Index_A

< Day Day Up >

---

A

A (host) resource record, 4-23

access control

Account Group/ACL method, 2-39—2-40

Account Group/Resource Group method, 2-40—2-41

anonymous access, 1-25—1-26, 1-32—1-33, 1-36—1-39, 2-29

browsers, locking down, 13-39—13-40

groups, 2-19—2-37, 2-41—2-44, 16-13—16-20

HKEY_LOCAL_MACHINE hive (example), 13-17

RAPs (remote access policies), 10-22—10-24, 12-10, 12-21—12-23

remote access, 8-6—8-8, 10-22—10-24, 12-1—12-46, 15-51—15-54

remote access configurations, 12-17—12-24, 12-30—12-35

remote access RADIUS services, 10-8, 10-10

User/ACL method, 2-39

wireless access points (WAPs), 10-17—10-18, 10-29, 10-33

access control entries (ACEs), 2-3

multiple for one user, 2-4

access control lists (ACLs), 2-3, 16-21

Account Group/ACL method of access control, 2-39—2-40

certificate templates, 7-20

multiple ACEs for users, 2-4

SIDs (security identifiers), 1-46—1-47

User/ACL method of access control, 2-39

access points, wireless (WAPs)

configuring, 10-29, 10-33

physical security, 10-18

wireless access policies, 10-17—10-18

Account Group/ACL method of access control, 2-39—2-40

Account Group/Resource Group method of access control, 2-40—2-41

account lockouts

IAS feature, 4-41

policies, 1-21—1-22, 3-10

Account Operators group, 2-24

account policies, 3-9—3-10. See also policies

lockout, 1-21—1-22, 3-10, 4-41

accounts

management permissions, 2-24

remote access authorization, 12-19—12-21

special, 2-28—2-31

ACEs (access control entries), 2-3

multiple for one user, 2-4

ACLs (access control lists), 2-3, 16-21

Account Group/ACL method of access control, 2-39—2-40

certificate templates, 7-20

multiple ACEs for users, 2-4

SIDs (security identifiers), 1-46—1-47

User/ACL method of access control, 2-39

Acquire Heap Size parameter, 9-20

Active Acquire parameter, 9-20

Active Directory

authenticating users on domain, 1-41

checking if available (DHCP), 4-22

deploying IPSec, 9-3—9-15

deploying security templates with, 3-18—3-24

deploying security templates without, 3-25—3-27

distribution and security groups, defined, 2-19

domain organization, forests, 1-41, 1-43, 1-45, 2-22—2-23, 16-13

domain organization, trusts, 1-43—1-55, 16-13—16-20

integration with DNS, 4-28

IPSec infrastructure planning, 8-17—8-18

permissions, 2-10—2-11

ports used by, 4-30

safeguarding database for, 4-29—4-30

SSL on domain controllers, 11-26—11-27, 11-34—11-37

user credential storage, 1-15, 1-32

wireless network infrastructure, 10-30

Active Directory Users and Computers tool, 2-32

Active Failures parameter, 9-20

Active Security Associations parameter, 9-22

Active Tunnels parameter, 9-22

AD (Active Directory)

authentication users on domain, 1-41

checking if available (DHCP), 4-22

deploying IPSec, 9-3—9-15

deploying security templates with, 3-18—3-24

deploying security templates without, 3-25—3-27

distribution and security groups, defined, 2-19

domain organization, forests, 1-41, 1-43, 1-45, 2-22—2-23, 16-13

domain organization, trusts, 1-43—1-55, 16-13—16-20

integration with DNS, 4-28

IPSec infrastructure planning, 8-17—8-18

permissions, 2-10—2-11

ports used by, 4-30

safeguarding database for, 4-29—4-30

SSL on domain controllers, 11-26—11-27, 11-34—11-37

user credential storage, 1-15, 1-32

wireless network infrastructure, 10-30

Add/Remove Programs, 5-17, 5-22

address filtering, MAC, 10-13

administration, 4-4

PKI (public key infrastructure), 7-8, 8-19—8-20, 15-20

responsibility for updates (patches), 5-16

security bulletins for, 5-5—5-8

Administrator certificate template, 7-22

Administrators group, 2-24

ADSI Edit utility, 8-17

Advanced Encryption System (AES), 10-12

Advanced System Information tool, 3-35

AES (Advanced Encryption System), 10-12

AH (Authentication Header) protocol, 8-13

allowing access (dial-up), 12-20

anonymous access, 1-32

anonymous authentication, 1-25—1-26

configuring (practice), 1-36—1-39

for external users, 1-32—1-33

Anonymous Logon group, 2-29

answer files, 6-23—6-24

Append Data permission, 2-8

Application event log, 3-11

application layer firewalls, 4-19

application (product) lifecycles, 5-10—5-11

application policies, 7-21, 7-64

archiving certificates, 7-46

exporting keys, 7-47—7-49, 7-52

key recovery basics, 7-46—7-47

process of, 7-49—7-50, 7-54

recovery process and, 7-50—7-52, 7-54

assessing

current patch status, 5-15—5-16, 5-29—5-30, 14-15—14-26

patch levels, 6-3—6-14

asymmetric key encryption, 7-4

attacks

dictionary attacks, 1-19, 10-10, 13-41

DNS attacks, 11-11

on public Web sites, 4-36

remote networking, 12-4

risks for, 7-48, 7-51, 10-3, 12-4

SID spoofing, 1-46

Trojan horses, 5-3

vulnerabilities to, 5-3, 6-3—6-15

wireless network threats, 10-3

auditing

authorization troubleshooting, 2-50—2-52

Certificate Services, 7-13

event analysis, 2-52—2-54

Exchange Server, 4-45

IPSec negotiations, 9-23—9-25

patch level assessment, 6-3—6-14

policies, 3-10

SQL Server security, 4-49—4-50

updates (patches), 5-35—5-36

AUOptions registry value, 6-35

Authenticated Bytes Sent/Received parameters, 9-23

Authenticated Session certificate template, 7-22

Authenticated Users group, 2-29

authentication, 1-3

anonymous, 1-25—1-26, 1-32—1-33, 1-36—1-39, 2-29

authorization vs., 1-6, 2-38

centralized vs. decentralized, 1-8

certificate troubleshooting (IPSec), 9-42—9-43

components of, 1-6—1-17

components of network systems, 1-7

configuring for external users, 1-32—1-40

delegated, 1-34—1-35

EAP (Extensible Authentication Protocol), 10-7

EAP-TLS, 10-10, 10-20, 12-12

IAS (Internet Authentication Service), 4-39—4-43

IAS account lockout, 1-21—1-22, 3-10, 4-41

IAS remote access, 12-10

IAS security template planning, 3-6—3-7, 13-10

IAS wireless network configuration, 10-21—10-24, 10-31

IEEE 802.1X standard, 10-7—10-9, 15-41—15-44

IPSec infrastructure planning, 8-18—8-21, 15-20

IPSec vs. SSL, 11-4

Kerberos protocol, 1-10, 1-13—1-15, 8-19, 15-20

LM protocol, 1-10—1-12, 1-24, 1-26

MS-CHAP v1, 12-8—12-10, 12-12

MS-CHAP v2, 10-9, 12-8—12-10, 12-13

multifactor, 1-7, 1-27—1-28

NTLM protocol, 1-10, 1-12—1-13

open system, 10-6

PEAP (Protected EAP), 10-9—10-10, 10-20, 12-12

protocols, 1-9—1-10. See also authentication protocols

RADIUS message authenticators, 4-40

RADIUS service, 10-8, 10-10

remote access users, 15-51—15-54

remote networking, 12-7—12-15, 12-17—12-19, 12-23—12-24, 12-30—12-32

shared secret, 10-4—10-6

SQL Server security, 4-47—4-48

strategy, planning and implementing, 1-18—1-31, 3-10, 16-6—16-12

trust protocol, 1-44—1-45

Web authentication, 1-33

Web authentication protocol, 1-33

Windows Server 2003 features, 1-9

WPA (Wi-Fi Protected Access), 10-11—10-13

Authentication Failures parameter, 9-20

Authentication Header (AH) protocol, 8-13

authentication protocols, 1-9—1-10

Kerberos authentication, 1-10, 1-13—1-15, 8-19, 15-20

LM authentication, 1-10—1-12, 1-24, 1-26

NTLM authentication, 1-10, 1-12—1-13

trusts, 1-44—1-45

Web authentication, 1-33

authorization, 2-3—2-18

ACLs (access control lists), 2-3, 16-21

authentication vs., 1-6, 2-38

DHCP servers, 4-21—4-23

groups, 2-19—2-37, 2-41—2-44, 16-13—16-20

least privilege, 2-38

permissions, 2-4—2-14, 4-48—4-49, 16-21—16-28. See also groups

permissions, files and folders, 3-12

permissions, analyzing, 3-36

permissions, certificate templates, 7-20, 7-24—7-25, 7-65

permissions, IIS Web site, 4-38

permissions, least privilege, 2-38

permissions, nesting groups, 2-20, 2-44

permissions, wireless networks, 10-19

permissions services, 2-12

remote access server configuration, 10-22—10-24, 12-19—12-23

services, 3-12

SQL Server security, 4-48—4-49

strategy for, 2-38—2-46, 16-21—16-28

troubleshooting problems, 2-47—2-55

wireless networks, 10-19

Autoenroll permission (certificate templates), 7-24

autoenrollment, certificates, 7-24, 7-32, 7-34—7-35

Autoenrollment Settings, 7-34

automatic certificate enrollment, 7-24, 7-32, 7-34—7-35

Automatic Certificate Request Settings (Group Policy), 7-34

Automatic Updates client, 5-17—5-19, 5-29

deploying updates, 6-32—6-36, 6-39—6-40, 6-45—6-53

---

< Day Day Up >