Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] acceptable use policy (AUP) acces remote protecting perimeters 2nd 3rd access anonymous restictions 2nd 3rd 4th controls (physical security) 2nd 3rd 4th 5th GUIs LUA (least user access) 2nd restriction network threat modeling processes 2nd 3rd 4th 5th rogue applying 802.1X 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th enabling IPsec 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th layer 2/3 protection 2nd 3rd 4th network quarantine systems 2nd 3rd 4th 5th preventing 2nd sniffing 2nd Web 2nd access control lists [See ACLs] access control lists (ACLs) best practices 2nd 3rd 4th layers 2nd security descriptors 2nd 3rd 4th 5th 6th 7th access masks accounts administrative security 2nd 3rd 4th 5th mitigating services 2nd 3rd 4th 5th 6th 7th IDS lockout passwords logon events services ASR (attack surface reduction) 2nd 3rd 4th 5th 6th 7th securing 2nd 3rd 4th 5th SRPs (software restriction policies) 2nd ACKnowledge packets ACLs (access control lists) 2nd best practices 2nd 3rd 4th layers 2nd security descriptors 2nd 3rd 4th 5th 6th 7th acocunts services dependencies 2nd ACS (Audit Collection Services) active administrative dependency [See also dependencies] active attacks [See also attacks] active-automated attacks active-manual attacks AdAware Address Resolution Protocol (ARP) attacks 2nd addresses ranges 2nd spoffing preventing 2nd administration [See management] administrative security dependencies 2nd 3rd 4th 5th mitigating services 2nd 3rd 4th 5th 6th 7th administrator password policy (APP) administrators passwords configuring 2nd 3rd 4th 5th 6th responsibilities ADS (Automated Deployment Services) Advanced Encryption Standard (AES) adware AES (Advanced Encryption Standard) agent-based enumeration agents recovery AH (Authentication Header) ALE (annualized loss expectancy) Alerter service algorithms crypto troubleshooting 2nd analysis environments 2nd Exchange Server Best Practices Analyzer Tool existing systems hacking 2nd MBSA (Microsoft Baseline Security Analyzer) of penetration tetsing 2nd 3rd of security needs 2nd 3rd 4th 5th 6th 7th 8th 9th penetration tests threats 2nd 3rd 4th annualized loss expectancy (ALE) anonymous connections (null sessions) anonymous restrictions 2nd 3rd 4th 5th anti-malware limiting malicious code anti-spyware software, applying 2nd antivirus policy (AVP) antivirus software applying 2nd API (application programming interface) null sessions APP (administrator password policy) application programming interface (API) null sessions application-filtering firewalls 2nd applications analyzing 2nd ASR (attack surface reduction) blocking unnecessay interfaces 2nd disabling unnecessay features uninstalling unnecessary components 2nd 3rd data-protection mechanisms incorporating into 2nd exposed (on hosts ) for small businesses applying anti-spyware/antivirus software 2nd configuring firewalls 2nd controlling automatic updating updating 2nd functionality restricting browser 2nd 3rd 4th turning off 2nd 3rd hiding LUA (least user access) running as 2nd patch states patches 2nd 3rd security baselining systems 2nd 3rd 4th evaluating reviewing 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th 26th 27th servers services removing privileges 2nd 3rd spyware structure of updates version information 2nd Web IIS (Internet Information Services) applying 802.1X 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th anti-spyware/antivirus software 2nd firewalls 2nd 3rd 4th 5th 6th IPsec 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th passwords 2nd 3rd 4th 5th 6th 7th 8th 9th security guides ARP (Address Resolution Protocol) attacks 2nd ASR (attack surface reduction) 2nd 3rd 4th 5th 6th 7th assessment penetration tests associations (security) atatcks DoS (denial-of-service) attachments management 2nd 3rd attack surface reduction (ASR) 2nd 3rd 4th 5th 6th 7th attackers Warez attacks ARP (Address Resolution Protocol) 2nd cached credentials casual attackers cross-site scripting 2nd damage (types of) 2nd 3rd DDoS detecting DoS protecting availability elevation-of-privilege hacking analyzing 2nd cleaning atatckers 2nd detecting initial compromise of 2nd elevating privileges 2nd 3rd footprinting networks 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th null sessions 2nd 3rd 4th 5th 6th taking over 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th passwords 2nd 3rd 4th 5th 6th 7th penetration testing [See penetration testing] reflection spoofing preventing 2nd target networks hacking types of 2nd 3rd 4th AU (Automatic Update) 2nd Audit Collection Services (ACS) audit settings 2nd auditing enabling 2nd full privilege audits CrashOnAuditFail AUP (acceptable use policy) authentication challenge-response transactions 2nd 3rd 4th LAN Manager 2nd 3rd mutual passwords 2nd applying 2nd 3rd 4th 5th 6th 7th 8th 9th attacks 2nd 3rd 4th 5th 6th 7th best practices 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th management 2nd 3rd 4th 5th 6th 7th 8th 9th multifactor authenticaiton 2nd overview of 2nd 3rd policies physcial security SQL Server IIS (Internet Information Services) SQL Servers customizing 2nd troubleshooting Authentication Header (AH) authenticity authorization automated attacks worms Automated Deployment Services [See ADS] Automatic Update [See AU, updates] automatic updates controlling enabling availability protecting 2nd 3rd avoiding hacking viruses AVP (antivirus policy) awareness (security) 2nd awareness of security policies, creating 2nd |