|
A records
for delegating authority, 347
of resource record, 342
update with DNS/DHCP interaction, 387–389
ABR (area border router), 232
Acceptable Use Policy (AUP), 17–18, 46
access, 128
See also remote access strategy
access control, 58
access control entry (ACE), 784, 786
Access Control List (ACL)
AD security guidelines for, 786
DACL/SACL in, 783
WINS security and, 450–451
access point (AP), 807
access servers, 318
access token, 800
accidental threats, 91–92
account lockout duration setting, 826
Account Lockout Policy
G roup Policy to enforce, 785
settings, 826
for user account security, 797
account lockout threshold setting, 826
Account Policies, 94
account security
built-in accounts, 796
computer accounts, 797–798
security principals, 795
user account, 796–797, 798–800
user authentication, 800
accounting with IAS, 309
accounts, disabling, 117–118
ACE (access control entry), 784, 786
ACL. See Access Control List (ACL)
Active Directory (AD)
Active Directory-integrated zones, 375–377
based IPSec policies, 747–749
CAs and, 882–883
client configuration for SUS updates, 844–845
configuration planning and, 4
DNS, hardware requirements for, 194
DNS relationship to, 361–363
domain controllers and, 58–60
functional levels, 83–90
Group Policy and, 746–747
integrated with DNS, 64
IPSec Policy Agent and, 724, 725
network planning and, 13
permissions, 787–788
replication, 376, 377
RSoP and, 766
securing domain controllers, 121–122
security features with, 81–83
structure, 41–42
supporting with BIND, 397–398
Active Directory (AD) security, 782–800
account security, 795–800
cross-domain relationships, 791–792
cross-forest relationships, 793–795
domain controllers, physically securing, 790
guidelines for, 786
permission types, 787–790
permissions supported by, 783–784
scenarios/solutions for, 785–786
Schema Admins group, securing, 790
static access control, 782–783
summary of, 849
Active Directory Domains and Trusts
checking domain function level in, 506–507
for external trust creation, 793–794
for forest trust creation, 794–795
function of, 82
raising domain/forest functionality, 90
raising domain functional level, 84–85, 508
raising forest functional level, 88
Active Directory Installation Wizard (DCPROMO), 59, 363
Active Directory-integrated zone
advantages of, 375–377
for DNS server, 373–374
footprinting and, 405
in high-level DNS security, 409–410
summary of, 463
troubleshooting, 455–456
updates, 348
zone replication security with, 382
zone transfers with BIND, 395
Active Directory-integrated zone replication scope
changing, 380, 382
creating partition, 381
options of, 379–380
Active Directory Sites and Services, 82
Active Directory Users and Computers
to access domain/OU settings, 110
enabling remote access in, 493–495
function of, 82
for user account settings, 799–800
AD. See Active Directory (AD)
ad hoc mode, 801
adapter settings, 666
adapters. See network adapters
Add/Edit Port Rule dialog box, 695
Add or Remove Programs
for Certificate Services installation, 72–75
for Web server configuration, 67–68
Address Pool tab, 295
Address Resolution Protocol (ARP), 162
addressing component, 214
adjacency, 230
Adleman, Leonard, 864
administrative access, 669
administrative model, remote access, 492–495
administrative password, 814
Administrator account
described/disabling, 796
disabling for security, 118
renaming, 796–797
security of, 851
administrators, CA, 896–897
Administrators group, 126
Advanced Encryption Standard (AES), 868
affinity, 680
aging, 391–392
AH. See Authentication Header (AH)
AH tunnel mode. See tunnel mode
AirSnort, 813
algorithms
DES/3DES, 761–762
Diffie-Hellman, 724, 864
hash, 716
IKE and, 723
IPSec encryption, 715
all communications (mixed network)
described, 663
illustrated, 664
security of, 667–668
alternate configuration, 166–167
Always On power scheme, 662
American Registry for Internet Numbers (ARIN), 290
Analyzing Configuration window, 672–673
ANDing, 174–175
ANI (Automatic Number Identification), 317
announcements, 228
Anonymous group, 789
Anonymous Users group, 851
antivirus software
for server security, 117
turning off for SUS installation, 838–839
AP (access point), 807
APIPA (Automatic Private IP Addressing), 166–167, 491
application certificates, 870
application directory partition
for Active-Directory-integrated zones, 376
AD-integrated zone replication scope and, 380–382
to reduce replication traffic, 383
Application layer, OSI model, 238
Application layer, TCP/IP, 161
Application log, 584
application memory tuning, 562
application security, NLB, 691
application servers
adding to Windows Server 2003, 76–77
defined, 57
function of, 75
securing, 130
Web server configuration, 67–68
application services, 23–24
applications, 701
Approval Log, SUS, 845
area border router (ABR), 232
ARIN (American Registry for Internet Numbers), 290
ARP (Address Resolution Protocol), 162
ASBR (autonomous system boundary router), 233
ASR. See Automated System Recovery (ASR)
assets
determining value of, 92–93
protecting with security requirements, 93–94
security cost vs. benefit, 114
ATA interface, 564–565
attribute sets, 787
attributes, 58
audio services, 26
Audit Policy function, 785
auditing
centralized with IAS, 309
files/folders, 820–821, 822, 852
Registry keys, 821–822
Security log settings for, 823
security, turning on, 818–820
summary of, 848
viewing results of, 822
Auditor role, 897
AUP (Acceptable Use Policy), 17–18, 46
authentication
with 802.1x standard, 803
authorization vs., 329
described, 863
with domain controller, 58
EAP authentication, 804–805
IAS servers for, 532
Internet Authentication Service, 308–318
Kerberos authentication, 81
for mail server security, 128–129
overview of, 715–716
with pre-shared keys, 763–764
protocols, 810–812
with Public Key Infrastructure, 70
smart card in PKI, 897–906
with SQL Server, 127, 128
for wireless networks, 806–810
See also Public Key Infrastructure (PKI)
Authentication Data field, 720, 721
Authentication Header (AH)
defined, 712
function of, 258
overview of, 721–722
authentication methods
of IAS server, 314–317
for remote access, 508–512
restricting access by, 524–525
authenticator, 804–806, 807
authoritative answer, 351
authoritative response, 473
authoritative server
in DNS name resolution process, 351–352
DNS server placement, 372
name servers, 373–374
zone transfer and, 347–348
authorization
authentication vs., 329
of IAS, 317
of remote access, 516–520
auto-enrollment
of certificates, 497, 895–896
PKI, 868
user certificates and, 911
Automated System Recovery (ASR)
alternatives to, 614–615
backups, 120–121, 657
described, 612–613
overview of, 626–627
processes, 613–614
recovery with, 628–629
restoring with, 615, 617–618
Wizard, 615–617
Automatic Number Identification (ANI), 317
automatic partner configuration, 429–430
Automatic Private IP Addressing (APIPA), 166–167, 491
Automatic Updates software
required for SUS, 838
settings, 115–117
for SUS client configuration, 843
Automatic Wireless Wizard Configuration window, 808
autonomous system boundary router (ASBR), 233
availability. See high availability
availability, network, 15
|