Index_P | MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298

P

packet filtering, IP. see IP packet filtering

packet filtering, L2TP/PPTP, 438

Padding field, 262

Padding Length, 262

pagefile, 466

Passport. see Microsoft Passport Authentication

password authentication, 640

Password Authentication Protocol (PAP), 653

Password Complexity policy, 477478

Password must meet complexity requirements setting, 475

password policies

for authentication strategy, 166

configuration of, 496

designing, 462

settings, 474476

password security, 474480

account lockout policy, creating, 478480

important points about, 496

password complexity requirements, 477478

Password policy settings, 474476

user password tips, 476477

password-based attack, 247, 344

passwords

AD and, 145

random password generators, 398

RIP and, 417418

security and, 4344

security of, 457

for service accounts, 461

storage locations, 635

Store passwords using reversible encryption setting, 677678

strong, requirements of, 68

Syskey and, 635637

patch management. see also Software Update Services

Group Policy and, 632

overview of, 631

Software Update Services and, 632633

third-party tools for, 633634, 676

update testing and, 679680

PEAP with EAP-MS-CHAPv2, 330

PEAP with EAP-TLS, 330

peer limiting, 419

Perform Volume Maintenance Tasks right, 469

performance

EFS and, 554

IAS server, 375

SSL/TLS and, 387

Performance Monitor, 469

permission structure for data

AGUDLP strategy, 491492

combining/nesting groups, 493494

Domain Local groups, 492

domain/forest functional levels, 494495

Global groups, 492

Universal groups, 492493

permissions

assigning, 458460

default, for DNS Server Service, 299

default, in AD-Integrated zones, 300301

discretionary, 508

for DNS RRs in Active Directory, 302303

groups and, 516

overview of, 512

registry objects and, 552553

remote access, 657

scenario, 504505

for service accounts, 497

for user accounts, 496

Permit filter action, 270

permit mode, 279

persistent connections, 443

persistent IPSec policy, 282, 345

persistent policies, 278

personal identification number (PIN), 153

PFS (Master Key Perfect Forward Secrecy), 268

Phase I Security Association

authentication methods , 254255

Diffie-Hellman groups, 255256

IPSec encryption algorithms, 252253

IPSec hash algorithms, 253254

Phase II Security Association, 252, 256

physical policies, 4

physical security, 171, 342

Ping of Death, 15

PKI. see public key infrastructure

Point-to-Point Tunneling Protocol (PPTP)

firewalls and, 450451

vs. L2TP, 438, 447

VPNs and, 425433, 654

policies

acceptable use, 45

account, Security Templates and, 6769

audit, enabling on local machine, 394395

auditing, 620

local, Security Templates and, 6971

nesting, for security groups, 524525

network management, 200

overview of, 39

password/account, 145

physical/technical/administrative, 4

Recovery Agent, removing, 579580

remote access, 654662

Resultant Set of, 9

retirement, for security groups, 526

for security groups creation, 521522

settings, results review, 8285

Terminal Services single-session, 206

policy CAs, 185. see also intermediary CAs

policy change auditing setting, 481

policy change events, 540

policy negotiation, 252256

POP3 mail servers

authentication methods, 118

security levels, 117118

security overview, 116117

summary of services for, 129

template for, 131

port authentication, 312

ports

configuring for two-way trusts, 233

IIS hardening and, 382

network communications and, 447

PPTP/L2TP and, 448

Terminal Services, changing, 202204

Power On Self Test (POST), 603

PPTP. see Point-to-Point Tunneling Protocol

Pre-Boot eXecution Environment (PXE), 603

predefined filter actions, 270272

predefined filter lists, 269270

predefined IPSec policies. see default IPSec policies

predefined security templates. see security templates

Preferred Networks tab, 324325

pre-shared keys, 255, 282

print servers

configuring, 123

summary of services for, 129

template for, 131132

printing, 580587

privacy, 45, 261263

private data, 25

private key pair, 181184

private keys

file security and, 557

installing CA and, 174

key retrieval/recovery, 157

in PKI process, 154

in public key cryptography, 153

security of, 564565

privilege use, 481, 538539

process tracking, 481, 540

Profile Single Process right, 469

Profile System Performance right, 469

profiles, remote access, 657659

protocols

authentication, 671

Digest Authentication, 650

Kerberos, 646648

L2TP for VPN access, 433438

NTLM authentication, 648650

PPTP for VPNs, 425433

selecting for clients , 646647, 652654

Server 2003 user authentication, 639

SSL/TLS, 650651

supported by IAS, 663665

proxy servers, 244, 309

public data, 25

public key

digital certificates hold, 156

installing CA and, 174

in public key cryptography, 153

public key cryptography

described, 153

for digital certificates, 153154

public key infrastructure (PKI)

architecture of, 155158, 187188

basic concepts of, 152155

certificate distribution, designing, 172184

with Certificate Services, designing, 186

certification authority implementation, designing, 158165

design questions, 188190

designing security for CA servers, 167171

logical authentication strategy, designing, 165167

overview of, 152

review of, 319320

viability of, 344

for wireless network infrastructure, 327

WLAN network infrastructure requirement, 322

public key infrastructure X.509 (PKIX), 155

public key pair, 181184

Publishing Points ACL, 128

PXE (Pre-Boot eXecution Environment), 603