Figure 9-23: Enabling or disabling specific modules in IIS 7
Chapter 10: Protecting E-mail
Figure 10-1: Screensavers are basically executables.
Figure 10-2: Moving the extension away from the file is often used to fool users.
Figure 10-3: File extensions are not a good way to make security decisions.
Figure 10-4: By hovering over a link in an e-mail, you can see where the link actually goes.
Figure 10-5: Many e-mail protocols are clear-text.
Figure 10-6: Windows Mail is very conspicuous about suspected phishing messages.
Figure 10-7: The anti-phishing features can be disabled or modified.
Figure 10-8: Windows Mail contains client-side junk-mail protection.
Figure 10-9: Windows Mail contains a "Safe sender" list feature.
Figure 10-10: The "blocked senders" list may primarily be useful to block messages from people you do not want to talk to.
Figure 10-11: You may block messages from a particular TLD.
Figure 10-12: You may block messages using certain character encodings.
Figure 10-13: Windows Mail stores all e-mail messages as text files.
Figure 10-14: Windows Mail can convert all messages to plain-text.
Figure 10-15: Windows Mail preserves the original HTML content as an HTML attachment.
Figure 10-16: You can also use plain-text for all outgoing messages.
Figure 10-17: Ensure that your mail client reads all mail in the Restricted sites zone.
Figure 10-18: For sites and e-mail messages in the Restricted Sites zone, the user is prompted for her username and password.
Figure 10-19: By default, the user will not be able to access high-risk file types.
Figure 10-20: An administrator can modify the behavior of the AM using Group Policy.
Chapter 11: Managing Windows Firewall
Figure 11-1: The architecture of the Windows Filtering Platform
Figure 11-2: When configuring a firewall rule, you can also configure IPsec.
Figure 11-3: Dialog box that a user might see when an application tries to connect out
Figure 11-4: The user will almost certainly never see this dialog box.
Figure 11-5: During setup, you have to select a firewall profile.
Figure 11-6: The Windows Firewall control panel
Figure 11-7: The Windows Firewall Settings dialog box
Figure 11-8: Windows Security Center
Figure 11-9: Windows Firewall with Advanced Security snap-in
Figure 11-10: Windows Firewall settings in Group Policy
Figure 11-11: You can also configure the Windows XP SP2 firewall settings in Group Policy.
Figure 11-12: Configuring the firewall to allow connections only from particular users
Figure 11-13: Building a program rule, Step 1
Figure 11-14: Enter the path to the program you wish to control.
Figure 11-15: We will require IPsec authentication.
Figure 11-16: Restricting connections to certain computers
Figure 11-17: Configure which profile the rule applies in.
Figure 11-18: Create a server-to-server connection security rule.
Figure 11-19: Leave the end-points as "Any IP addresses".
Figure 11-20: We want to request authentication.
Figure 11-21: Click the Customize button to select advanced authentication protocols.
Figure 11-22: Select Kerberos as your authentication protocol.
Figure 11-23: Customizing a rule by interface type
Figure 11-24: You can use a WMI filter to apply different Group Policy settings based on the operating system version.
Figure 11-25: Predefined rules exist for particular services.
Figure 11-26: Configure restrictions for dynamic RPC ports.
Chapter 12: Server and Domain Isolation
Figure 12-1: You can restrict connections to only particular users.
Figure 12-2: You can now specify which authentication protocols are preferred.
Figure 12-3: Configuring IPsec rules in prior versions of Windows was anything but easy.
Figure 12-4: The initial screen on the connection security rule wizard asks you to select a rule type.
Figure 12-5: First you define which connections you require authentication on.
Figure 12-6: You can customize authentication protocols.
Figure 12-7: Set the default authentication options in the firewall properties.
Figure 12-8: Select end-points for a server-to-server rule by IP address.
Chapter 13: Wireless Security
Figure 13-1: Typical Wi-Fi setup
Figure 13-2: Manually inputting a WEP key
Figure 13-3: Manually inputting a WPA2 key
Figure 13-4: Example WPA2 setup options at the access point
Figure 13-5: Configuring a WPA2-Enterprise connection
Figure 13-6: Using WPA2 with EAP-MSCHAPv2
Figure 13-7: Instruction EAP-MSCHAPv2 to use user's default logon name and password
Figure 13-8: Configuring WPA2 to require computer certificate authentication
Figure 13-9: Network stumbler in action
Figure 13-10: Disabling SSID broadcasting on access point
Chapter 14: Using Group Policy
Figure 14-1: Create a GPO for a different user by selecting it in the Browse dialog box.
Figure 14-2: You can add several local GPOs to a single console.
Figure 14-3: To delete a local Group Policy object, follow the same steps you used to add it and right-click the object name.
Figure 14-4: The Resultant Set of Policy tools also work with MLGPO.
Figure 14-5: Using the GPMC, you can get an at-a-glance view of the GPOs in your domain.
Figure 14-6: You can now manage much of Internet Explorer using Group Policy.
Figure 14-7: Group Policy operational events are now in the event log.
Figure 14-8: Attachment Manager settings in Group Policy
Figure 14-9: Windows Vista permits administrators to control device installation.
Figure 14-10: You can whitelist specific devices or entire classes of devices.
Figure 14-11: The Windows Vista RDP client can authenticate the server you connect to. Server authentication only works with Windows Vista or higher terminal servers.
Figure 14-12: Windows Vista offers several new configuration options, such as the encryption used for RDP sessions.
Chapter 15: Thinking about Security
Figure 15-1: How many users can make an intelligent security decision based on this dialog box?