IAS. See Internet Authentication Service
icacls.exe command-line tool, 177, 201. See also subinacl tool
ACLs and, 191
resetting, 195
restoring, 192-193
saving, 191, 192
change owner with, 194
deny operations and, 195
find all ACEs granted to particular user and, 195
functionality, 191-197
grant operations and, 195
notes on, 188
remove operations and, 195-196
set integrity levels with, 196-197
shortcomings of, 199
substitute SIDs with, 193-194
ICF. See Internet Connection Firewall
ICMP. See Internet Control Message Protocol
identity, 108-109. See also logon authentication
IE. See Internet Explorer
IEAK. See Internet Explorer Administration Kit
IFRAME, 273, 280
IIS. See Internet Information Services
IIS_IUSRS, 24, 314-315
IIS_WPG, 25
impersonation, 115, 127, 219
delegation v., 115, 116, 127
Include local directory path when uploading files to a server (setting), 273, 280
"Increase a process working set," 141
Independent Software Vendors (ISV), 128
information disclosure, 55
information security, 519-547. See also security tweaks
best practices, 547
complementary approach, 523-524
"defense in depth" and, 520, 523
different views on, 526
account lockout, 539-546
anti-malware, 530-532
client security hacks, 526-530
security tweaking, 532-538
external factors, 519
risk management, 520-523, 547
enterprise, 521-523
security awareness programs, 546, 547
social engineering and, 50, 59-60, 546
examples, 59
SRP and, 524-525
strategies v. new tools, 519, 547
three-step approach, 523-525
keep attacks off box, 524
keep malicious code from communicating, 525
stop malicious code from running, 524
user education and, 524, 532
wetware, 546
infrared wireless technologies, 461
Infrastructure mode, 462-463
infrastructure, Windows, 73-117
inheritance
dangers, 175
definition, 174
Initialize and script ActiveX controls not marked as safe for scripting (setting), 267, 279
installers
elevating, 166
heuristic detection of, 151
integrity controls, 22-23, 116-117
mandatory, 22-23, 116, 146
integrity labels
low, 146
privilege for, 141
integrity levels, 116, 117, 190
setting, 196
icacls and, 196-197
integrity model, 158
integrity SIDs, 22-23
Interactive Service Detection Service, 17
International-Send UTF-8 URLs, 283, 287
INTERNET, 181, 182
Internet Authentication Service (IAS), 467, 469
Internet Connection Firewall (ICF), 403. See also Firewall, Windows
shortcomings of, 403, 404, 409
Internet Control Message Protocol (ICMP), 493. See also Network Location Awareness service
ECHO, 493, 494
Internet Explorer (IE) 7.0
ActiveX control handling, 33, 222, 223, 257
Add-on management, 256-257
advanced settings, 282-288
Browsing, 282, 287
International, 283, 287
Java (or Java-Sun), 283, 287
Security, 283-286, 287-288
summary of, 287-288
best practices, 290-291
browsers v., 245-247
defenses/recommendations, 288-289
digital certificate handling, 257-258
encryption improvements, 26-27, 257-258
file types by file extension, 269
Group Policy and, 495-496
IEAK and, 495-496
malware and, 253-254, 289
as optional component, 247
phishing filter, 32, 254-256
Protected Mode, 32, 146, 248-254, 277
malware/hackers impacted by, 253-254, 289
recommendations/defenses, 288-289
securing, 245-291
security improvements/new features, 32-34, 248-260
Security Options, 230
security zone settings, 264-281
ActiveX controls and plug-ins, 265-268, 278-279
Downloads, 268-270, 279
Java VM-Java Permissions, 270, 279
Miscellaneous, 270-275, 279-281
.NET Framework, 264-265, 277-278
recommendations, 277-281
Scripting, 275-277, 281
summary of, 277-281
User Authentication, 277, 281
security zones, 260-264
Internet site, 261-262
Local Computer, 260-261
Local intranet, 262-263
Restricted sites, 263-264
Trusted Sites, 263
shim compatibility architecture, 251-252
URL handling protections, 258-259
vulnerabilities v. market share, 247
Internet Explorer Administration Kit (IEAK), 495
IE management without, 495-496
Internet Information Services (IIS) 7.0, 293-350
access control permissions, 326-332
administration, 315-318
authentication methods, 318-325
comparison of, 325
summary of, 323-324
components, 302-307
default, 305-306
individual descriptions, 302-305
configuration/tightening of, 339-344
defending, 332-348
summary of steps for, 333
Handler Permissions, 326-331
summary/usage of, 331
hardening procedures, 332-348
application installation/securing, 347
cleaning/testing, 347
deploying to production, 347-348
host firewall configuration, 335
log file/firewall monitoring, 348
minimal configuration on IIS, 336
network/perimeter security configuration, 333-334
OS hardening, 337-339
OS installation, 334-335
patch installations, 336-337
penetration tests, 347
physical security, 334
remote administration configuration, 335-336
summary of, 348-350
updated hardware drivers, 334
Web site securing, 344-346
web-server specific, 39-344
installation of, 301
additional features, 340
introduction, 299-300
modules, 340-341
list/description of, 340
new features/improvements, 34, 57, 300-301
NTFS permissions and, 332
strengthening, 342-343
protocol listeners, 307-309
versions, 300
web component minimization, 342
web server threats, 293-299
Internet site security zone, 261-262. See also security zone settings
Interprocess Communications mechanism. See IPC mechanism
Interprocess Communications Share. See IPCS
IP version 6 (IPv6), 36, 412
Windows Firewall and, 36, 406-407, 412
IPC (Interprocess Communications) mechanism, 207. See also named pipes
IPCS (Interprocess Communication Share), 97
IPsec, 407
client-to-DC, 451
definition, 407
Windows Firewall and, 407, 424
IPv6. See IP version 6
isolation. See also information security; Server and Domain Isolation
Domain, 36-37, 446-447
Domain and Server, 445-459, 524, 526, 530, 531
Server, 447-448
Session 0, 210-213
sessions, 16-17, 211-212
UAC and process, 158, 169
ISV. See Independent Software Vendors
IUSR_computername, 314-315