| < Day Day Up > |
|
access control design for network resources, 158–192,
See also security analysis
access control, defined, 158
access control entries, 159
access control lists, 158–159
Active Directory objects,
See also permissions
access tokens, 159–160
delegation of control, 167–168
design scenarios, 163–164, 165–166
group access, 164–166
overview, 159–160
permissions, 161–164, 166–167
real world scenarios, 162, 165
security descriptors, 159–160
availability statements, 9
case study, 187–189
case study answers, 192
case study questions, 190–191
exam essentials, 182
files and folders
audit policies, 174–177, 178
audit review procedures, 178
backup and recovery, 179–181
design scenarios, 172, 178
file encryption, 173–174, 173
NTFS permissions, 169, 171–172
overview, 19
real world scenario, 176
Share permissions, 169–172, 171
key terms, 182
object ownership and, 158
overview, 19, 158, 181
permission inheritance and, 159
permissions assigned to objects and, 158
review question answers, 186
review questions, 183–185
security descriptors, 158–159
Windows Registry, 174, 175
access to operating systems, restricting,
See also client
design scenario, 338, 341
via administrative templates, 338–341, 339–340
via predefined groups, 336–338
access points, 99
access points, designing open, 105, 105
Account Mappings dialog box, 263, 264
ACEs (access control entries), 159
ACLs (access control lists), 158–159, 244
Active Directory,
See also access control;
authentication design
OU/Group Policy model for clients,
See also client
based on computer function, 326, 327
based on computer type, 326, 326
based on operating system, 325–326, 325
design scenario, 328–329
filtering GPO application, 327, 327
overview, 324–325, 328
storing certificates in, 217
ad hoc mode of communication, 99
administrative accounts, 131, 133
administrative templates, 338–341, 339–340
Advanced Attributes dialog box, 173, 173
AG(G)DLP permission assignments, 134–135
AG(G)UDLP permission assignments, 164
AH (Authenticated Header) headers, 75
anonymous access in IIS, 259
Application Layer Gateway service, 250
Application Management service, 250
Application Server dialog box, 254–255, 254, 256
ASP.NET forms-based authentication, 261–262
ASP.NET service, 254, 257
assets at risk, 2–3
attacks. See security threats
auditing
audit data locations, 177
audit statements, 177
certificate authorities, 218, 221–224, 222
before defining baselines, 289–290
designing audit policies
and audit review procedures, 178
for client security, 330
design scenario, 178
for IIS security, 268–269, 269
for network resource access, 176–177
importance of, 174–175
overview, 18
real world scenario, 176
Registry access, 222
remote management tool use, 375
resources to audit, 177
security update patches, 352–354, 353
authenticating users on websites,
See also IIS
ASP.NET forms-based authentication, 261–262
certificate authentication, 262–264, 263–264
IIS authentication methods
anonymous access, 259
basic authentication, 259
design scenario, 261
digest authentication, 260
integrated Windows authentication, 260
Microsoft .NET Passport authentication, 260
overview, 258
setting, 258, 259
overview, 257–258
RADIUS authentication, 264–265
authentication,
See also network
defined, 120, 158
in demand-dial routing, 94–96
MMC snap-ins and, 381
in remote management, 373–374
in securing VPNs, 89–90
in smart cards, 217
authentication design for Active Directory, 120–156
analyzing account/password requirements
account scope, 134
administrative accounts, 131, 133
design scenarios, 136, 138, 141
external accounts, 131, 133
group membership, 134–135
internal accounts, 131, 133
overview, 131
permissions assignment, 134
Principle of Least Privilege and, 135, 136
setting account password policies, 137, 139–141
user rights assignment, 133, 133
vulnerabilities, 135–137
authentication requirements, 124–126
case study, 148–151
case study answers, 155–156
case study questions, 152–154
client authentication, 128–129
design scenarios, 125, 128–129, 132
exam essentials, 142
forest/domain trust models, 127, 129–131, 130, 132
key terms, 142
overview, 120, 124, 141–142
real world scenarios, 122–124
review question answers, 146–147
review questions, 143–145
selecting authentication protocols, 126–127
vulnerabilities
compatibility, 124
encryption, 124
evaluating cost of, 137, 138
excessive privileges, 136
passwords, 121–124, 122, 135, 137
Authentication Methods dialog box, 258, 259
authentication policy, 9
authentication protocols
in demand-dial routing, 95–96
for local area networks, 126–127
in remote access infrastructures, 83–86
in wireless networks, 103–104, 103–104
authorization, 120, 158
Authorization Manager, 246–247
| < Day Day Up > |
|