, 238–240
group policy settings applied to, 486–487
group policy settings for, 513
high-risk entries
defending against attacks of, 246–251
list of, 243–246
HKCC (HKEY_CURRENT_CONFIG) entries
default permissions for, 242
definition of, 228, 237
HKCR (HKEY_CLASSES_ROOT) entries
default permissions for, 242
definition of, 228, 231–235
high-risk entries in, 243
malware using, 32–33, 45
HKCU (HKEY_CURRENT_USER) entries
default permissions for, 242
definition of, 228, 229, 236
hardening permissions for, 247
high-risk entries in, 243–245
malware using, 33–40, 46–47
HKLM (HKEY_LOCAL_MACHINE) entries
default permissions for, 242
definition of, 228, 229, 230–231
high-risk entries in, 244–246
malware using, 34, 35–46, 47–49
HKU (HKEY_USERS) entries
default permissions for, 242
definition of, 228, 229, 236
permissions for, 241–243, 251, 332
settings for TCP/IP stack hardening, 71–72
structure of, 228–229
Registry Editor tool, 82–83, 133, 228
registry files, 201
Regmon tool (Sysinternals), 239, 292
Reg_Multi_Sz data type, registry, 230
regression testing of patches, 64
Reg_String data type, registry, 230
Reg_Sz data type, registry, 230
Relative Identifier Master, FSMO role, 523
Relative Identifier (RID), 84–86
Relay Spam Servers (RSSs), 410
Remote Access Auto Connection Manager service, 276
Remote Access Connection Manager service, 276
remote access trojan (RAT), 13
remote administration, IIS, 439–440
Remote Administration using HTML, for IIS, 447
Remote Assistance, HelpAssistant account created by, 101
Remote Desktop connection shortcuts, 201
Remote Desktop Help Session Manager service, 276
Remote Desktop Protocol (RDP) connection objects, 181
Remote Desktop Users group, 86, 110
Remote Desktop, using for IIS, 439–440
Remote Desktop Web Connection, for IIS, 448
remote execution of attacks. See also denial-of-service (DoS) attacks
definition of, 7–8
types of, 14–17
Remote Interactive Logon group, 85, 110
Remote Procedure Call (RPC) Locator service, 277, 288
Remote Procedure Call (RPC) service
attacks on, 253
definition of, 267, 277
Remote Registry service, 277
remote shutdowns, allowing, 500
Remote Storage Notification service, 286
Remote Storage Server Services, 286
Removable Storage service, 277
Replicator group, 86, 110
Resource Manager Authority, 86
resources. See publications; web site resources
restored files, malware in, 30
Restricted Code group, 85, 111, 114
restricted group settings, group policy, 512
Restricted sites zone, IE, 361
Resultant Set of Policy Provider, 277
Resultant Set of Policy (RSoP) tool, 535
reverse DNS lookups, anti-spam software using, 408
RFC 2401, 296
RFC 2412, 296
Rich Text Format files, 201
RID (Relative Identifier), 84–86
Riler trojan, 73
Rlogin URI handler, 250
Role-Based Access Control (RBAC), 537
RootKitRevealer (Sysinternals), 14
rootkits, 14
Routing and Remote Access service, 277
Routing Engine service, Microsoft Exchange, 285
Routing Support, for IIS, 446
RPC (Remote Procedure Call) Locator service, 277,288
RPC (Remote Procedure Call) service
attacks on, 253
definition of, 267, 277
RSoP (Resultant Set of Policy) tool, 535
RSSs (Relay Spam Servers), 410
RTF files, 52, 201
Rudnyi, Evgenii B. (Sid2user and User2sid utilities), 89
RunAs feature
command line execution of, 61–62
definition of, 59–60
limitations of, 62
LUA protections extended by, 63
Restricted Code group and, 114
using, 60
RunAs Service, 278
RunAsAdmin application, 63
Russinovich, Mark (EFS article), 478
Rusty worm, 24