Index_S

Safe Recipients list, Outlook

defined, 328

standardizing, 330

tweaking, 330

Safe Senders list, Outlook

defined, 328

standardizing, 330

tweaking, 330

safeguards, risk assessment, 70

SASL (Simple Authentication and Security Layer), 38, 384 “85

SAs (security associations), IPSec

defined, 226

Main Mode, 226, 228

Quick Mode, 227

scanners , antivirus

file server, 200

perimeter, 203 “5

types of, 202

scanning engines, 207

scans , Baseline Security Analyzer, 97 “98

Schema Admins group , 49, 127

schema master, 131

SCL (spam confidence level), 176, 177

Script Maps page, IIS Lockdown package, 116

SD (security descriptor), 45

secret-key encryption, 16 “20

AES algorithm, 18

Blowfish algorithm, 19

CAST-128 algorithm, 19

DES algorithm, 18

how it works, 17 “18

IDEA algorithm, 19

key length, 20

overview of, 16 “17

RC n algorithms, 19

Triple-DES algorithm, 18

Twofish algorithm, 19

work factor, 20

Secure Hash Algorithm (SHA), 29, 300 Secure/Multipurpose Internet Mail Extensions. See S/MIME (Secure/Multipurpose Internet Mail Extensions)

Secure Server (Require Security) policy, 229

Secure Sockets Layer. See SSL (Secure Sockets Layer)

SecurID system, RSA, 395

security associations. See SAs (security associations), IPSec

security descriptor (SD), 45

security groups, 46

security identifiers. See SIDs (security identifiers)

security labeling, 319

security laws, for administrators, 470 “76

architecture, 474

checklists, 472

documentation, 473 “74

fixes, 471

keeping security easy, 470 “71

mandating network security, 470

overview of, 466 “67

password strength, 472 “73

policy, 475

risk management, 474 “75

security laws, for end users, 463 “69

anonymity, 468 “69

combining technology with policy, 469

encrypted data, 467

operating system files, 470 “76

password complexity, 466

physical security, 464 “65

running/downloading programs, 470 “76

trusted administrators, 466 “67

virus scanners, 468

Web site visitors , 465 “66

security principals, 45

Security Reference Monitor (SRM), 45, 50 “51

Security Rule Wizard

creating IPSec policies, 234 “35, 238

IPSec policies applied to FE, 371 “73

Security Update. See Microsoft Outlook Security Update

security vocabulary, 1 “14

access controls, 5 “7

auditing, 7

authentication, 4 “5

authorized users, 3

confidentiality and privacy, 8 “11

data integrity, 7

malicious code, 11 “13

Microsoft Windows, 45 “46

resource controls, 5 “7

rights management, 13

timely access, 4

segmentation, OWA, 351 “54

segregation , Certificate Services, 286 “87

SELF principle, 49

senders

adding restrictions to, 171 “73

blocking individual, 166

Server (Request Security) policy, 229

Server Message Block (SMB), 35

Server Operators group, 48

Server Publishing Rules, 240 “41

servers

authentication, 255

installing Exchange, 127 “28

OWA access controls, 346 “48

OWA and single, 337 “38

permissions, 484 “85

POP3/IMAP4 on, 386 “87

publishing to Internet with ISA Server, 239 “42

scanning file, 200

segmentation applied to, 354

upgrading, 134

service packs , 107 “8, 134

services, minimizing OWA, 379 “81

Services.txt, 98

session ticket, 37 “38

setup. See permissions setup guide

SHA (Secure Hash Algorithm), 29, 300

SIDs (security identifiers)

overview of, 45

OWA logon process, 338 “39

Windows access control, 50 “51

Windows logon process, 50

signatures, OWA, 352 “53

Simple Authentication and Security Layer (SASL), 38, 384 “85

Simple Mail Transfer Protocol. See SMTP (Simple Mail Transfer Protocol)

Slipstick Systems, 165

smart card logon

building PKI with Certificate Services, 257

PKI infrastructure design and, 254 “55

stand-alone vs. enterprise CAs, 260

smart cards

enrollment station, 268

integrating, 271 “72

private key protection, 267 “68

SmartScreen technology, 176

SMB (Server Message Block), 35

S/MIME (Secure/Multipurpose Internet Mail Extensions), 312

additional reading, 333, 382

certificate revocation lists and, 22

overview of, 34 “35

OWA client security and, 363 “64

Windows RM compared to, 252 “53

S/MIME (Secure/Multipurpose Internet Mail Extensions), encryption infrastructure

building PKI with Certificate Services, 257 “58

enrollment into PKI, 268 “70

goals, 253 “56

hierarchy design, 258 “59

issuing digital certificates, 264 “68

outsourcing PKI, 256 “57

overview of, 253

revocation, 270 “72

server performance, 273

S/MIME (Secure/Multipurpose Internet Mail Extensions), Outlook security, 312 “24

certificate management, 313 “16

options, 316 “18

overview of, 300 “301

OWA support for, 352 “53

policy controls, 320 “24

signing or encrypting messages, 318 “20

SMS (Systems Management Server), 107

SMTP AUTH extension, 154, 180

SMTP connectors, 160 “62, 167

SMTP (Simple Mail Transfer Protocol)

account lockout settings, 113

adding disclaimers, 182 “84

additional reading, 180

antivirus scanners, 203 “5

connection security ( see TLS (Transport Layer Security))

firewall ports, 367

OWA logon, 351

relaying ( see relaying)

security auditing, 440 “41

spam control ( see spam control)

spoofing user identity, 70

SMTP (Simple Mail Transfer Protocol) relaying, 147 “63

additional reading, 180

configuring SMTP connectors, 160 “62

controlling access, 151 “58

defining, 148 “49

necessity for, 149

open , 149 “50

overview of, 147 “48

restrictions, 159 “60

verifying configuration, 162 “63

SMTP (Simple Mail Transfer Protocol), with TLS/SSL, 215 “25

enabling STARTTLS, 223 “25

overview of, 215 “16

requesting SSL certificate, 216 “23

SMTP virtual servers, 151 “58

access control by authentication, 155 “57

access control by IP address, 157 “58

access control restrictions, 159 “60

activating filter evaluation, 177 “78

additional reading, 180

overview of, 151 “53

stealth SMTP AUTH attacks and, 154

software

DCAR products, 413 “16

legal issues on loading, 460

Software Update Services (SUS), 104 “7

spam confidence level (SCL), 176, 177

spam control, 163 “79

additional reading, 180

blocking by IP address, 166 “67

blocking by sender or domain, 166

block listing, 167

deleting and filtering manually, 165 “66

overview of, 163 “64

perimeter filtering, 168

real mail and, 164 “65

security auditing, 440 “41

third-party products for, 178 “79

spam control, Exchange and, 168 “78

filter activation, 177 “78

filtering by recipient address, 171

filtering by sender address or domain, 171 “73

filtering connections, 173 “76

filters by third parties, 177

Intelligent Mail Filter, 176

overview, 168 “70

spell-checking, OWA, 352 “53

spoofing attacks, 66, 70 “72

SQL Server, 94

SRM (Security Reference Monitor), 45, 50 “51

SSL certificates, 216 “23

with online CA, 217 “19

pending requests , 223

PKCS#10 requests, 219 “22

setting up RPC over HTPPS, 244

for SMTP connections, 216

SSL (Secure Sockets Layer)

firewall ports, 367

IMAP4 and, 387 “90

OMA/EAS security and, 396 “97

overview of, 30 “31

OWA and, 344 “46, 354 “58

POP3 and, 387 “90

SASL vs., 38

secret-key encryption and, 17

stalking laws, 455

stand-alone CAs, 260 “61

STARTTLS verb

additional reading, 248

enabling TLS for specific domains, 224

failed negotiations, 225

forcing TLS for all mail traffic, 223 “24

inbound TLS, 224 “25

overview of, 216

problems with mail through SMTP server, 157

STAVE model, 67 “70

storage management, DCAR, 410, 412

store-and-forward protocol, SMTP, 147 “48

STRIDE model, 70 “72

surveillance, legal issues, 446, 451 “52

surveillance policy, 408

SUS (Software Update Services), 104 “7

SWI (Secure Windows Initiative), 90

switches

HFNetChk command line, 101 “2

MBSA command-line, 99 “100

symmetric-key encryption. See secret-key encryption

Syskey utility, 80

Systems Management Server (SMS), 107