damaged smart cards data protecting with EFS 2nd with IPSec and VPNs recovering, strategies for unencrypted, running cipher.exe /w on 2nd data centers as risk factors securing data decryption fields (DDFs) data directories, encrypting data recovery agents (DRAs) ensuring safety of private keys identifying data recovery fields (DRFs) data remnants, removing from disks DC security.inf template DCUP.INF file DDFs (data decryption fields) decryption [See also EFS] for checksum of signed code for files, using EFS public key cryptography shared secret key cryptography and Default Domain Controller Policy (GPO) 2nd controlling anonymous access to domain controllers Default Domain Policy (GPO) 2nd defense- in-depth protection needed, with remote access connections delegation (Active Directory) giving control to helpdesk administrators OUs (organizational units) and securing objects for delta CRLs (certificate revocation lists) denial-of-service attacks against DNS servers analyzing DHCP logs integrated zones and leasing DCHP addresses monitoring DHCP for Deny permissions, use sparingly 2nd deployment plan for PKI, creating depth of private certification hierarchies DES-CBC-MD5/DES-CBC-CRC encryption desktops, configuring with Group Policy device drivers restricting use of unsigned drivers signed code and DHCP 802.1x protocol and analyzing logs auditing activity automatic record updating baselining network traffic clients leasing addresses from servers configuring for proper administration configuring server with reservations DnsUpdateProxy group and eliminating from network how it works messages comprising basic interactions monitoring for denial-of-service attacks security, lack of servers authorization of, as security measure creating service accounts for identifying, with Dhcploc unauthorized, monitoring network for types of attacks in using it securely using with DNS DHCP Ack message DHCP Discover message DHCP MMC snap-in DHCP Offer message DHCP Request message Dhcploc tool dictionary attacks LM passwords and on passwords Diffie-Hellman Key Exchange algorithm Digest authentication 2nd digital encryption certificates digital signatures certificates and configuring certificate templates downsides to using in email providing secure email rejecting device drivers without sending email using Disabled accounts, cleaning up Disallowed security level adding to new hash rules configuring to be default test thoroughly before deploying to users use antivirus software against viruses Discover message (DHCP) DNS (Domain Name System) auditing denial-of-service attacks network footprinting 2nd permissions setting for administrators setting on DNS objects record types available in recursive queries, restricting requirements for security concerns spoofing attacks using it securely using with DHCP zones [See zones] DNS domain names (Active Directory) DnsAdmins group 2nd DnsUpdateProxy group 2nd Domain Admins group Domain Controller Security template domain controllers 2nd certificates for communications configuring auditing for 2nd configuring client computers to use NTLMv2 configuring logon auditing on controlling anonymous access to default security for upgrades through GPOs disabling storage of LM hashes in Kerberos locating in Active Directory multimaster domain concept and opening firewalls to allow replication traffic protecting from network access providing security for roles/responsibilities securing physically security tokens and sending communication across networks with IPSec tunnels synchronizing computer clocks Domain Name System [See DNS] domain policy domains (Active Directory) administrative groups configuring user accounts to access resources providing security for DRAs (data recovery agents) ensuring safety of private keys identifying DRFs (data recovery fields) Droms, Ralph dual-boot configuration, security issues with dual-user passwords for service accounts Dynamic Host Configuration Protocol [See DHCP] dynamic updates (DNS) enabling