Index_S

 < Day Day Up > 



S

/S update parameter, 6-28

SA (Kerberos session key), 1-13

SAs (Security Associations), 8-11, 8-12

active, viewing, 9-19

ScheduledInstallDay registry value, 6-35

ScheduledInstallTime registry value, 6-35

scheduling updates (patches), 5-16, 5-18

critical, 5-8, 5-44

scope, groups, 2-20—2-21

Script Source Access permission (Web sites), 4-38

scripts, IPSec, 9-6—9-10

creating with IPSecCmd, 9-9, 9-10

creating with IPSecPol, 9-9—9-10

creating with Netsh, 9-7—9-8, 9-15—9-16

Secedit.exe utility, 3-26—3-27

secrets, LSA, 1-15

secure channels, IKE negotiation, 8-11, 8-12

Secure Server (Require Security) security policy, 8-32, 15-1, 15-9

Securedc.inf template, 3-5

Securews.inf template, 3-5

Security Associations (SAs), 8-11, 8-12

viewing active, 9-19

security bulletins, 5-5—5-8

Security Configuration And Analysis snap-in, 4-55—4-56

deploying security templates, 3-25

Security event log, 3-11. See also logging

security groups, 2-20. See also groups

security methods, IPSec configuration, 8-26—8-29

Security Options node, 3-11

security patches, managing, 5-1—5-44, 14-1

assessing current status, 5-15—5-16, 14-15—14-26

assessing patch levels, 6-3—6-14

chaining updates, 5-11

deploying updates on existing clients, 6-27—6-53

deploying updates on new clients, 6-15—6-26

deployment, 14-27—14-33

deployment planning, 14-4—14-13

deployment process, 5-28—5-36

infrastructure for, 5-14—5-27

product lifecycles, 5-10—5-11

types of patches, 5-4—5-10

uninstalling service packs (example), 14-33

updates (patch files), 5-3

security rollup packages (SRPs), 5-9, 5-44

security rules, IP, 8-29—8-30

security templates, 3-4, 3-50, 13-4

configuring, 13-15—13-17, 13-20

creating and editing, 3-4—3-17, 7-25—7-27, 13-10

deploying, 3-18—3-30, 13-4, 13-24—13-32

planning additional security, 13-39

planning by server role, 13-8—13-14

predefined, 3-5—3-7, 3-28

rolling back, 13-34

troubleshooting, 3-31—3-55, 13-24

writing descriptions for, 3-15

security updates (patches), 5-5—5-8, 5-44

security updates, managing, 5-1—5-44, 14-1

assessing current status, 5-15—5-16, 14-15—14-26

assessing patch levels, 6-3—6-14

chaining updates, 5-11

deploying updates on existing clients, 6-27—6-53

deploying updates on new clients, 6-15—6-26

deployment, 14-27—14-33

deployment planning, 14-4—14-13

deployment process, 5-28—5-36

infrastructure for, 5-14—5-27

product lifecycles, 5-10—5-11

types of patches, 5-4—5-10

uninstalling service packs (example), 14-33

updates (patch files), 5-3

security vulnerabilities, 5-3, 6-15

assessing patch levels, 6-3—6-14

attacks, 1-19, 1-46, 4-36, 5-3, 10-10, 11-11, 13-41

risks, 7-48, 7-51, 10-3, 12-4

Self group, 2-31

Send Failures parameter, 9-20

Server Operators group, 2-26

server roles

additional security possibilities, 13-39

analyzing security configurations, 4-55—4-61

security templates and, 13-8—13-14

tuning security for, 4-15—4-54

Server (Request Security) security policy, 8-31, 15-1, 15-9

servers for remote access, configuring, 12-17—12-29

authentication, 12-17—12-19, 12-23—12-24

authorization, 12-19—12-23

service certificate templates, 7-23

Service group, 2-31

service packs, 5-9—5-10, 5-44

assessing current status, 5-15—5-16, 5-29—5-30, 14-15—14-26

deploying, in general, 14-27—14-33

deploying updates on existing clients, 6-27—6-53

deploying updates on new clients, 6-15—6-26

deployment planning, 14-4—14-13

network vs. express installation, 5-32

patch management, 5-1—5-44, 6-3—6-53, 14-1, 14-4—14-13, 14-15—14-33

uninstalling (example), 14-33

services

authorization settings for, 3-12

certificates. See Certificate Services

disabling for domain controllers, 13-9

permissions, 2-12

session key, Kerberos, 1-13

Session Key PFS, 8-28

Set By Caller option, 12-21

settings for security templates, 3-9—3-12

account policies, 3-9—3-10

event logs, 3-11

file and folder permissions, 3-12

group memberships, 3-11—3-12

local policies, 3-10—3-11

registry permissions, 2-12, 3-12

services, 3-12

setup files, integrating updates into (slipstreaming), 6-19—6-24

Setup Security.inf template, 3-5

severity, security bulletin, 5-6

shape, traffic, 8-8

shared

folders, permissions, 2-13

key encryption, 7-3

secret authentication, 10-4—10-6. See also WEP (Wired Equivalent Privacy)

Shiva Password Authentication Protocol (SPAP), 12-8—12-10, 12-14

shortcut trusts, 1-43

SIDs (security identifiers)

filtering, 1-46—1-47

spoofing, 1-46

signatures (digital), 7-4

single-function certificate templates, 7-22, 7-64

slipstreaming, 6-19—6-24

smart cards, 1-7, 1-27—1-28

remote access authentication (EAP-TLS), 10-10, 10-20, 12-12, 12-23—12-24, 12-31

Smartcard Logon certificate template, 7-22

Smartcard User certificate template, 7-21, 7-22

SMS (Systems Management Server), 5-17, 5-23

SMTP Service, 4-34

encrypting with SSL, 11-31

port numbers for, 11-7

Soft Associations parameter, 9-21

software

patch (update) management, 5-1—5-44, 6-3—6-53, 14-1, 14-4—14-13, 14-15—14-33

product lifecycles, 5-10—5-11

restriction policies, 4-5—4-7

Software Update Services (SUS), 5-16—5-21

deploying updates (patches), 6-29—6-32, 6-38—6-39

source IP address filtering, 4-18

IPSec configuration, 8-24—8-30, 9-5

SPAP (Shiva Password Authentication Protocol), 12-8—12-10, 12-14

special groups (identities), 2-28—2-31

special permissions, 2-7—2-14

Active Directory, 2-10—2-11

files and folders, 2-7—2-10

printers, 2-13

registry, 2-12, 3-12

services, 2-12

shared folders, 2-13

SPIs (Security Parameter Indices), 8-12

spoofing SIDs, 1-46

SQL Server security, 4-46—4-50

authentication, 4-47—4-48

authorization, 4-48—4-49

enabling SSL, 11-27—11-31

logging considerations, 4-49—4-50

protecting with firewalls, 4-50

SRPs (security rollup packages), 5-9, 5-44

SSID broadcasts, disabling, 10-14

SSL (Secure Sockets Layer), 11-1—11-43

on Active Directory domain controllers, 11-26—11-27, 11-34—11-37

assigning certificates, 11-15

deployment and management of certificates, 11-10—11-25, 15-50

firewall configuration, 11-7

hardware SSQL accelerators, 11-11

how it works, 11-3

IPSec vs., 11-4—11-5

mail servers, 11-31—11-33

Microsoft Outlook, 11-33—11-34

obtaining certificates, 11-5—11-6, 11-13—11-14

renewing certificates, 11-16

reviewing certificates, 11-6

SQL Server, 11-27—11-31

TLS vs., 11-31

SSL accelerators, 11-11

SSL Diagnostic Utility for IIS, 11-20

SSL encryption. See also encryption

IIS support, 4-37—4-38, 11-10—11-25, 15-50

troubleshooting, 11-19—11-20

standalone CAs (certification authorities), 7-9, 16-29

certificate enrollment methods, 7-32

IPSec authentication, 15-46

standard permissions, 2-7—2-14

Active Directory, 2-10—2-11

files and folders, 2-7—2-10

printers, 2-13

registry, 2-12, 3-12

services, 2-12

shared folders, 2-13

Start, Stop, And Pause permission, 2-12

stateful inspection, 4-18

statement permissions (SQL), 4-49

static mode, Netsh utility, 8-32

static WEP, 10-5, 10-6, 10-11

Statistics node, IP Security Monitor, 9-19

storage

LM authentication passwords, 1-11—1-12

user credentials, 1-8—1-9, 1-15

strong passwords, defined, 1-19

Strong Private Key Protection option, 8-20, 9-11, 9-43

subordinate CAs (certification authorities), 7-9, 7-14

enterprise and standalone, 16-29

superseding certificate templates, 7-26—7-29

SUS (Software Update Services), 5-16—5-21

deploying updates (patches), 6-29—6-32, 6-38—6-39

patch management, 5-1—5-44, 6-3—6-53, 14-1, 14-4—14-13, 14-15—14-33

SUS Feature Pack, 5-23

Syskey (System Key) utility, 4-29

syskey.exe program, 1-15

system administration, 4-4

Administrator certificate template, 7-22

Administrators group, 2-24

PKI (public key infrastructure), 7-8

responsibility for updates (patches), 5-16

security bulletins for, 5-5—5-8

system auditing

authorization troubleshooting, 2-50—2-52

Certificate Services, 7-13

event analysis, 2-52—2-54

Exchange Server, 4-45

IPSec negotiations, 9-23—9-25

patch level assessment, 6-3—6-14

policies, 3-10

SQL Server security, 4-49—4-50

updates (patches), 5-35—5-36

System event log, 3-11

System group, 2-31

System Monitor (Performance Console), 9-29

System Policy, 3-13, 3-50

troubleshooting, 3-43—3-44

System Policy Editor, 3-4

system services

authorization settings for, 3-12

certificates. See Certificate Services

disabling for domain controllers, 13-9

permissions, 2-12

Systems Management Server (SMS), 5-17, 5-23



 < Day Day Up > 



MCSA(s)MCSE Self-Paced Training Kit Exam 70-299 (c) Implementing and Administering Security in a M[.  .. ]twork
MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)
ISBN: 073562061X
EAN: 2147483647
Year: 2004
Pages: 217

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net