pass-through authentication (NTLM) password policies controlling with Group Policy default security through GPOs protecting user accounts with passwords account lockout policies and basics of brute force attacks dictionary attacks on disabling storage of LM password hashes generating syskeys from hard to guess, choosing 2nd protecting service accounts user accounts restricting, using Account Policies storing in Security Accounts Manager, using one-way hashes 2nd 3rd strong [See strong passwords] vs. biometrics vs. PINs (personal identification numbers ) vs. smart cards 2nd weak, forcing users to change patches for security vulnerabilities verifying with MBSA (Microsoft Baseline Security Analyzer) path rules for identifying applications use caution with PDCs (primary domain controllers) in Kerberos pending certificate requests people as risk factors perfect forward secrecy (PFS) 2nd performance issues with IPSec Performance Logs and Alerts snap-in permissions configuring on files/folders, applying carefully protecting files with setting for DNS administration setting for shared files setting on DNS objects working with PFS (perfect forward secrecy) 2nd PGP (Pretty Good Privacy) product phone lines as risk factors controlling security vulnerability for physical access to domain controllers, restricting physical security 2nd assets, protecting best practices for data centers as risk factors laptops as risk factors 2nd 3rd making do with little money network cables as risk factors offices as risk factors people as risk factors protected by IPSec servers as risk factors vulnerabilities, identifying wiring closets as risk factors PINs (personal identification numbers) 2nd changing default distributing smart cards vs. passwords PKCS #7 (Public Key Cryptography Standard #7) PKI (public key infrastructure) 802.1x for wired clients and creating deployment plan deploying before using smart cards deploying private PKI [See private certification hierarchies] implementing public PKI issuing certificates for recording onto smart cards logon process using smart cards two-tier vs. three- tier vs. Group Policy for EFS RA certificates Point-to-Point Tunneling Protocol (PPTP) POLA (principle of least access) enforcing use of secure code polarizing filters to counter eavesdropping attacks Policy Agent (IPSec) politics of security policies port 21, used by FTP Service port 443, normally used by SSL port 80, normally used by web sites port blocking and firewalls port filtering capabilities port numbers used by web sites port scanners used by hackers ports needed for domain controller replication for IPSec traffic across firewalls PPTP (Point-to-Point Tunneling Protocol) Pre-Windows 2000 Compatible Access group Pretty Good Privacy (PGP) product primary domain controllers (PDCs) in Kerberos principle of least access (POLA) enforcing use of secure code private certification authorities, benefits/drawbacks private certification hierarchies backing up CA certificate revocation architecture choosing depth of configuring auditing for CA autoenrollment for Windows XP certificate templates issuing CA CP/CPS, constructing creating PKI deployment plan cryptographic hardware for deploying determining number/configuration of certificates hardware plans for implementing installing intermediate CA issuing CA root CA issuing certificates automatically maintaining publishing CRLs for offline root CA renewing CA certificates revoking issued certificates testing applications private keys 2nd archiving certificates and 2nd backing up certificates and of data recovery agents exporting for backup purposes certificates without for safekeeping importing from saved files protecting with Syskey without HSMs (hardware security modules) recovering reliance on, by EFS restoring archived sending encrypted email shared encrypted files, storing on file servers signed code and smart cards and 2nd protecting physical assets protection keys proxy authentication by Kerberos 2nd proxy tickets pseudorandom syskeys PTR records (Pointer records) public certification authorities, benefits/drawbacks public key certificates [See certificates] public key cryptography 2nd how recipients find keys receiving digitally signed email sending encrypted email signed code and used by smart cards in Windows Server 2003 public key infrastructure [See PKI]