Index_S

Previous page
Table of content
Next page

S

S/MIME, Secure/Multipurpose Internet Mail Extensions
SA (Security Association), 252256, 286
SAC (Special Administration Console) environment, 605606, 625
SACL. see system access control list
safeguards, 8, 25
SAM (Security Account Manager), 641
scalability, Windows Server 2003 PKI, 161
scheduling priority, 468
scopes, DHCP, 326
scripts, 9596
SEA (Spokesman Election Algorithm), 315
secedit.exe
described, 51, 140
registry objects permissions and, 552553
overview of, 138139
in scripts, 9596
for settings reset, 139
streaming media servers and, 148
USER_RIGHTS and, 144145
using, 8895
secret data, 26
secure boundaries, 243244
Secure cache against pollution option, 298
secure dynamic updates, 300
Secure Hash Algorithm 1 (SHA1), 190, 253, 254, 304
secure mode, IPSec driver, 279
Secure Shell (SSH), 607
Secure Sockets Layer (SSL)
security certificates, 404
configuring IIS to use, 306308
in IIS, 356
NNTP security and, 384
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
configuring, 305308
described, 303304
firewalls and, 309
pros/cons of, 305
server-gated cryptography and, 386387
overview of, 650651
secure templates, 5759
secure*.inf template
hisec*.inf comparison, 62
IIS 6.0 and, 130131
modifying, 142
overview of, 5759
server roles and, 131
SMB signing required in, 309
Secure/Multipurpose Internet Mail Extensions (S/MIME)
for e-mail security, 308, 309
PKI and, 156
securedc.inf template
for domain controllers, 107, 130
Kerberos and, 144
registry objects permissions and, 552
security. see also Active Directory security; network infrastructure security
best practices, 89, 140
for CA servers, 166171, 185
deployment with scripts, 9596
for interoperability, 226228
logical authentication strategy, 165167
vs. privacy, 45
update infrastructure, designing, 210217
vs. usability, 6, 141
security access token buffer, 520
Security Account Manager (SAM), 641
Security Association (SA), 252256, 286
security awareness, 1213
security boundary, 221
Security Configuration and Analysis snap-in
adding, 6466
described, 140
function of, 142143
overview of, 51, 138
registry objects permissions and, 552553
for review of settings, 8588
secure*.inf and, 144
Windows NT 4.0 and, 143
Security Configuration Manager. see Security Configuration Tool Set
Security Configuration Tool Set
described, 140
overview of, 5152, 138
Security Configuration Manager and, 142
Security Extensions to Group Policy
described, 140
overview of, 51, 138139
security groups. see groups, security
security incidents, responding to
attack indicators, recognizing, 27
network services, recovering, 31
overview of, 26
response plan, creating, 2830
Security log
event types, 396397
Generate Security Audits right and, 467
logon events in, 483
security negotiation, 270271
Security Parameter Index (SPI), 261, 262
security policies, 245246. see also policies
Security Policy Editor, 205
security principal, 454
Security Template snap-in, 310
adding, 6466
overview of, 138
secure*.inf template and, 142
security templates
application on domain controllers, 8082
applying, 141
best practices for, 5253
configuring, 6674
and console, saving, 67
defining baseline, 5052
deployment overview, 7576
described, 140
incremental, 102
modifying baseline according to server roles, 129137
overview of, 139
predefined, 140, 141
recommended for server roles, 130132
secure, overview of, 5759
SMB signing and, 309310
security templates, deploying
overview of, 7576
using Group Policy, 7680
on DCs, 8082
result of, 82
using RSoP MMC snap-in, 8385
using secedit.exe, 8895
using Security Configuration and Analysis, 8588
security threats
predicting network, 1315
recognizing external, 1521
recognizing internal, 1213
security updates, 41. see also Software Update Services
security*.inf, 5557
SECURITYPOLICY, 89
segmented namespace, DNS, 296
segmented networks, 313
Selectable Cryptographic Service Provider, 387388, 407
Selective Authentication, 224, 233
Sequence Number, 261, 262
Server (Request Security) policy
described, 265266
as high security default policy, 284
properties of, 287, 288
as standard security policy, 284
viewing, 267269
Server (Require Security) policy, 266
server authentication settings, 6061
server certificates, 400, 404
Server Message Block (SMB)
signing, 309312, 346
EFS and, 557
secure*.inf and, 59
server roles
common, 100101
defining/implementing/securing, 101102
described, 141
overview of, 99100
server security, function based
best practices for, 102106, 141
default settings, reapplying, 5666
DHCP servers, 120
DNS servers, 120122
domain controllers configuration, 106112
down-level clients , configuring, 7475
file/print/member servers, 123
high-profile servers, 141
IIS role, 112116
modifying baseline templates according to role, 129132
multiple OSs and GPMC, 9798
network infrastructure servers, 118119
overview of, 50
policy settings, reviewing result of, 8285
POP3 mail servers configuration, 116118
RAS servers, 125127
security application across enterprise, 132137
security deployment with scripts, 9596
security settings review, 8588
Server 2003 templates, 5356
server roles, 99102
streaming media servers, 128
template application on domain controllers, 8082
template deployment overview, 7576
templates, best practices for, 5253
templates, configuring, 6674
templates, defining baseline, 5052
terminal servers, 123125
using Group Policy to deploy settings, 7680
using secedit.exe, 8895
WINS servers, 122123
server setting, SMB signing, 310312
Server-Gated Cryptography (SGC), 386387
servers
headless, 607
IIS, risks to/hardening, 381383
security of, 501502
SUS, 213214
service accounts, 460461, 497
Service Administrators, 487, 497
service processor, 604, 610
service ticket, 472
SERVICES, 89
services, clients, 629630, 672
session ticket, 472
settings, security
deploying with Group Policy, 7680
reapplying default, 5666
review of, 8588
Setup security.inf template
described, 140
IIS 6.0 and, 130
overview of, 5556, 139
server roles and, 131
SGC (Server-Gated Cryptography), 386387
SHA1. see Secure Hash Algorithm 1
share permissions, 455456, 496
shared key authentication, 328
Shiva Password Authentication Protocol (SPAP), 653
shortcut trusts, 225226, 234235, 236
Shut Down the System right, 469
shut down, CA server, 168
shutdown, 467
signature algorithm, 154
Simple Mail Transport Protocol (SMTP), 116, 385
single namespace, 295
single-session policy, 206
Single Sign-on, 640, 643
smart cards
for CA authentication strategy, 166
for CA security, 171, 185
enterprise CAs and, 160
wireless network authentication and, 348
SMB. see Server Message Block
SMS (Systems Management Server), 216, 633634
SMTP (Simple Mail Transport Protocol), 116, 385
sniffer attack, 248
social engineering attacks, 20, 4344, 196, 248249
software
GPOs for deployment of, 213215
of network infrastructure, 243
restriction policies for Terminal Services, 206
for security updates, 211213
vulnerabilities, network security threats and, 1920
Software Update Services (SUS)
application updates and, 673
design overview, 210211, 232
identifying non-current clients, 215217
for patch management, 632633
rebooting and, 236
server requirements, 674
vs. SMS, 634
for software, 211213
for software, using GPOs for deployment, 213215
Solicited Remote Assistance, 207
SPAP (Shiva Password Authentication Protocol), 653
Special Administration Console (SAC) environment, 605606, 625
special identities, 512
SPI (Security Parameter Index), 261, 262
Spokesman Election Algorithm (SEA), 315
spoofing
identity described, 14
recognizing indicators of, 41
threat to wireless networks, 317
SQL access, 308
SSH (Secure Shell), 607
SSL. see Secure Sockets Layer
SSL/TLS. see Secure Socket Layer/Transport Layer Security
stand-alone CAs
certificate template in, 188
certificates and, 160
issue certificates, 186
as root CA, 168
scalability of, 161
securing, 170171
defining, 158
standard security policies
based on risk, 245246
when to use, 284
startrom.com, 605
startup and recovery options
disaster recovery and, 600
for safeguarding data, 591, 592
startup options, 612614
stateful filtering, 282
stateful mode, 279
static routes, 415416
Store passwords using reversible encryption setting, 475476
Streaming Media servers
configuring, 128
and internal users, 148
summary of services for, 129
template for, 132
STRIDE, 1415
striped set with parity. see RAID-5
strong authentication, RAS, 127
sub-authentication component, 364, 404
subordinate CA, 159
summarization routes, 415416, 449450
SUS. see Software Update Services (SUS)
switches, 312
symmetric encryption, 153
symmetric keys, 304
SYN flood, 15
/sync, 95
Synchronize Directory Service Data right, 469
Syskey utility, 634637
system access control list (SACL)
described, 513
auditing setting for, 481
vs. DACL, 619
object access events and, 539
system clock, 465, 472
system events auditing, 481, 539
System log, 396
System Management Server (SMS), 216, 633634
system root security template, 6263
System Services Policies, 72
system state, 594


Previous page
Table of content
Next page
MCSE Designing Security for a Windows Server 2003 Network. Exam 70-298
MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298
ISBN: 1932266550
EAN: 2147483647
Year: 2003
Pages: 122
Authors: Elias Khasner, Laura E. Hunter
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
VBScript Programmers Reference
Postfix: The Definitive Guide
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Twisted Network Programming Essentials
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy