Index_C

CA administrator

approving certificates by, 179180

request certificate from Web Enrollment Support, 177179

revoking certificates by, 180181

CA MMC console, 191

CA Web Enrollment Support

install/uninstall, 176

request certificate from, 177179, 187

cache, DNS Server Service, 298

cell phones, 314

central processing unit (CPU), 305

certificate authority (CA). see also enterprise CAs

defined, 320

design factors to consider, 158162

EFS and, 554, 616

enrollment and distribution, 177179

exclude from certificate request, 283

geographical hierarchy, 162163

installing on Windows Server 2003, 172176

network trust hierarchy, 164165

organizational hierarchy, 163164

in PKI architecture, 156

in PKI process, 154155

certificate authority (CA) servers

enabling auditing on, 181183

securing enterprise hierarchy, 169170

securing stand-alone CA, 170171

threats against, 167169

factors to consider, 161

trust hierarchies for, 162165

certificate distribution

approving certificates by CA administrators, 179180

enrollment and distribution, 177179

installing CA on Windows Server 2003, 172176

questions about, 190191

renewal and auditing, 181184

revoking certificates by CA administrators, 180181

certificate policy and practice statements, 157

certificate repositories, PKI, 157

certificate request, 283

Certificate Revocation List (CRL)

EFS and, 565

function of, 320

offline CAs and, 168169

defined, 157

Certificate Services

common threats against, 167169

designing PKI that uses, 186

function of, 320

functionality of, 152

installing on Windows Server 2003, 172176

on VPNs, 444

certificate template, 188

Certificate Trust List (CTL), 157

certificate, authentication, IIS, 399

certificate-based authentication, 422

certificates

approving certificates by CA administrators, 179180

authentication, IIS, 356362, 401

configuring L2TP RRAS to accept, 434438

cross-certification of, 444

described, 254

EFS and, 580, 620, 624

EFS and third-party, 588

enrollment, 565566

enterprise/stand-along CAs and, 160

function of, 319

PKI scalability and, 161

with private keys, backing up, 580584

recovery agent, 554555

renewal of, 565566

request from CA Web Enrollment Support, 177179

revoking certificates by CA administrators, 180181

root CAs/subordinate CAs and, 159

RRAS and, 451452

SGC, 387

storage, EFS and, 564565

for wireless access authentication, 337

certutil.exe, 184, 185

Challenge Handshake Authentication Protocol (CHAP), 653, 678679. see also Microsoft Challenge Handshake Authentication Protocol

Change the System Time right, 465

CIA triad , 68

cipher.exe, 566569, 577579, 616

Clear This Database check box, 137

Client (Respond Only) policy, 265, 284

client authentication, 308

client authentication settings, 6061

client setting, SMB signing, 310312

clients

authentication protocols, choosing, 646651

authentication requirements analysis, 640646

authentication strategy design, 639640

DNS, securing, 303

down-level, configuring, 7475

identifying non-current, 215217

internal resource access for, 662

Network Access Quarantine Control and, 670

OS features, restricting access to, 637639

OS hardening for, 629637, 672

protocol selection for, 652654

remote access account lockout and, 670

remote access plan overview, 651652

remote access policy for, 654662

security overview, 628629, 671

using IAS for, 662669

CM (Connection Manager), 438439

CMAK (Connection Manager Administration Kit), 439

co-location, backup, 590

command-line tools

cipher.exe, 566569

dsmod.exe, 528

GPUpdate command, 9495

Hfnetchk.exe, 5152

netsh, 668

secedit.exe, 51, 8895, 140

common policy, remote access, 654

compat*.inf template

down-level clients and, 75

overview of, 57

server roles and, 131

compromised key attack, 248

computer account management plan, 165

computer forensics, 30

computer startup mode, IPSec driver, 278279

computer-based authentication, Wi-Fi, 334335

computers. see clients; laptop computers; servers

conditions, remote access, 655656

confidential data, 26

confidentiality, ESP, 263

/configure, 8890

Configure Your Server Wizard

described, 141

for IIS, 113

using, 103106

Connection Manager (CM), 438439

Connection Manager Administration Kit (CMAK), 439

Connection Point Services (CPS), 438439

connections

encrypted, SSL/TLS and. see Secure Socket Layer/Transport Layer Security

numbered/unnumbered, 421422

persistent in extranets, 443

console redirection

EMS and, 602603

service processor, 604

Windows, 604605

content, 399, 404

Content Management Server (CMS), 399, 404

contexts, netsh.exe command, 272273

control design strategy, 455

copy backup, 592

corruption, data, 510

CPS (Connection Point Services), 438439

CPU (central processing unit), 305

Create a Pagefile right, 466

Create a Token Object right, 466

Create Global Objects right, 466

Create Permanent Shared Objects right, 466

CreateProcessAsUser, 469

credentials, basic authentication, 364

critical security updates, 41

CRL. see Certificate Revocation List

cross certificate, 164165

CryptoAPI (cryptography application programming interface), 554

Cryptographic API (Crypto API), 387

cryptographic service provider (CSP)

described, 565

installing CA and, 174

securing stand-alone CA, 170171

shut down, 189

cryptography, 386388

CSP. see cryptographic service provider

CTL (Certificate Trust List), 157

custom policy, remote access, 655