| < Day Day Up > |
|
A (host) resource record, 4-23
access control
Account Group/ACL method, 2-39—2-40
Account Group/Resource Group method, 2-40—2-41
anonymous access, 1-25—1-26, 1-32—1-33, 1-36—1-39, 2-29
browsers, locking down, 13-39—13-40
groups, 2-19—2-37, 2-41—2-44, 16-13—16-20
HKEY_LOCAL_MACHINE hive (example), 13-17
RAPs (remote access policies), 10-22—10-24, 12-10, 12-21—12-23
remote access, 8-6—8-8, 10-22—10-24, 12-1—12-46, 15-51—15-54
remote access configurations, 12-17—12-24, 12-30—12-35
remote access RADIUS services, 10-8, 10-10
User/ACL method, 2-39
wireless access points (WAPs), 10-17—10-18, 10-29, 10-33
access control entries (ACEs), 2-3
multiple for one user, 2-4
access control lists (ACLs), 2-3, 16-21
Account Group/ACL method of access control, 2-39—2-40
certificate templates, 7-20
multiple ACEs for users, 2-4
SIDs (security identifiers), 1-46—1-47
User/ACL method of access control, 2-39
access points, wireless (WAPs)
configuring, 10-29, 10-33
physical security, 10-18
wireless access policies, 10-17—10-18
Account Group/ACL method of access control, 2-39—2-40
Account Group/Resource Group method of access control, 2-40—2-41
account lockouts
IAS feature, 4-41
policies, 1-21—1-22, 3-10
Account Operators group, 2-24
account policies, 3-9—3-10. See also policies
lockout, 1-21—1-22, 3-10, 4-41
accounts
management permissions, 2-24
remote access authorization, 12-19—12-21
special, 2-28—2-31
ACEs (access control entries), 2-3
multiple for one user, 2-4
ACLs (access control lists), 2-3, 16-21
Account Group/ACL method of access control, 2-39—2-40
certificate templates, 7-20
multiple ACEs for users, 2-4
SIDs (security identifiers), 1-46—1-47
User/ACL method of access control, 2-39
Acquire Heap Size parameter, 9-20
Active Acquire parameter, 9-20
Active Directory
authenticating users on domain, 1-41
checking if available (DHCP), 4-22
deploying IPSec, 9-3—9-15
deploying security templates with, 3-18—3-24
deploying security templates without, 3-25—3-27
distribution and security groups, defined, 2-19
domain organization, forests, 1-41, 1-43, 1-45, 2-22—2-23, 16-13
domain organization, trusts, 1-43—1-55, 16-13—16-20
integration with DNS, 4-28
IPSec infrastructure planning, 8-17—8-18
permissions, 2-10—2-11
ports used by, 4-30
safeguarding database for, 4-29—4-30
SSL on domain controllers, 11-26—11-27, 11-34—11-37
user credential storage, 1-15, 1-32
wireless network infrastructure, 10-30
Active Directory Users and Computers tool, 2-32
Active Failures parameter, 9-20
Active Security Associations parameter, 9-22
Active Tunnels parameter, 9-22
AD (Active Directory)
authentication users on domain, 1-41
checking if available (DHCP), 4-22
deploying IPSec, 9-3—9-15
deploying security templates with, 3-18—3-24
deploying security templates without, 3-25—3-27
distribution and security groups, defined, 2-19
domain organization, forests, 1-41, 1-43, 1-45, 2-22—2-23, 16-13
domain organization, trusts, 1-43—1-55, 16-13—16-20
integration with DNS, 4-28
IPSec infrastructure planning, 8-17—8-18
permissions, 2-10—2-11
ports used by, 4-30
safeguarding database for, 4-29—4-30
SSL on domain controllers, 11-26—11-27, 11-34—11-37
user credential storage, 1-15, 1-32
wireless network infrastructure, 10-30
Add/Remove Programs, 5-17, 5-22
address filtering, MAC, 10-13
administration, 4-4
PKI (public key infrastructure), 7-8, 8-19—8-20, 15-20
responsibility for updates (patches), 5-16
security bulletins for, 5-5—5-8
Administrator certificate template, 7-22
Administrators group, 2-24
ADSI Edit utility, 8-17
Advanced Encryption System (AES), 10-12
Advanced System Information tool, 3-35
AES (Advanced Encryption System), 10-12
AH (Authentication Header) protocol, 8-13
allowing access (dial-up), 12-20
anonymous access, 1-32
anonymous authentication, 1-25—1-26
configuring (practice), 1-36—1-39
for external users, 1-32—1-33
Anonymous Logon group, 2-29
answer files, 6-23—6-24
Append Data permission, 2-8
Application event log, 3-11
application layer firewalls, 4-19
application (product) lifecycles, 5-10—5-11
application policies, 7-21, 7-64
archiving certificates, 7-46
exporting keys, 7-47—7-49, 7-52
key recovery basics, 7-46—7-47
process of, 7-49—7-50, 7-54
recovery process and, 7-50—7-52, 7-54
assessing
current patch status, 5-15—5-16, 5-29—5-30, 14-15—14-26
patch levels, 6-3—6-14
asymmetric key encryption, 7-4
attacks
dictionary attacks, 1-19, 10-10, 13-41
DNS attacks, 11-11
on public Web sites, 4-36
remote networking, 12-4
risks for, 7-48, 7-51, 10-3, 12-4
SID spoofing, 1-46
Trojan horses, 5-3
vulnerabilities to, 5-3, 6-3—6-15
wireless network threats, 10-3
auditing
authorization troubleshooting, 2-50—2-52
Certificate Services, 7-13
event analysis, 2-52—2-54
Exchange Server, 4-45
IPSec negotiations, 9-23—9-25
patch level assessment, 6-3—6-14
policies, 3-10
SQL Server security, 4-49—4-50
updates (patches), 5-35—5-36
AUOptions registry value, 6-35
Authenticated Bytes Sent/Received parameters, 9-23
Authenticated Session certificate template, 7-22
Authenticated Users group, 2-29
authentication, 1-3
anonymous, 1-25—1-26, 1-32—1-33, 1-36—1-39, 2-29
authorization vs., 1-6, 2-38
centralized vs. decentralized, 1-8
certificate troubleshooting (IPSec), 9-42—9-43
components of, 1-6—1-17
components of network systems, 1-7
configuring for external users, 1-32—1-40
delegated, 1-34—1-35
EAP (Extensible Authentication Protocol), 10-7
EAP-TLS, 10-10, 10-20, 12-12
IAS (Internet Authentication Service), 4-39—4-43
IAS account lockout, 1-21—1-22, 3-10, 4-41
IAS remote access, 12-10
IAS security template planning, 3-6—3-7, 13-10
IAS wireless network configuration, 10-21—10-24, 10-31
IEEE 802.1X standard, 10-7—10-9, 15-41—15-44
IPSec infrastructure planning, 8-18—8-21, 15-20
IPSec vs. SSL, 11-4
Kerberos protocol, 1-10, 1-13—1-15, 8-19, 15-20
LM protocol, 1-10—1-12, 1-24, 1-26
MS-CHAP v1, 12-8—12-10, 12-12
MS-CHAP v2, 10-9, 12-8—12-10, 12-13
multifactor, 1-7, 1-27—1-28
NTLM protocol, 1-10, 1-12—1-13
open system, 10-6
PEAP (Protected EAP), 10-9—10-10, 10-20, 12-12
protocols, 1-9—1-10. See also authentication protocols
RADIUS message authenticators, 4-40
RADIUS service, 10-8, 10-10
remote access users, 15-51—15-54
remote networking, 12-7—12-15, 12-17—12-19, 12-23—12-24, 12-30—12-32
shared secret, 10-4—10-6
SQL Server security, 4-47—4-48
strategy, planning and implementing, 1-18—1-31, 3-10, 16-6—16-12
trust protocol, 1-44—1-45
Web authentication, 1-33
Web authentication protocol, 1-33
Windows Server 2003 features, 1-9
WPA (Wi-Fi Protected Access), 10-11—10-13
Authentication Failures parameter, 9-20
Authentication Header (AH) protocol, 8-13
authentication protocols, 1-9—1-10
Kerberos authentication, 1-10, 1-13—1-15, 8-19, 15-20
LM authentication, 1-10—1-12, 1-24, 1-26
NTLM authentication, 1-10, 1-12—1-13
trusts, 1-44—1-45
Web authentication, 1-33
authorization, 2-3—2-18
ACLs (access control lists), 2-3, 16-21
authentication vs., 1-6, 2-38
DHCP servers, 4-21—4-23
groups, 2-19—2-37, 2-41—2-44, 16-13—16-20
least privilege, 2-38
permissions, 2-4—2-14, 4-48—4-49, 16-21—16-28. See also groups
permissions, files and folders, 3-12
permissions, analyzing, 3-36
permissions, certificate templates, 7-20, 7-24—7-25, 7-65
permissions, IIS Web site, 4-38
permissions, least privilege, 2-38
permissions, nesting groups, 2-20, 2-44
permissions, wireless networks, 10-19
permissions services, 2-12
remote access server configuration, 10-22—10-24, 12-19—12-23
services, 3-12
SQL Server security, 4-48—4-49
strategy for, 2-38—2-46, 16-21—16-28
troubleshooting problems, 2-47—2-55
wireless networks, 10-19
Autoenroll permission (certificate templates), 7-24
autoenrollment, certificates, 7-24, 7-32, 7-34—7-35
Autoenrollment Settings, 7-34
automatic certificate enrollment, 7-24, 7-32, 7-34—7-35
Automatic Certificate Request Settings (Group Policy), 7-34
Automatic Updates client, 5-17—5-19, 5-29
deploying updates, 6-32—6-36, 6-39—6-40, 6-45—6-53
| < Day Day Up > |
|