< Day Day Up > 

filter action

Configuration settings that specify the behavior that an IP security policy takes on filtered traffic.


A system that creates a boundary between a public and a private network.

fully qualified domain name (FQDN)

The host name and domain used to uniquely identify a computer on the Internet, such as www.microsoft.com.

Group Policy

A mechanism for storing many types of policy data, for example, file deployment, application deployment, logon/logoff scripts and startup/shutdown scripts, domain security, and Internet Protocol security. The collections of policies are referred to as Group Policy objects (GPOs).

Group Policy object (GPO)

The Group Policy settings that administrators create are contained in GPOs, which are in turn associated with selected Active Directory containers: sites, domains, and organizational units (OUs).


A single package composed of one or more files used to address a problem in a product. Hotfixes address a specific customer situation and are only available through a support relationship with Microsoft. They cannot be distributed outside the customer organization without written legal consent from Microsoft. The terms QFE (Quick Fix Engineering update), patch, and update have been used in the past as synonyms for hotfix.

IP filter list

A series of IP filters that IP security policies use to identify traffic that should be ignored or acted upon.


The default authentication protocol for Windows 2000 and Windows XP Professional. The Kerberos protocol is designed to be more secure and scalable across large, diverse networks.

Layer Two Tunneling Protocol (L2TP)

A standardized RFC-based tunneling Virutal Private Network (VPN) protocol. L2TP relies on IP Security (IPSec) for encryption services.

least privilege

A fundamental security principal wherein the administrator makes an effort to grant users only the minimal permissions they need to do their job.

Main Mode

Phase 1 of the IP Security (IPSec) negotiation process. Main Mode negotiation selects a protection suite that both the client and server support, authenticates the computers, and then establishes the master key for the IPSec session.

man-in-the-middle attack

A security attack in which an attacker intercepts and possibly modifies data that is transmitted between two users. To each user, the attacker pretends to be the other user. During a successful man-in-the-middle attack, the users are unaware that there is an attacker between them who is intercepting and modifying their data. Also referred to as a bucket brigade attack.

Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

An encrypted authentication mechanism for Point to Point Protocol (PPP) connections. MS-CHAP is similar to CHAP. The remote access server sends to the remote access client a challenge that consists of a session ID and an arbitrary challenge string. The remote access client must return the user name and a Message Digest 4 (MD4) hash of the challenge string, the session ID, and the MD4-hashed password. MS-CHAP v2 improves on MS-CHAP v1 by offering mutual authentication for both the client and the server.

multiple-function template

A certificate template that is used for multiple functions. For example, you can use a single user certificate template to encrypt and decrypt files, to authenticate with a server, and to send and receive secure e-mail.

NTLM protocol

A service that uses a challenge-response mechanism to authenticate users and computers running Windows ME and earlier, or computers running Windows 2000 and later that are not part of a domain.

packet filter

A basic function of firewalls that examines incoming and outgoing packets and drops packets based on predefined criteria, such as port numbers, source IP address, and destination IP address.

Password Authentication Protocol (PAP)

A simple plaintext authentication scheme for authenticating Point to Point Protocol (PPP) connections. The user name and password are requested by the remote access server and returned by the remote access client in plaintext.

perimeter network

A small network that is set up separately from an organization’s private network and the Internet. A perimeter network provides a layer of protection for internal systems in the event that a system offering services to the Internet is compromised. Also known as a demilitarized zone (DMZ) or a screened subnet.

Point-to-Point Protocol (PPP)

An industry-standard suite of protocols for the use of point-to-point links to transport multiprotocol datagrams. PPP is primarily used to connect dial-up users to a remote access server. PPP is documented in Request for Comments (RFC) 1661.

Point-to-Point Tunneling Protocol (PPTP)

A virtual private network (VPN) protocol designed by Microsoft and based on Point to Point Protocol (PPP). PPTP relies on Microsoft Point-to-Point Encryption (MPPE) for encryption services.

Protected Extensible Authentication Protocol (PEAP)

A two-phase authentication method that protects the privacy of user authentication by using Transporter Level Security (TLS).

 < Day Day Up > 

MCSA(s)MCSE Self-Paced Training Kit Exam 70-299 (c) Implementing and Administering Security in a M[.  .. ]twork
MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)
ISBN: 073562061X
EAN: 2147483647
Year: 2004
Pages: 217

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net