|
DACL (discretionary access control list), 783, 784
data
backup, 600
confidentiality, 717
drive arrangement of, 566–568
encryption level, 512–513
integrity, 496, 716
security of server cluster, 669
storage/retrieval, 21–23
transit security, 714
Data Encryption Standard (DES), 715, 761–762
Data Link layer, OSI model
function of, 237
illustrated, 239
Layer 2 switches operate at, 244
data modification attacks, 405
data points, Event Viewer, 587
data source name (DSN), 128
Data Sources (ODBC) applet, 128
data stream, 257–258
database compaction, 448
Database description packet, 230
database servers, 68, 127–128
Day-and-Time-Restrictions attribute, 523
DC (domain component), 73
DC security template, 95
DCOM (Distributed Component Object Model), 683–684
DCPROMO (Active Directory Installation Wizard), 59, 363
DCs. See domain controllers (DCs)
DDNS. See Dynamic DNS (DDNS)
debug logging, 414–415
decentralization, 13–14
default cluster group, 667
default gateway, 222
default host, 678–679
default route, 217
default security settings, 109–112
default security.inf file, 828
default settings, wireless network devices, 813–815
default static route, 250–251
deliberate threats, 91
Delta Certificate Revocation Lists (Delta CRLs)
CDPs and, 886–887
PKI, 868
Server 2003 and, 887
demand-dial connection, 304–306
demand-dial interface
adding, 261–262
configuring, 304–306
in NAT installation, 293
Demand-Dial Interface Wizard, 261–262
demand-dial routing, 260, 261–262
demilitarized zone (DMZ), 258
Denial of Service (DoS) attacks
on DNS server, 406–407
on WINS, 449–450
on WINS server, 126
as wireless security threat, 813
Department of Defense (DOD) networking model, 452–453
deployment
of IPSec, 711, 726–728
testing and, 29–30
DES (Data Encryption Standard), 715, 761–762
design, network, 36–38, 39
destination address, 212, 217
DFS (Distributed File Service), 22, 63
DHCP. See Dynamic Host Configuration Protocol (DHCP)
DHCPACK, 182
DHCPOFFER, 182
DHCPREQUEST, 182
dial-in access design, 489–495
incoming port needs, 491–492
IP addresses, allocating, 490–491
list of, 489
remote access by policy, 494–495
remote access by user, 493–494
summary of, 530
dial-in connection
advantages of modems, 488
callback security for, 513
controlling IP address, 528
restricting access by connection type, 522–523
summary of, 529
Dialed Number Identification Service (DNIS), 317
dictionary attack, 807
differential backup, 598–599
Diffie-Hellman groups, 713, 762–763
Diffie-Hellman key-exchange algorithm, 724
Diffie, Whitfield, 864
digital certificates, 868–870
digital signatures
CAs and, 907
RSA and, 865–866
security and, 910–911
Dijkstra algorithm, 231
direct memory access (DMA), 569
directory, 58
Directory Service log, 585
disabled filtering mode, 679
discretionary access control list (DACL), 783, 784
disjointed DNS namespace
DNS configurations for, 361–362
features that support, 365–366
disk controller
to drive ratio, 568
technologies, 564–565
Disk Defragmenter, 566–568
disk partitions, 120
disk quotas
described, 22
e-mail and, 46
for mail servers, 129
disk resource security, 669
diskette drives, 616
disks
controller/drive ratio, 568
controller technology of, 564–565
data access on, 568
data arrangement on, 566–568
drive life expectancy, 565–566
fault tolerance solutions for, 620–624
hot spare drives, 624
requirements for Windows OSs, 80
for server cluster, 661
shared cluster, 659–665
distance-vector routing protocol, 225, 226–229
distinguished name, 73
Distributed Component Object Model (DCOM), 683–684
Distributed File Service (DFS), 22, 63
distribution groups, 86–87
distribution of certificates, 887–897
DLLS (dynamic link libraries), 233–235
DMA (direct memory access), 569
DMZ (demilitarized zone), 258
DNIS (Dialed Number Identification Service), 317
DNS. See Domain Name Service (DNS)
DNS Console Monitoring tab, 413
Dnscmd utility, 417
DNSLint utility, 417, 454
DnsUpdateProxy group, 390–391, 472
DOD (Department of Defense) networking model, 452–453
#DOM tag, 420
domain
of Active Directory, 361–362
applying security template to, 109–110
authentication, 31
computer account security and, 797–798
defined, 58
functional level, upgrading, 32
zone vs., 461–462, 472
Domain Admins group, 519–520
domain component (DC), 73
domain controllers (DCs)
Active Directory and, 58–59
AD-integrated zone replication scope and, 379–380
AD-integrated zones and, 375–377
auditing, 819–820
created from backups, 83
defined, 57
defining subtype on, 808–809
DNS service and, 363
DnsUpdateProxy group and, 390
functional levels and, 83–90
functions of, 58
IPSec and, 712
operation master roles, 59–62
password requirements for, 119
physically securing, 790
root CAs and, 885
securing, 121–122
security templates and, 95–96, 97
tracks function level, 507
domain functional levels
described, 83–87
raising, 90
remote access security and, 505–508
domain local group scope, 792
domain name
installing DNS service and, 353–354
supporting multiple namespaces, 363–369
domain name master, 60
Domain Name Service (DNS)
cache, 340–341, 455–456
client suffix search list, 403–404
databases, backup of, 602
domain namespace, 344–345
domains vs. zones, 345–348
forwarding, 383–387
function of, 341
installing DNS service/configuring reverse lookup zones, 353–357
monitoring DNS servers, 412–417
name resolution process, 348–352
namespace, designing, 357–369
new features of, 472
query, 455
resource records and, 342–344
reverse lookup zones, 352–353
security issues, 404–412
server deployment, 369–377
settings, 32
summary of, 461–464
troubleshooting host name resolution, 453–457
updates with DHCP, 387–392
Windows Server 2003 DNS interoperability, 392–404
zone replication, 377–383
Domain Name Service (DNS) client
in DNS name resolution process, 348–352
troubleshooting host name resolution, 454–455
Domain Name Service (DNS) namespace
security and, 410, 411
split DNS configuration, 398–399
summary of, 461–462
Domain Name Service (DNS) namespace, designing
considerations for, 357–358
DNS and AD, 361–363
host naming conventions/limitations, 359–361
multiple namespaces, supporting, 363–369
parent domain name, choosing, 358–359
Domain Name Service (DNS) records
aging/scavenging of, 391–392
security for, 389–391
updates with DHCP, 387–389
Domain Name Service (DNS) security, 404–412
DoS attacks, 406–407
footprinting, 405
in general, 404
guidelines for, 410–412
redirection, 406
securing DNS deployment, 407–408
security levels, 408–410
Domain Name Service (DNS) server
Active Directory and, 361–363
defined, 57
in DNS name resolution process, 348–352
domains vs. zones, 347–348
forwarding, 383–387
function of, 341
host naming conventions and, 360
installing DNS service/configuring reverse lookup zones, 353–357
monitoring, 412–417
multiple namespaces, 363–369
name resolution with, 64–65
securing, 125, 126
security issues, 404–412
split DNS configuration, 398–399
troubleshooting host name resolution, 453–457
zone replication planning and, 377–383
Domain Name Service (DNS) server deployment, 369–377
number of servers, 369–371
placement, 372
roles, 373–377
server capacity, 371–372
domain namespace
designing DNS namespace, 357–369
domains vs. zones, 345–348
structure of, 344–345
summary of, 461–462
domain naming master, 382
domain rename utility (rendom.exe), 86
domain security ID (SID), 60
domain tree, 361
domain-wide master roles, 60–62
domainlet, 669
domains
cross-domain relationships, 791–792
cross-forest relationships, 793–795
smart cards and, 898
structure of, 31, 32
trust relationships between, 851
zones vs., 345–348
DoS attacks. See Denial of Service (DoS) attacks
drainstop option, 687
drive-by, 813
drive-letter assignments, 661
driver logging, IPSec, 756
drivers, 725–726
drives. See disks
DSN (data source name), 128
duplex setting, 570
duplexing, 622
dynamic access control, 783
dynamic content, 127
Dynamic DNS (DDNS)
DHCP interaction with, 387–392
security for, 389–391
updates, 362–363
Dynamic Host Configuration Protocol (DHCP)
to assign IP address, 290
databases, backup of, 601
DNS server and, 463–464
DNS updates with, 387–392
security for, 389–391
troubleshooting, 182–183
Dynamic Host Configuration Protocol (DHCP) server
defined, 57
described, 154–155
hardware requirements, 194
for IP addressing, 490
role of, 63–64
securing, 125–126
WINS client configuration and, 440–441
dynamic IP address, 63–64
dynamic link libraries (DLLs), 233–235
dynamic mode commands, 749
dynamic mode policy, 749
dynamic records, 423
dynamic registration, 454–455
dynamic routing, 220–222, 245
dynamic updates
BIND support of, 397–398
DNS performance counters for, 416
redirection attack and, 406
troubleshooting, 457
|