|
-s switch, HFNetChk, 96
SACLs (system ACLs), 123
safeguards, risk assessment, 67, 70
SAs (security associations)
Main Mode, 202
overview of, 202
Quick Mode, 203
SASL (Simple Authentication and Security Layer Protocol), 37–38
scanners
antivirus, 180–85
file-server, 177, 183
Schema Admins group, 46, 119–21
schema, making changes in, 297
schema master, 122
Schneier, Bruce, 19
Script Maps page, IIS Lockdown, 108
SD (security descriptor), 43
searches, mailbox, 171–74
secedit, updating policies, 114
secret-key encryption
algorithms, 17–20
how it works, 16–17
public-key systems and, 24
Secure Hash Algorithm (SHA), 28–29
Secure Multipurpose Internet Mail Extensions protocol. See S/MIME (Secure Multipurpose Internet Mail Extensions)
Secure-NAT client, 313
Secure Server policy, IPsec, 205
Secure Sockets Layer protocol. See SSL (Secure Sockets Layer)
Secure Windows Initiative (SWI), 84
security architecture, Exchange/Windows, 41–58
access control process, 47–49
additional reading, 57
authentication, 43–47
overview of, 41–42
permissions, 49–56
terminology, 42–43
security buzzwords, 3–15
access and resource control, 5–7
additional reading, 13
authentication, 4–5
confidentiality, 8–11
data integrity, 7
malicious code, 11–13
privacy, 8–11
security, 3–4
security descriptor (SD), 43
Security dialog box, 200–1, 327–28
security groups, 44
security identifiers. See SIDs (security identifiers)
security logs, 347–48, 360. See also auditing
security, operational, 73–82
additional reading, 80
Exchange security for, 41–42
overview of, 73–74
strengthening, 79–80
targeted, 61
threat assessment, 74–75
Security Operations Guide for Windows 2000 Server
HFNetChk scripts, 93
policy templates, 111–14
security logging, 354, 357, 360
threats/risk assessment, 71
Security Policy Setting dialog box, 352
security principals, 43
Security Rule Wizard, 210–15, 311–13
Security tab, Outlook Options dialog box, 276–78
security zones, Outlook, 253–64
Secway’s Instant Messenger Privacy (SIMP), 345
segmentation, 294–97
Select Server Template page, IIS Lockdown, 107
Server Operators group, 45–46
Server policy, IPsec, 205
Server Publishing Rules node, ISA, 216
servers
access control to, 289
front-end/back-end topology and, 283–84
OWA segmentation applied to, 296
protecting, 77–78
service accounts, 121
service (SRV) records, 341
Services.txt file, 93, 319
Session Initiation Protocol (SIP), 346
session tickets, Kerberos, 37
SHA (Secure Hash Algorithm), 28–29
Shared Resource Management (SRM), 47–48
SIDs (security identifiers)
defined, 42
logon process and, 47
preventing privilege attacks, 118
security groups having, 44
signatures, digital. See digital signatures
SIMP (Secway’s Instant Messenger Privacy), 345
Simple Authentication and Security Layer Protocol (SASL), 37–38
Simple Mail Transfer Protocol. See SMTP (Simple Mail Transfer Protocol) relaying
SIP (Session Initiation Protocol), 346
Slipstick systems, 154
smart cards
Certificate Services and, 226
enrolling for, 236
overview of, 223, 239–40
protecting private key, 235–36
S/MIME (Secure Multipurpose Internet Mail Extensions), 273–79
additional reading, 40, 281
certificate management, 273–76
certificate validity and, 22
Outlook’s support of, 264–65
overview of, 34–35
PKI planning for, 223
setting options, 276–78
signing or encrypting message, 278–79
SMS (Systems Management Server), 100
SMTP (Simple Mail Transfer Protocol) connectors, 150–51
SMTP (Simple Mail Transfer Protocol) relaying, 139–60
access control to Outlook Web Access, 294
access control to SMTP virtual servers, 143–46
additional reading, 160
configuring, 150–51
controlling IP address connections, 147–48
controlling restrictions on, 149–50
removing stores from, 318
requiring authentication, 146–47
understanding, 139–42
verifying configuration, 151–52
virus scanners, 181–82
SMTP (Simple Mail Transfer Protocol), TLS/ SSL, 191–201
enabling STARTTLS, 199–201
overview of, 191–92
requesting SSL certificate, 192–99
SMTP (Simple Mail Transfer Protocol) virtual server Properties dialog box, 143–45
SMTP (Simple Mail Transfer Protocol) virtual servers, 143–46, 158
social engineering, 80
Software Update Services (SUS), 100
Source Server page, Exmerge Wizard, 172–73
spam control, 152–60. See also SMTP (Simple Mail Transfer Protocol) relaying
additional reading, 160
blocking techniques, 153–156
overview of, 156–58
third-party anti-spam products, 158–60
spam filters, 153–55
spoofing attacks, 63
springboard attacks, 61
SQL Server, MBSA, 89
SRM (Shared Resource Management), 47–48
SRV (service) records, 341
SSL (Secure Sockets Layer). See also Outlook Web Access, SSL; SMTP (Simple Mail Transfer Protocol), TLS/SSL
accelerator, 303
additional reading, 40
multiple SMTP virtual servers and, 150
opening firewall ports for, 306–7
overview of, 30
PKI planning for, 224
POP and IMAP and, 326–29
SMTP Authentication dialog box, 147
wireless devices, 329
standalone CAs, 227–28
STARTTLS
additional reading, 219
enabling, 199–201
firewalls/SMTP proxies blocking, 147
overview of, 192
POP and IMAP and, 326–27
status changes, account auditing, 358
STAVE model, 65–67
store-and-forward protocol, STMP, 139–42
stream ciphers, 17
STRIDE model, 68–71
Submission Confirmation page, Windows Certificate Services CA, 197
Submit A Saved Request page, Windows Certificate Service CA, 197
Summary page, Delegation of Control Wizard, 127
surge suppressors, 76
SUS (Software Update Services), 98–100
SWI (Secure Windows Initiative), 84
switches, command-line
DSACLS, 134–35
MBSA, 94–97
Sybari, 185
symmetric-key encryption, 16
Syskey utility, 78
system ACLs (SACLs), 123
system log, 347, 348
Systems Management Server (SMS), 100
|