pagefile, creating, 498
Pakistani Brain virus, 5
partitions, in Active Directory, 525
passfilt.dll file, 144
Passport Authentication, IIS, 430, 432, 433
password attacks
on cached credentials, 176–177
commonly-used password lists for, 146
with Credential Manager, 179–181
defending against, 183–187
on domain computer accounts, 177–179
island hopping, 183
LM hash algorithm and, 149
NT hash algorithm and, 149
password capturing, 165–166
password guessing, 163–165, 171–175
password resetting, 160–163
with physical access, 18
on RDP connection objects, 181
password capturing, 165–166
password cracking
birthday attacks, 173
brute-force attacks, 171–172
definition of, 166
dictionary-based, 144, 145–146, 172–173
hybrid dictionary attacks, 145–146, 173
LC5 program, 174–175
LCP program, 175
password hashes, extracting, 166–168
programs for, finding, 175
rainbow tables, 173–174
share password attacks, 169
sniffing authentication traffic, 168–171
password files, 200
password guessing, 163–165, 171–175
Password List reader, 181
password logging trojans, 165
Password Reset Diskette, 182
password resetting, 160–163
passwords
alternatives to, 187
auditing, 187
for BIOS, 71
boot-up passwords, 71
changing frequently, 186
commonly used, 146
complexity requirements for, 144–146, 184
default passwords, 146
definition of, 141
expiration warning for, 506
group policy settings for, 492–493
hashes for
challenge-response mechanism for, 152
definition of, 146–147
extracting, 166–168
LM algorithm for, 147–148
not salted, effects of, 150
NT algorithm for, 147–148, 149
protected during authentication, 152
Syskey protecting, 150–152
when applied, 147
for highly privileged accounts, 74
length requirements
guidelines for, 184
for strong passwords, 146
when complexity enabled, 144
machine account changes of, 504–505
multiple incorrect entries, lockout resulting from, 185–186
number of possible passwords, 141–142
random password generators, 187
resetting, EFS keys lost by, 464
for service accounts, 263
size of, 141–142
strong passwords, 146
studies regarding, 145
Unicode characters used in, 142–144
patch management document, Microsoft, 64
Patch, Microsoft (MSP), 489
patches
for high-risk files, 225
for IE (Internet Explorer), 367
installing, for IIS, 440–441
keeping up-to-date, 63–65
level of, 63
management tools for, 64–65
regression testing of, 64
for services, 293–294
as sign of attack, 10
Path exception rules, SRP, 223, 343
PATH locations, malware in, 29–30
payload damage attacks, 23
PC Anywhere program, 41
pcAnywhere autotransfer files, 194
PDC Emulator, FSMO role, 523
.pdc files, 200, 248
PDF ebook files, 197
PDF files, exploitations of, 52, 200
penetration tests, for IIS, 456
Perfect Forward Secrecy (PFS), 314–315
Performance Log Users group, 86, 108
Performance Logs and Alerts service, 275
Performance Monitor Users group, 86, 109
Perl script files, 200
permanent shared objects, creating, 498
permissions. See also NTFS permissions; Share permissions
for GPOs (group policy objects), 533–535
for IIS, 433–436
for registry, 241–243
setting on per-socket basis, 126
Petch trojan, 33, 41
PFS (Perfect Forward Secrecy), 314–315
pharming attacks, 18–19, 397, 418
phishing attacks. See also malware
definition of, 18–19
e-mail used for, 396–397
IE 7 features defending against, 348
prevalence of, 5–6
spearfishing, 396
URL spoofing used for, 354–357
phishing filter, IE settings for, 374, 377, 382–383
physical attacks
defending against, 70–71
definition of, 17, 56
physical security, IIS, 438
.pif files (Program Information Files), 191, 200, 248
pings, scanning for IP addresses using, 9
.pl files, 200
platforms, exploitations of, 52–53. See also Windows
Plug and Play service, 275
plug-in exploits, IE, 364–365
.png files, 200, 248
.pol files, 200, 248
PolicyMaker (Desktop Standard), 224, 346
POP3 service, Microsoft Exchange, 285
Popdis Trojan, 47
pop-up blocker, IE settings for, 374, 377
Portable Media Serial Number Service, 275
ports
firewall ports for IPSec, 318–319
services, running on non-default ports, 6–7, 75–76
Postini security service provider, 57, 70
.pot files, 200
.pothtml files, 200
Power Users group
definition of, 109
protecting, 74
removed in Windows Vista, 76, 87
SID for, 86, 87
Powerpoint files, 200
.ppa files, 200
.ppt files, 200
Ppt11.adm template, 516
.ppthtml files, 200
preEmpt product (Pivx), 387
pre-shared key (PSK), 309
Pre-Windows 2000 Compatibility Access group, 86, 113, 116
Pre-Windows 2000 group, 109–110
.prf files, 200
principal. See security principal
Print Operators group, 86, 110
Print Server for Macintosh service, 286
Print Spooler service, 276
printer drivers, security options for, 503
privileges
password protections for highly privileged accounts, 186–187
renaming highly privileged accounts, 73–75, 186
running software with decreased privileges, 63
running software with escalated privileges
RunAs feature, 59–63, 114
third-party applications for, 62
for users, 58–63, 218–219
processes
accounts that can start, specifying, 501
memory quota of, policy settings for, 497
profiling, 501
worker processes, IIS, 422–425
Profile Assistant, IE, 382
Program Files folder, 132
Program Information Files (.pif files), 191, 200, 248
program overlay files, 199
programs. See executable files; software
Protected Storage service, 276
protocol in URL. See URL monikers
Proxy SID, 85
Psgetsid utility (Sysinternals), 87, 89
PSK (pre-shared key), 309
.pst files, 200
Pub11.adm template, 516
publications
about anti-phishing and anti-spoofing, 357
Certificate Auto-enrollment in Windows XP, 478
about cross-site scripting, 357
about EFS, 478
EFS article (Russinovich), 478
Encrypting File System in Windows XP and Windows Server 2003, 478
"Follow the Bouncing Malware" article, 19
"The Great Password Debates: Pass Phrases vs. Passwords" (Microsoft), 145
Key Archival and Management in Windows Server 2003, 478
Microsoft's Windows Server 2003 PKI Certificate Security, 309
Offline EFS, 468
security guides, 289
Windows Data Protection, 478
Windows Server 2003 Security Infrastructures (De Clercq), 86
Pwdump program, 166–168
PWL files, 181, 200
Pwl Tools, 181
Pwservice.exe program, 166
.py files, 200