Index_A

A

A records

for delegating authority, 347

of resource record, 342

update with DNS/DHCP interaction, 387–389

ABR (area border router), 232

Acceptable Use Policy (AUP), 17–18, 46

access, 128

See also remote access strategy

access control, 58

access control entry (ACE), 784, 786

Access Control List (ACL)

AD security guidelines for, 786

DACL/SACL in, 783

WINS security and, 450–451

access point (AP), 807

access servers, 318

access token, 800

accidental threats, 91–92

account lockout duration setting, 826

Account Lockout Policy

G roup Policy to enforce, 785

settings, 826

for user account security, 797

account lockout threshold setting, 826

Account Policies, 94

account security

built-in accounts, 796

computer accounts, 797–798

security principals, 795

user account, 796–797, 798–800

user authentication, 800

accounting with IAS, 309

accounts, disabling, 117–118

ACE (access control entry), 784, 786

ACL. See Access Control List (ACL)

Active Directory (AD)

Active Directory-integrated zones, 375–377

based IPSec policies, 747–749

CAs and, 882–883

client configuration for SUS updates, 844–845

configuration planning and, 4

DNS, hardware requirements for, 194

DNS relationship to, 361–363

domain controllers and, 58–60

functional levels, 83–90

Group Policy and, 746–747

integrated with DNS, 64

IPSec Policy Agent and, 724, 725

network planning and, 13

permissions, 787–788

replication, 376, 377

RSoP and, 766

securing domain controllers, 121–122

security features with, 81–83

structure, 41–42

supporting with BIND, 397–398

Active Directory (AD) security, 782–800

account security, 795–800

cross-domain relationships, 791–792

cross-forest relationships, 793–795

domain controllers, physically securing, 790

guidelines for, 786

permission types, 787–790

permissions supported by, 783–784

scenarios/solutions for, 785–786

Schema Admins group, securing, 790

static access control, 782–783

summary of, 849

Active Directory Domains and Trusts

checking domain function level in, 506–507

for external trust creation, 793–794

for forest trust creation, 794–795

function of, 82

raising domain/forest functionality, 90

raising domain functional level, 84–85, 508

raising forest functional level, 88

Active Directory Installation Wizard (DCPROMO), 59, 363

Active Directory-integrated zone

advantages of, 375–377

for DNS server, 373–374

footprinting and, 405

in high-level DNS security, 409–410

summary of, 463

troubleshooting, 455–456

updates, 348

zone replication security with, 382

zone transfers with BIND, 395

Active Directory-integrated zone replication scope

changing, 380, 382

creating partition, 381

options of, 379–380

Active Directory Sites and Services, 82

Active Directory Users and Computers

to access domain/OU settings, 110

enabling remote access in, 493–495

function of, 82

for user account settings, 799–800

AD. See Active Directory (AD)

ad hoc mode, 801

adapter settings, 666

adapters. See network adapters

Add/Edit Port Rule dialog box, 695

Add or Remove Programs

for Certificate Services installation, 72–75

for Web server configuration, 67–68

Address Pool tab, 295

Address Resolution Protocol (ARP), 162

addressing component, 214

adjacency, 230

Adleman, Leonard, 864

administrative access, 669

administrative model, remote access, 492–495

administrative password, 814

Administrator account

described/disabling, 796

disabling for security, 118

renaming, 796–797

security of, 851

administrators, CA, 896–897

Administrators group, 126

Advanced Encryption Standard (AES), 868

affinity, 680

aging, 391–392

AH. See Authentication Header (AH)

AH tunnel mode. See tunnel mode

AirSnort, 813

algorithms

DES/3DES, 761–762

Diffie-Hellman, 724, 864

hash, 716

IKE and, 723

IPSec encryption, 715

all communications (mixed network)

described, 663

illustrated, 664

security of, 667–668

alternate configuration, 166–167

Always On power scheme, 662

American Registry for Internet Numbers (ARIN), 290

Analyzing Configuration window, 672–673

ANDing, 174–175

ANI (Automatic Number Identification), 317

announcements, 228

Anonymous group, 789

Anonymous Users group, 851

antivirus software

for server security, 117

turning off for SUS installation, 838–839

AP (access point), 807

APIPA (Automatic Private IP Addressing), 166–167, 491

application certificates, 870

application directory partition

for Active-Directory-integrated zones, 376

AD-integrated zone replication scope and, 380–382

to reduce replication traffic, 383

Application layer, OSI model, 238

Application layer, TCP/IP, 161

Application log, 584

application memory tuning, 562

application security, NLB, 691

application servers

adding to Windows Server 2003, 76–77

defined, 57

function of, 75

securing, 130

Web server configuration, 67–68

application services, 23–24

applications, 701

Approval Log, SUS, 845

area border router (ABR), 232

ARIN (American Registry for Internet Numbers), 290

ARP (Address Resolution Protocol), 162

ASBR (autonomous system boundary router), 233

ASR. See Automated System Recovery (ASR)

assets

determining value of, 92–93

protecting with security requirements, 93–94

security cost vs. benefit, 114

ATA interface, 564–565

attribute sets, 787

attributes, 58

audio services, 26

Audit Policy function, 785

auditing

centralized with IAS, 309

files/folders, 820–821, 822, 852

Registry keys, 821–822

Security log settings for, 823

security, turning on, 818–820

summary of, 848

viewing results of, 822

Auditor role, 897

AUP (Acceptable Use Policy), 17–18, 46

authentication

with 802.1x standard, 803

authorization vs., 329

described, 863

with domain controller, 58

EAP authentication, 804–805

IAS servers for, 532

Internet Authentication Service, 308–318

Kerberos authentication, 81

for mail server security, 128–129

overview of, 715–716

with pre-shared keys, 763–764

protocols, 810–812

with Public Key Infrastructure, 70

smart card in PKI, 897–906

with SQL Server, 127, 128

for wireless networks, 806–810

See also Public Key Infrastructure (PKI)

Authentication Data field, 720, 721

Authentication Header (AH)

defined, 712

function of, 258

overview of, 721–722

authentication methods

of IAS server, 314–317

for remote access, 508–512

restricting access by, 524–525

authenticator, 804–806, 807

authoritative answer, 351

authoritative response, 473

authoritative server

in DNS name resolution process, 351–352

DNS server placement, 372

name servers, 373–374

zone transfer and, 347–348

authorization

authentication vs., 329

of IAS, 317

of remote access, 516–520

auto-enrollment

of certificates, 497, 895–896

PKI, 868

user certificates and, 911

Automated System Recovery (ASR)

alternatives to, 614–615

backups, 120–121, 657

described, 612–613

overview of, 626–627

processes, 613–614

recovery with, 628–629

restoring with, 615, 617–618

Wizard, 615–617

Automatic Number Identification (ANI), 317

automatic partner configuration, 429–430

Automatic Private IP Addressing (APIPA), 166–167, 491

Automatic Updates software

required for SUS, 838

settings, 115–117

for SUS client configuration, 843

Automatic Wireless Wizard Configuration window, 808

autonomous system boundary router (ASBR), 233

availability. See high availability

availability, network, 15