|
|
SACL (system access control list), 613
schema objects, attributes, values (table), 14
schemas described, 13
.scr files, 660
script kiddies, 655, 696
script mapping, configuring (fig.), 104
scripting
deploying security via, 60-61
implementing security templates using, 62
updates, 163-165
scripts, hotfix deployment, 185
secedit.exe, 30, 53
analyzing security with, 70
deploying security via scripting, 60-62
using, 67-70
secpol.msc command, 108
secret key, 206-207, 269
securedc.inf, 22, 89
Secure Hash Algorithm (SHA1), 330-331
Secure Server (Require Security) IPSec policy, 348
Secure Shell (SSH)
using, 705-706
white hat tool, 697
Secure Sockets Layer (SSL), 11, 307
securews.inf, 22, 92
securing
domain controllers, 90-91
domain level, 88
Exchange 2000 servers, 97-98
Internet Access Service (IAS) servers, 106-107
portable, laptop computers, 111-112
server SMB traffic, 118-119
SQL Server 2000, 93-96
security
accessing configuration settings at site level (fig.), 25
analysis, 628
analyzing issues with Event Logs, 116-117
attacks. See attacks
auditing systems for increased, 609-610
Encryption File System. See EFS
end-to-end, 328
Group Policy settings, 23-27
incident response plans, 654
Microsoft, issues, 650
network, importance of, 320-328
password policies, 324
proactive vs. reactive management, 652
templates. See security templates
wireless LAN issues, 407-426
security bulletins, Microsoft, 86-87
Security Configuration and Analysis, 27-30
Security Configuration and Analysis snap-in, 63-66
security configurations
analyzing, 63-72
analyzing with MBSA, 145-151
Security Configuration Tool Set
creating user interface, 31
described, 20
security console, creating, 32
security identifiers (SIDs), 479
security incident response and recovery
forensics, 673-680
minimizing, 651-654
prevention list, 652-654
response plan definition, 672-673
security incidents, 650-651
Security Log, 342
adjusting properties (fig.), 630
restrictions on access, 628
shutting out hackers, 44
security parameters index (SPI), 335
security patches, 135
security plans
EFS in. See EFS
evaluating dangers, 344
multilayered, 265
security policies
building with customized IPSec consoles, 345-347
creating, 356-369
flexibility of, 347
implementing effectively, 343
Security Policy Setting window (fig.), 494
Security Rule Wizard, 356-359, 361
security templates
See also templates
described (table), 19-21
and Group Policy, 27
Select Registry Key window (fig.), 49
server certificates, requesting for IIS server, 504
Server Message Block. See SMB
Server (Request Security)
IPSec policy, 348
properties dialog box (fig.), 350
servers
adding to the server list (fig.), 664
members, 92
preventing files from being encrypted on, 277
updating considerations, 181
and workstations, 18
service packs described, 134
service tickets, and session tickets, 474
Session key Perfect Forward Secrecy option, 352
session tickets (ST), and service tickets, user tickets, 474
session ticket (ST), 464
setup security.inf, 22
shared key, concept and Kerberos, 460
shared secret keys, 336
shortcuts, to middleware, removing, 135
SIDs (security identifiers), 479
signatures
digital, 203-204, 330, 332
hash, 330
sites described, 17
slipstreaming
deployment of updates, 153
described, 156
installation media for RIS deployment, 155-156
Windows 2000 Professional with Service Pack 3, 156-158
smartcards
authentication and, 533
and VPN connections, 597
SMB (Server Message Block), 490, 496
configuring, 86
securing traffic, 118-119
SMBdie, performing DoS with, 668-669
SMS. See Systems Management Server (SMS)
SMTP, attack vulnerabilities, 713
SMURF attacks, 325, 669
snap-ins, Certificates, 341
sniffer described, 266
Sniffer Pro, 321
SNMP, attack vulnerabilities, 715
snooping described, 321
social engineering and hacking, 323
Social Security numbers, 323
software involved in DDoS attacks, 671
Software Update Service, 153
Software Update Services (SUS), 153, 172
synchronization schedule, configuring (fig.), 175
spoofing, 322-323
Spoofit, 323
spreading ratio, 391
spread-spectrum technology, 390
SQL, attack vulnerabilities, 715
SQL Server 2000
hardening with MBSA, 95
securing, 93-96
SRV record, 478
SSH. See Secure Shell (SSH)
SSL, configuring Web authentication using, 508
Standalone Root, Subordinate CAs, 209
standards, X.500, 11-12
starting, Certificate Import Wizard, 226
static phone books, 578
statistics, viewing with NetDiag.exe, 342
stopping Certificate Services (fig.), 239
Subseven Trojan, 664
SUS. See Software Update Service (SUS)
SUSSetup.msi, 173
switches, Cipher command (table), 281
symmetric cryptography, 269
symmetric encryption, 334
synchronizing clocks, 633
SYN flood attacks, 667
system access control list (SACL), 613
system crashes, during encryption, 308
System Policies, 122
systems auditing. See auditing
System Services node, 29, 47-48
Systems Management Server (SMS), 153, 156, 180
|
|