[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X] [Z] SA (Security Association) and IPSec drivers safe mode passwords protected by Syskey SAM (Security Accounts Manager) disallowing anonymous enumeration of SAM accounts storing passwords using one-way hashes 2nd 3rd SANS Security Policy Project SCA (Security Configuration and Analysis) toolset analyzing security settings creating SCA console creating security databases importing security templates SCEP (Simple Certification Enrollment Protocol) Schema Admins group schema context (Active Directory forest) 2nd Secedit.exe tool secure code dangers of unsigned code enforcing use of how to tell identifying secure configurations, deploying with security templates Secure Domain Controller Security template secure dynamic updates (DNS) enabling secure email digitally signed messages, sending downsides to using encrypted messages, sending HushMail online service implementing non-Microsoft products PGP (Pretty Good Privacy) product two forms of secure file shares, setting up Secure Server (Require Security) default configuration Secure Sockets Layer (SSL) public key encryption and Secure Workstation Security template securedc.inf template securews.inf template security Active Directory features awareness and education programs basics of checklist, example of concerns with DNS default settings for upgrades through GPOs determining status of, using MBSA DHCP server authorization enforcement mechanisms administration-based technology-based enforcing with Group Policy for files, provided by NTFS importance of lack of, in DHCP layered for networks physical [See physical security] problems with web servers providing for Active Directory objects domain controllers domains forests remote access and its risks smart cards and for wireless networks Security Accounts Manager [See SAM] Security Association (SA) and IPSec drivers security breaches, reducing likelihood of Security Configuration and Analysis (SCA) toolset analyzing security settings creating SCA console creating security databases importing security templates security databases analyzing security settings creating creating templates from importing security templates security design in Windows Server 2003 security enhancements in Windows Server 2003 Enterprise Server Edition Standard Server Edition and Windows XP 2nd security features in Windows Server 2003 security identifiers (SIDs) Security Log verifying IPSec operation with IKE logging security policies 2nd attributes of benefits of common characteristics of components of creating keeping passwords secret monitoring political aspects of security procedures benefits of creating monitoring security settings analyzing audit policy, controlling built-in security templates and controlling identifying security needs password policy, controlling Security Showdown EFS data recovery strategies Group Policy philosophy two-tier vs. three- tier PKI security templates built-in creating your own deploying secure configurations with deploying, using Group Policy effective use of Group Policy and how they work importing not available on older systems upgrading domain controllers and use with caution vs. Group Policy security tokens on client computers selective authentication self-signed certificates senior management creating security policies obtaining approval of defined procedures server certificates Server Side Includes, security risks with servers as risk factors DHCP interactions with clients restricting to highly secure communication securing 2nd security auditing for storing shared encrypted files on service accounts avoid using Administrator accounts as for DHCP servers, creating protecting service tickets, maximum life for services needed for domain controller replication for IPSec traffic across firewalls session key perfect forward secrecy (PFS) Setup Security template setupsecurity.inf template shared computers, local file security for shared encrypted files, storing on file servers shared files, setting permissions for shared secret key cryptography supported by Windows Server 2003 for IPSec communication shoulder surfing sid2user tool SIDs (security identifiers) disallowing SID/ name translation object security and ACLs SID filtering signed code dangers of unsigned code device drivers and how it works Simple Certification Enrollment Protocol (SCEP) sites (Active Directory) skew time smart card readers smart cards 2nd Active Directory security and authenticators and biometric technology and blank, purchasing cryptography, ideal for deploying PKI first distributing enrolling users of how they work implementing issuing logon process lost/damaged preparing to issue private keys and 2nd reauthenticating removal from reader, setting policy for requirements for using simplifying security for users vs. passwords 2nd in Windows Server 2003 improvements to SMB file sharing SMB signing vs. IPSec SMTP (Simple Mail Transport Protocol) software patches for security vulnerabilities software publishing certificates Software Restriction Policy [See SRP] Software Update Services (SUS) configuring clients installing/configuring server integrating with MBSA splitf.exe file spoofing attacks on DHCP servers on DNS servers 2nd SRP (Software Restriction Policy) 2nd best practices for configuring Group Policy and SSL (Secure Sockets Layer) IIS (Internet Information Services) and public key encryption and vs. IP Security stale accounts, cleaning up standalone CA (certification authority) standard DNS zones restricting zone transfers Standard Server Edition of Windows Server 2003, security enhancements in standards vs. policies/procedures stolen computers, reality of strong passwords choosing 2nd forcing users with weak passwords to change laptops and for Syskey structural components of Active Directory subnets and sites SUS (Software Update Services) configuring clients installing/configuring server integrating with MBSA suspicious activities, report to security symmetric algorithms symmetric keys synchronization schedules, configuring Syskey utility mode 2, configuring for laptops modes of protection system information, protecting with Syskey System Monitor tool | |