|
|
access control list (ACL), 209, 480
'Access denied' messages, decryption and, 300
accessing encrypted files, 275
access points (APs), WLAN and, 385
Account Lockout, configuring settings (fig.), 54
account management auditing, viewing (fig.), 612
Account Policies, 33-35
accounts, Guest remote access, 573
actions, filter, 351
Active Directory
architecture, 9-11
certificate authorities and, 210-211
components, 481
as database, 16
diagnostic event logging, 114-116
domain controllers, creation of, 89
history of Windows directory services, 6-9
legacy computer capabilities using DS client, 113-114
logical structure of, 12-14
physical structure, 13-19
publishing certificates in, 241
Users and Computers Console (fig.), 26
Windows 2000, review, 4
Windows 2000 domain model with forests (fig.), 10
adding EFS recovery agents, 289
Add Recovery Agent Wizard, 290
Address Range Assignment screen, 537-539
Administrative group, updates and permission problems, 182
administrative models, remote access policy, 571-573
Advanced Encryption Standard (AES), 334
ADVAP132.DLL, 275
age policies, password, 35
AH (Authentication Header), 559
All IP Traffic filter list, 350
alternating current (AC), 389
analyzing
local security with Security Configuration and Analysis snap-in, 64-66
security configurations, 63-72, 145-151
security with secedit.exe, 70
updates from the GUI, 147-150
updates with HFNetChk, 143-145
your computers, 137-139
antennas, 390
Antheil, George, 390
antivirus software, installation, 683
application-directed attacks, 327
approvals, automatic, 174
architecture
Active Directory, 9-11
EFS, 292
IPSec, 328
wireless network, 392
assets
categorizing corporate (table), 344
identifying technology, 343
asymmetric cryptography, 268, 201
asymmetric encryption, 264
atomic clock, 633
attackers described, 655
attacks
application-directed, 327
Chargen, 712
compromised key, 327
denial of service. See DoS attacks
DoS. See DoS attacks
Main-in-the-Middle (MITM), 118, 200, 326
on member servers, 92
passive, using Ethereal to perform (fig.), 704
password compromises, 324-325
Ping-of-Death, 326
and removable media, 276
SMURF, 325
sniffing networks, 284
snooping, 321
SYN flood, 667
TCP/IP sequence number, 322
TCP SYN, 325
teardrop, 326
attributes
encryption, 273
of objects, 18
audit
account management, 612
Local Policies security options (table), 36-37
policy changes, 613-614, 619
privilege use, 614
auditing
best practices, 627-630
with Group Policy, 620
for increased security, 609-610
Internet Information Services, 630-633
introduction to, 608
with local security policy, 617-618
minimizing and preventing security incidents, 652
process-tracking events, 615
success- and failure-based (fig.), 618
Windows 2000, 611-626
Windows tools, 633-637
and your security policy, 621
authentication
basic, anonymous, 497-498
certificate-based, 489-490
combining methods, 502
configuring user, 488-496
cross-domain (fig.), 468
defining LM and NLM, 491
described, 204-205
digest, using, 498-499
encrypted data and, 268
for external users, 488
IIS 5.0-supported methods (table), 503
Integrated Windows (IWA), 500
introduction to, 456
Kerberos, 332
message, 330-334
mutual, 532
privacy and, 247
remote access methods, 529-533
and secure communications, 372
selecting a protocol (fig.), 362
site configuration and, 17
smartcards and, 533
using forwarded tickets (fig.), 470
using proxy tickets (fig.), 469
Web, troubleshooting, 510-511
Web site, 502
Windows 2000 network, 456-459
authentication header (AH), 335, 559
Authentication Methods Configuration tab (fig.), 352
authenticator process, Kerberos, 460-463
automatic approvals, 174
automatic certificate enrollment, 234-236
Automatic Updates
downloading required files, 172
installing, configuring, 177-180
autorooters, 152
|
|