|
RA (registration authority), 70
radio frequency (RF), 801
RADIUS
access server, 318
client, configuring WAP as, 503–504
IAS of, 308–318
remote access policies and, 515
RRAS server and, 512
server in EAP authentication, 804–805
for wireless authentication, 501
RAID, 566, 620
RAID 0, 620
RAID 0+1, 623–624
RAID 1, 621–622
RAID 5, 622–623
RAID array, 445
RAID controller, 659
RAM (random access memory). See memory (RAM)
random deployment option, 652–653
ranges, private address, 214
RC4 encryption algorithm, 802, 815
RDC (Remote Desktop Connection), 753
Read Group Membership permission, 784
readers, smart card, 899
recovery
key, 868
overview of, 593–594
root CAs and, 885
strategy, 628
recovery agent, 884
Recovery Console, 120
recursion
disabling for DNS security, 404, 406
disabling for DoS attack protection, 407
by DNS server, 348
nonrecursive servers, 375
troubleshooting host name resolution and, 455
recursive query
defined, 473
in DNS name resolution process, 348–349
of DNS server, monitoring, 416
test, 413
red X, 107
redirection attack
causes of, 406
prevention with static entries, 439
on WINS, 450
redundancy
fault tolerance and, 618
proxy server, 620
with server hardware, 624–625
referral answer, 351
referral zone, WINS, 403–404
registration authority (RA), 70
Registry
editing, 755
function of, 94
keys, auditing, 821–822
regulations, 26–27
relative ID master, 60
relative IDs (RIDs), 60
Remote Access Policies, 494–495
remote access policies
creating, 515–528
with IAS, 309
included in NAQC, 524
for router-to-router VPN, 306
summary of, 531
for VPN connection, 500
for wireless connections, 502–503
remote access policies, creating
authorizing remote access, 516–520
controlling remote connections, 525–528
policies/profiles, 515–516
restricting remote access, 520–525
remote access profile
controlling remote connections, 525–528
function of, 515
Remote Access Quarantine Agent service (RQS.EXE), 524
remote access strategy
analyzing organizational needs, 487
analyzing user needs, 487
authentication methods for, 508–512
callback security for, 513
connections, managing, 513–514
data encryption level for, 512–513
dial-in access design considerations, 489–495
domain functional level and, 505–508
in general, 486
Network Access Quarantine control, 514
remote access policies, creating, 515–528
remote access types to allow, 487–489
smart cards for, 514
summary of, 529–531
VPN design considerations, 495–500
wireless remote access design considerations, 500–505
remote access types, 487–489
remote access/VPN server role, 57
remote administration, 668
remote connections, 525–528
Remote Desktop Connection (RDC), 753
remote management, NLB, 683–684, 691
Remote Procedure Call (RPC), 683–684
removable storage, 22
renaming tool, 85–86
rendom.exe (domain rename utility), 86
renewal interval, 447
replication
of domain controllers, 59
linked value replication, 89
PDC emulator and, 61
WINS server deployment and, 424
replication partnership
accepting with WINS, 424
configuration, 428–434
summary of, 466–467
troubleshooting, 459–460
replication, WINS, 427–437
change-only replication, 428
convergence time factors, 427
multihomed WINS server and, 440
push vs. pull replication, 474
replication models, 434–437
replication partnership configuration, 428–434
summary of, 466–467
troubleshooting, 459–460
report, backup, 604
Request Security IPSec policy, 733
requester, 807
requests, certificate, 892–895
Require Security IPSec policy, 733
Reservations button, 295
reset account lockout counter after setting, 826
resource cluster groups, 642–643
resource records (RRs)
components of, 342–344
DNS namespace design and, 357–358
DNS server capacity and, 371
domains vs. zones, 345–348
function of, 341
multiple namespaces and, 363–364
secure updates and, 389–390
update with DNS/DHCP interaction, 387–389
resources, physical, 194
Respond Only IPSec policy, 732–733
restore
ASR, 613, 614
from backup, 605–607
of cluster servers, 657
WINS database, 452
See also recovery
Restore to Alternate Location feature, 601
Restore Wizard, 603–604
Restricted Groups, 94
restriction of remote access, 520–525
Resultant Set of Policy (RSoP)
defined, 713
for Group Policy modeling, 4
IPSec planning with, 765–768
XP IPSec policies and, 752
reverse lookup records, 401–402
reverse lookup zones
creating, 356
described, 352
security considerations for, 353
update with DNS/DHCP interaction, 387–389
reversible encryption, 825
revocation, certificate, 886–887
RF (radio frequency), 801
RIDs (relative IDs), 60
ring replication model, 434–435
RIP. See Routing Information Protocol (RIP)
RIP version 1 (RIPv1), 226, 227
RIP version 2 (RIPv2), 226–227, 252–255
risk, 91–92
Rivest, Ron, 802, 864
rogue router, 227
rogue servers, 126
rogue WLANs, 812
role-based administration, 896
roles, 27
See also server roles
root CAs
capabilities of, 911
overview of, 872
security and, 129, 885
at top of hierarchy, 72
root hints file, 349–350
root zone, 367–368
rootsec template, 96
round robin, 456
routable protocols, 238
route add command, 251–252
route command, 170
route entry, 217–218
route table, 168–169
routed connections
advantages of, 289
hardware/software routers, 289–290
IP addressing for, 290
summary of, 326
router
components of, 259
defined, 222
function of, 244–245
hardware/software routers, 289–290
setting up Windows Server 2003 as, 245–257
router-to-router VPNs
connection types for, 303–304
on demand/demand-dial connections, 304–306
described, 263
persistent connections, 306
remote-access policies, 306
Windows Server 2003 as, 267–268
routes
minimizing number of, 260
types of, 216–217
routing, 150
Routing and Remote Access console
managing NAT from, 294
for troubleshooting routing, 271
VPN connections with pre-shared keys, 763
Routing and Remote Access Server Setup Wizard
configuring VPN server with, 302–303
installing NAT with, 292–293
for Windows 2003 Server as static router, 248–249
Routing and Remote Access Service (RRAS)
configuring OSPF, 255–257
configuring RIPv2 on router, 252–255
configuring Windows 2003 Server as static router, 246–251
EAP and, 905
IAS integration with, 309
packet-filtering methods of, 279
Routing and Remote Access Service (RRAS) server
activating IAS authentication for, 310–312
assigning IP addresses with, 490–491
authentication methods for, 512
restricting authentication methods in, 525
routing problems and, 274–275
supports multiple functions, 328
Routing Information Protocol (RIP)
as distance-vector protocol, 225
OSPF benefits over, 229–230
problems with, 275, 276
RIP router process, 228–229
RIP v1/v2, 226–227
routing options, 236–245
bridges, 240–242
connectivity devices, selecting, 236–237
hubs, 239–240
OSI model review, 237–239
routers, 244–245
switches, 242–244
routing protocols
distance-vector/link-state protocols, 225–226
dynamic routing and, 221
minimizing number of, 260–262
Open Shortest Path First, 229–233
problems with, 274–276
Routing Information Protocol, 226–229
routing security, 257–270
IPSEC security features/process, 257–258
logging level, 269–270
network topology, simplifying, 259–262
packet filtering/firewalls, 268–269
router-to-router VPNs, 263–268
routing components, requirements for, 259
summary of, 278
routing strategy
evaluating routing options, 236–245
gateways, 222–225
IP addresses, 213
IP version 6, 215–216
NAT components, 214–215
netsh commands, 233–236
routing concept, 212
routing protocols, 225–233
routing tables, 216–220
security, 257–270
static vs. dynamic routing, 220–222
troubleshooting IP routing, 270–276
Windows Server 2003 as router, 245–257
routing tables
configuration problems, 276
defined, 216
route entry component parts, 217–218
rows, 220
types of routes, 216–217
viewing, 219
rows, 220
RPC (Remote Procedure Call), 683–684
RQS.EXE, 524
RRAS. See Routing and Remote Access Service (RRAS)
RRs. See resource records (RRs)
RSA Labs, 864
RSA technology, 864–866
RSoP. See Resultant Set of Policy (RSoP)
Run As command
for administrative server tasks, 785
to view routing table, 219
|