N
naming conventions, 522523, 646
NAT. see Network Address Translation
NAT-T (Network Address Translation traversal), 281
nesting groups, 493494, 524525
NetIQ Security Manager, 216
Netscape Communications Corporation, 304
netsh command-line utility, 668
netsh ipsec dynamic mode, 273
netsh ipsec static importpolicy command, 277
netsh ipsec static mode, 273
netsh ras add registeredserver command, 412
netsh.exe command
to configure IPSec policy, 285
has IPSec contect, 281
IPSec context, 272273
for IPSec driver, 280
for IPSec driver state, 279
for IPSec policy, 276
Network Access Quarantine Control
getting started with, 674
overview of, 673
remote access and, 670
Server 2003, 439
Network Address Translation (NAT)
L2TP and, 447
Server 2003 and, 447
Network Address Translation traversal (NAT-T), 281
network communications. see Virtual Private Networks
network framework
business requirements analysis, 313
design overview, 2
security incidents, responding to, 2631
technical constraints, analyzing, 3138
threat prediction, 1326
network infrastructure security
attacks, types of, 247249
data transmission security, designing, 303313
DNS clients , 303
DNS namespace, 295296
DNS resource records, 302303
DNS, securing, 293295
DNS Server Service, 297300
DNS zones, 300302
elements of, 243
important points for, 340341
IP filtering, designing, 289293
IPSec modes, 256257
IPSec overview, 251
IPSec policies, applying, 273284
IPSec policies, default, 264273
IPSec policies, designing, 284289
IPSec process, 263264
IPSec protocols, 257263
IPSec security associations, 252256
overview of, 242
physical security, 342
PKI and RADIUS/IAS, 319321
risk for network services, assessing, 249251
steps for, 243247
wireless access infrastructure, 336338
wireless networks, authentication for, 328336
wireless networks security, designing, 313316
wireless networks, threats to, 317318
WLAN network infrastructure, 321328
of WLAN, designing, 321328
network infrastructure servers, 118119
Network Interface Card (NIC), 414
network management process
administrative tools, securing, 200208
administrators and, 195200
EMS, designing security for, 208210
overview of, 194195, 231
security update infrastructure, 210217
trust relationships, 217230
Network News Transfer Protocol (NNTP), 384
network services
post-attack recovery, 31
risk assessment, 249251
securing. see network infrastructure security
network traffic security, RAS, 126
network trust hierarchy
for CAs, 164165, 189
root CA and, 188
networks
addressing risks to, 2325
authentication, 641645
communication security overview, 411
extranets, 443
policy management of, 200
resources, providing access to, 662
routing between internal, 442
segmented networks, 313
NIC (Network Interface Card), 414
NNTP (Network News Transfer Protocol), 384
No Terminal Server User SID template, 63
NT Lan Manager (NTLM) authentication, 5759, 367368, 648650, 672
NT Lan Manager (NTLM) v2, 46, 74
NTFS file system
access control and, 509
for CA, 190
on DNS servers, 300
EFS and, 553
on file/print/member servers, 123
on IIS, 116
Server 2003 upgrades and, 406
NTFS permissions
access control lists and, 496
access control security with, 455, 456
numbered connections, 421422