Index_I | MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298

I

IAS. see Internet Authentication Server

ICANN. see Internet Corporation for Assigned Names and Numbers

ICF. see Internet Connection Firewall

identity spoofing, 247

identity, worker process, 388

IEEE 802.11a, 315316

IEEE 802.11b, 315

IEEE 802.11g, 316

IEEE 802.15, 314

IEEE 802.11

development of/specifications, 315316

identity verification/authentication, 328

WEP encryption, 329

WLAN defined by, 314

IEEE 802.1x

authentication for wireless networks, 329, 347348

EAP and, 329330

group policy settings, 331334

IAS support for, 331

IETF. see Internet Engineering Task Force

IIS. see Internet Information Server

IIS Lockdown Wizard, 130

IISLockdown, 114116

IKE. see Internet Key Exchange

Impersonate a Client After Authentication right, 468

implementation. see framework for security implementation

/import, 9192

import IPSec policy, 276, 277

in- band connections, 600601

in-band management, 209

inbound passthrough, 270, 271

Incident Response plan, 2830

Increase Scheduling Priority right, 468

incremental backup, 593

incremental policies, 102

inetinfo.exe, 353, 396397

information disclosure, 14

infrastructure capabilities analysis, 32

infrastructure servers template, 131

infrastructure-based wireless network, 315

installations, IIS, 376381

Institute of Electrical and Electronic Engineers (IEEE), 315, 316

integrated Windows authentication

NNTP security and, 384

overview of, 367369

SMTP and, 385

interactive group, 512

interactive logon, 641

interfaces, DNS Server Service, 297

intermediary CAs

in CA hierarchy, 159

in geographical hierarchy, 162163

in organizational hierarchy, 163164

in PKI architecture, 187

root CA and, 186

internal CA, 161

internal namespace, DNS, 295296

internal networks, 442

Internet

filter actions and, 271

firewall and, 292, 293

IPSec best practices for, 283

Internet Authentication Server (IAS)

overview of, 674

RADIUS and, 369370, 406, 678

as RADIUS server, 442

security issues with, 374

Server 2000/2003 and, 404

support for 802.1x authentication, 331

using, 370373, 662670

Network Access Quarantine Control and, 439

Internet Connection Firewall (ICF), 292, 378381

Internet Corporation for Assigned Names and Numbers (ICANN), 295

Internet Engineering Task Force (IETF), 155

Internet Engineering Task Force (IETF) Request for Comments (RFCs) 2401-2409, 251

Internet Information Server (IIS)

5.0 sub-authentication, 364

6.0 template for, 130131

6.0, summary of services for, 129

certificate authentication, 356362

FTP, securing, 383384

installations, securing, 376381

monitoring strategy for, 389399

NNTP, securing, 384

RADIUS authentication, 369375

security design overview, 375376, 402403

security overview, 352

servers, risks to/hardening, 381383

SMTP, securing, 385

SSL security access information and, 404

updating, content management strategy for, 399

user authentication design overview, 353356, 401402

version 6.0, security features in, 385389

Windows logon authentication, 362369

basic security for, 114

Configure Your Server to set up, 113

configuring to use SSL, 306308

security, 250

security overview, 112113

on Server 2003, 142

using URLScan/IISLockdown, 114116

Internet Key Exchange (IKE)

filtering traffic, 293

in IPSec policy application, 274275

process, 252256

Internet Protocol Security (IPSec)

filters for network infrastructure servers, 119

filters for POP3 servers, 117118

for IIS, 114

spoofing, 294

WINS servers and, 146147

demand dial routing and, 422423

ESP on L2TP, 438

firewall configuration, 292293

IAS access and, 374

modes, 256257

for network infrastructure security, 244

for network services security, 250251

overview, 251

overview of, 242

persistent policies, 345

PKI and, 156

policies, applying, 273284

policies, default, 264273

policies, designing, 284289

policies, group policies and, 342343

policies, rules, 246

policy settings, 345346

process, 263264

protocols, 257263

security associations, 252256

summary of, 339

Internet Protocol Security (IPSec) policies

applying, 273284

best practices for, 282, 283

default, 264273

designing, 284289

in IPSec process, 263264

Internet Security & Acceleration server, 674

Internet Security Association and Key Management Protocol (ISAKMP)/Oakley, 252256

Internet Server Application Programming Interface (ISAPI), 353

interoperability

constraints analysis, 3438

designing security for, 226228

overview of, 39

interoperability constraints analysis

and MIT Kerberos, 3537

overview of, 3435

UNIX DNS with Server 2003, 3738

intranet, 375376

IP address

DNS clients , securing, 303

DNS security and, 293294

DNS Server Service security and, 297

IPSec modes and, 256257

NNTP security and, 384

SMTP security and, 385

spoofing, 247

IP filtering, 272, 289292

IP forwarding, 293

IP packet

with AH in IPSec modes, 260261

with ESP, 261262

IPSec process, 263264

protection with IPSec protocols, 257259

IP protocol 50. see Authentication Header

IP protocol 51. see Encapsulating Security Payload

IP Routing. see Routing Information Protocol

IP Security Monitor snap-in, 282

IP Security Policy Management

to configure IPSec policy, 285

for exporting/importing IPSec policy, 276

tunnels configured via, 260

IP Security Policy Management snap-in, 286289

IPSec. see Internet Protocol Security

IPSec context, netsh.exe , 273

IPSec deployment plan, 282

IPSec driver

modes, 278282

packet secured with, 263

policy application with, 274275

IPSec Policy Agent Service, 263, 274

IPSec Policy Management console, 283

IPSec polling interval, 277

IPSEC/L2TP, 46

ISAKMP (Internet Security Association and Key Management Protocol), 252256

ISAPI (Internet Server Application Programming Interface), 353

isolation mode, worker process, 354355

isolation, delegation requirement, 487488

issuing CAs, 162164

IT personnel, 197

Itanium-based systems, 603

IUSR_ComputerName account, 401, 403. see also anonymous authentication