Exam Objectives Frequently Asked Questions

Previous page
Table of content
Next page

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts. You will also  gain access to thousands of  other  FAQs at ITFAQnet.com.

1.  

Are there any technical limitations restricting how Internet users can connect to Web sites that use Passport Authentication?

the largest concern to be aware of when using kerberos authentication centers on the physical security of your key distribution centers (kdcs), as well as your local workstations. since kerberos attempts to provide single sign-on capabilities for your users, an attacker who gains access to your workstation console will be able to access the same resources that you yourself are able to. kerberos also does not protect against stolen passwords; if a malicious user obtains a legitimate password, he or she will be able to impersonate a legitimate user on your network.

2.  

Passport authentication supports both the Internet Explorer and Netscape Navigator browsers. However, both need to be at version 4 or later in order to access sites that are using Passport.

unfortunately, no. sus can only deploy the compatible updates that it receives from the microsoft windows update site. to deploy an update for a third-party or internal application, you will need to rely on logon scripts, or another utility such as sms.

3.  

Does the Kerberos authentication protocol possess any major weaknesses?

in its original release, you could not run sus on a dc or small business server. sus service pack 1 has removed this restriction, although you should be careful to stress-test any existing server that you want to use for sus to ensure that it can handle the additional network, memory, and processor requirements. in terms of hardware, you need to have a machine that is a piii 700 or better, with a minimum of 512mb of ram and 6gb of free disk space to store downloaded updates.

4.  

I have deployed a SUS server within my corporate LAN. We have a home-grown application that needs to be updated on several hundred clients Can I use SUS to push out this update?

we have had some recent issues with remote access clients infecting our internal network because their anti-virus software has not been up to date. how can i quickly get up and running with the network access quarantine control function on my network?

5.  

Are there any restrictions on what kind of machine I can use to host a SUS server?

the best place to start is the naqc white paper available for free download from the online windows server 2003 resource center from www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx. this paper will give you a quick but thorough introduction to how quarantine functions, and a sample quarantine script to get you started.

6.  

I ve seen several references to ISA on the Microsoft Web site. Is this the same thing as IAS?

no. internet authentication service, or ias, is the microsoft implementation of radius authentication that allows for central authentication of remote access clients. isa server is the internet security & acceleration server, which is the microsoft firewall and proxy server solution for securing internet access for a corporate lan and wan. while both technologies can be used to secure your network environment, they are entirely different entities. further, detailed knowledge of isa server is not required to pass the 70-298 exam, although being aware of its existence and its basic functionality certainly won t hurt.

Answers

1.  

The largest concern to be aware of when using Kerberos authentication centers on the physical security of your Key Distribution Centers (KDCs), as well as your local workstations. Since Kerberos attempts to provide single sign-on capabilities for your users, an attacker who gains access to your workstation console will be able to access the same resources that you yourself are able to. Kerberos also does not protect against stolen passwords; if a malicious user obtains a legitimate password, he or she will be able to impersonate a legitimate user on your network.

2.  

Unfortunately, no. SUS can only deploy the compatible updates that it receives from the Microsoft Windows Update site. To deploy an update for a third-party or internal application, you will need to rely on logon scripts, or another utility such as SMS.

3.  

In its original release, you could not run SUS on a DC or Small Business Server. SUS Service Pack 1 has removed this restriction, although you should be careful to stress-test any existing server that you want to use for SUS to ensure that it can handle the additional network, memory, and processor requirements. In terms of hardware, you need to have a machine that is a PIII 700 or better, with a minimum of 512MB of RAM and 6GB of free disk space to store downloaded updates.

4.  

We have had some recent issues with remote access clients infecting our internal network because their anti-virus software has not been up to date. How can I quickly get up and running with the Network Access Quarantine Control function on my network?

5.  

The best place to start is the NAQC white paper available for free download from the online Windows Server 2003 resource center from www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx. This paper will give you a quick but thorough introduction to how Quarantine functions, and a sample Quarantine script to get you started.

6.  

No. Internet Authentication Service, or IAS, is the Microsoft implementation of RADIUS authentication that allows for central authentication of remote access clients. ISA server is the Internet Security & Acceleration server, which is the Microsoft firewall and proxy server solution for securing Internet access for a corporate LAN and WAN. While both technologies can be used to secure your network environment, they are entirely different entities. Further, detailed knowledge of ISA server is not required to pass the 70-298 exam, although being aware of its existence and its basic functionality certainly won t hurt.



Previous page
Table of content
Next page
MCSE Designing Security for a Windows Server 2003 Network. Exam 70-298
MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298
ISBN: 1932266550
EAN: 2147483647
Year: 2003
Pages: 122
Authors: Elias Khasner, Laura E. Hunter
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy