| < Day Day Up > |
|
/D update parameter, 6-28
DACLs (discretionary access control lists), 2-3
data encryption, 7-1, 7-3
asymmetric key encryption, 7-4
certificate archives and recovery, 7-46—7-52, 7-54
certificate management, 7-6, 7-8, 7-24, 7-31—7-38, 7-61—7-70, 11-23, 16-29—16-36
Certificate Services, 7-8—7-1310-20—10-21, 15-46
Certificate Services, deploying for IPSec, 9-10—9-15
Certificate Services, installing, managing, configuring, 16-29—16-36
Certificate Services disaster recovery, 7-12, 16-31
certificate template management, 7-19—7-30, 7-64, 7-65
cryptography, 7-3, 7-31, 7-47, 10-4
IPSec vs. SSL, 11-4
LDAP queries, 11-26—11-27, 11-34—11-37
LLTP protocol, 12-6
mail servers, 11-31—11-33
Microsoft Outlook, 11-33—11-34
passwords, 1-19, 7-3. See also passwords
data encryption, continued
port numbers for protocols, 11-7
PPTP protocol, 12-6
private keys, exporting, 7-48
public key infrastructure (PKI), 7-3—7-18, 7-46—7-47, 8-19—8-20, 12-7, 15-20
SQL Server, 11-27—11-31
SSL with IIS, 4-37—4-38, 11-10—11-25, 15-50
TSL network encryption, Exchange Server, 4-44—4-45
WEP (Wired Equivalent Privacy), 10-4—10-11, 12-12, 15-42
WPA, options for, 10-12
data tampering attacks, 10-4
DC Security.inf template, 3-5
DDNS (Dynamic DNS), 4-28
DHCP servers, 4-23—4-24, 4-26
decentralized authentication, 1-8
decryption. See encryption
delegated authentication, 1-34—1-35
Delete All Child Objects permission, 2-11
Delete permission
files and folders, 2-9
services, 2-13
Delete Subfolders and Files permission, 2-9
deleting (removing)
certificates. See revoking certificates
groups, 2-44
uninstalling service packs (example), 14-33
updates (patches), 5-34—5-35
delta CRLs (certificate revocation lists), 7-36
denial of service attacks, wireless networks, 10-4
denying access (dial-up), 12-20. See also access control
deployment
Certificate Services for IPSec, 9-10—9-15
IPSec protocol, 9-3—9-17. See also IPSec protocol suite
security templates, 3-18—3-30, 13-4, 13-24—13-32
service packs and hotfixes, 14-4—14-14, 14-27—14-33
SSL certificates, 11-10—11-25, 15-50
updates, 5-16—5-24, 5-28—5-36, 6-15—6-53, 14-4—14-13, 14-27—14-33
descriptions for security templates, 3-15
desktop computer security, 4-7—4-8
destination IP address filtering, 4-18
IPSec configuration, 8-24—8-30, 9-5
development team, updates and, 5-15
DHCP Server role, 4-15
DHCP (Dynamic Host Configuration Protocol) server security, 4-21—4-26
diagnostic utility for SSL problems, 11-20
Dialup group, 2-30
dial-up networking, 12-3—12-5
user account properties, 12-19—12-21
dictionary attacks, 1-19, 10-10
preventing (example), 13-41
digest authentication, 1-33
digital certificates, 7-5. See also encryption
archives and recovery, 7-46—7-52, 7-54
authentication troubleshooting (IPSec), 9-42—9-43
backing up, 7-12, 16-31
enrollment, 7-6, 7-24, 7-31—7-35, 7-61—7-70, 11-23
IPSec authentication, 8-19—8-20, 8-33—8-34, 15-20, 15-36
managing and configuring, 7-6, 7-8, 7-24, 7-31—7-38, 7-61—7-70, 11-10—11-25, 16-29—16-36
remote access authentication, 12-23—12-24
revoking, 7-8, 7-35—7-38
SSL certificates, 11-5—11-7, 11-10—11-25, 15-50
template management, 7-19—7-30, 7-64—7-65
trust lists (CTLs), 11-19
wireless network infrastructure, 10-20—10-21
digital signatures, 7-4
Directory Browsing permission (Web sites), 4-38
disabling
LM passwords, 1-12
services for domain controllers, 13-9
SID filtering, 1-47
SSID broadcasts, 10-14
disaster recovery, Certificate Services, 7-12, 16-31
discovering updates, 5-29—5-30
discretionary access control lists (DACLs), 2-3
DisplayName registry value, 3-41
distribution groups, 2-20
DNS (Domain Name Service)
dynamic updates (DDNS), 4-23—4-24, 4-26, 4-28
preventing attacks with SSL certificates, 11-11
server security, 4-26—4-29
Domain Controller Authentication certificate template, 7-23
domain controllers, 4-29—4-31
Active Directory, SSL on, 11-26—11-27, 11-34—11-37
Active Directory database, safeguarding, 4-29—4-30
configuring roles for, 4-29
disabling services, 13-9
number of, 1-18
protecting with firewalls, 4-30—4-31
secure authentication for, 1-26—1-27
domain local groups, 2-21, 16-13
Domain Name Service. See DNS (Domain Name Service)
domain names
IIS restrictions, 4-34—4-35
packet filtering by, 4-18, 8-24—8-30
domains
functional level of, 2-22—2-23, 16-13
IPSec to protect communications within, 9-6
policies for Kerberos tickets, 1-23
trusts, 1-43—1-55, 16-13—16-20
DoS attacks on wireless networks, 10-4
driver updates (patches), 5-5
dropped packets, logging (IPSec), 9-26—9-28, 9-36
Dsadd tool, 2-32
DSPath registry value, 3-41
duration, account lockout, 1-22
dynamic DNS updates, 4-23—4-24, 4-26, 4-28
Dynamic Host Configuration Protocol. See DHCP (Dynamic Host Configuration Protocol) server security
dynamic mode, Netsh utility, 8-32
dynamic WEP, 10-5, 10-7, 10-11
| < Day Day Up > |
|