| < Day Day Up > |
|
/S update parameter, 6-28
SA (Kerberos session key), 1-13
SAs (Security Associations), 8-11, 8-12
active, viewing, 9-19
ScheduledInstallDay registry value, 6-35
ScheduledInstallTime registry value, 6-35
scheduling updates (patches), 5-16, 5-18
critical, 5-8, 5-44
scope, groups, 2-20—2-21
Script Source Access permission (Web sites), 4-38
scripts, IPSec, 9-6—9-10
creating with IPSecCmd, 9-9, 9-10
creating with IPSecPol, 9-9—9-10
creating with Netsh, 9-7—9-8, 9-15—9-16
Secedit.exe utility, 3-26—3-27
secrets, LSA, 1-15
secure channels, IKE negotiation, 8-11, 8-12
Secure Server (Require Security) security policy, 8-32, 15-1, 15-9
Securedc.inf template, 3-5
Securews.inf template, 3-5
Security Associations (SAs), 8-11, 8-12
viewing active, 9-19
security bulletins, 5-5—5-8
Security Configuration And Analysis snap-in, 4-55—4-56
deploying security templates, 3-25
Security event log, 3-11. See also logging
security groups, 2-20. See also groups
security methods, IPSec configuration, 8-26—8-29
Security Options node, 3-11
security patches, managing, 5-1—5-44, 14-1
assessing current status, 5-15—5-16, 14-15—14-26
assessing patch levels, 6-3—6-14
chaining updates, 5-11
deploying updates on existing clients, 6-27—6-53
deploying updates on new clients, 6-15—6-26
deployment, 14-27—14-33
deployment planning, 14-4—14-13
deployment process, 5-28—5-36
infrastructure for, 5-14—5-27
product lifecycles, 5-10—5-11
types of patches, 5-4—5-10
uninstalling service packs (example), 14-33
updates (patch files), 5-3
security rollup packages (SRPs), 5-9, 5-44
security rules, IP, 8-29—8-30
security templates, 3-4, 3-50, 13-4
configuring, 13-15—13-17, 13-20
creating and editing, 3-4—3-17, 7-25—7-27, 13-10
deploying, 3-18—3-30, 13-4, 13-24—13-32
planning additional security, 13-39
planning by server role, 13-8—13-14
predefined, 3-5—3-7, 3-28
rolling back, 13-34
troubleshooting, 3-31—3-55, 13-24
writing descriptions for, 3-15
security updates (patches), 5-5—5-8, 5-44
security updates, managing, 5-1—5-44, 14-1
assessing current status, 5-15—5-16, 14-15—14-26
assessing patch levels, 6-3—6-14
chaining updates, 5-11
deploying updates on existing clients, 6-27—6-53
deploying updates on new clients, 6-15—6-26
deployment, 14-27—14-33
deployment planning, 14-4—14-13
deployment process, 5-28—5-36
infrastructure for, 5-14—5-27
product lifecycles, 5-10—5-11
types of patches, 5-4—5-10
uninstalling service packs (example), 14-33
updates (patch files), 5-3
security vulnerabilities, 5-3, 6-15
assessing patch levels, 6-3—6-14
attacks, 1-19, 1-46, 4-36, 5-3, 10-10, 11-11, 13-41
risks, 7-48, 7-51, 10-3, 12-4
Self group, 2-31
Send Failures parameter, 9-20
Server Operators group, 2-26
server roles
additional security possibilities, 13-39
analyzing security configurations, 4-55—4-61
security templates and, 13-8—13-14
tuning security for, 4-15—4-54
Server (Request Security) security policy, 8-31, 15-1, 15-9
servers for remote access, configuring, 12-17—12-29
authentication, 12-17—12-19, 12-23—12-24
authorization, 12-19—12-23
service certificate templates, 7-23
Service group, 2-31
service packs, 5-9—5-10, 5-44
assessing current status, 5-15—5-16, 5-29—5-30, 14-15—14-26
deploying, in general, 14-27—14-33
deploying updates on existing clients, 6-27—6-53
deploying updates on new clients, 6-15—6-26
deployment planning, 14-4—14-13
network vs. express installation, 5-32
patch management, 5-1—5-44, 6-3—6-53, 14-1, 14-4—14-13, 14-15—14-33
uninstalling (example), 14-33
services
authorization settings for, 3-12
certificates. See Certificate Services
disabling for domain controllers, 13-9
permissions, 2-12
session key, Kerberos, 1-13
Session Key PFS, 8-28
Set By Caller option, 12-21
settings for security templates, 3-9—3-12
account policies, 3-9—3-10
event logs, 3-11
file and folder permissions, 3-12
group memberships, 3-11—3-12
local policies, 3-10—3-11
registry permissions, 2-12, 3-12
services, 3-12
setup files, integrating updates into (slipstreaming), 6-19—6-24
Setup Security.inf template, 3-5
severity, security bulletin, 5-6
shape, traffic, 8-8
shared
folders, permissions, 2-13
key encryption, 7-3
secret authentication, 10-4—10-6. See also WEP (Wired Equivalent Privacy)
Shiva Password Authentication Protocol (SPAP), 12-8—12-10, 12-14
shortcut trusts, 1-43
SIDs (security identifiers)
filtering, 1-46—1-47
spoofing, 1-46
signatures (digital), 7-4
single-function certificate templates, 7-22, 7-64
slipstreaming, 6-19—6-24
smart cards, 1-7, 1-27—1-28
remote access authentication (EAP-TLS), 10-10, 10-20, 12-12, 12-23—12-24, 12-31
Smartcard Logon certificate template, 7-22
Smartcard User certificate template, 7-21, 7-22
SMS (Systems Management Server), 5-17, 5-23
SMTP Service, 4-34
encrypting with SSL, 11-31
port numbers for, 11-7
Soft Associations parameter, 9-21
software
patch (update) management, 5-1—5-44, 6-3—6-53, 14-1, 14-4—14-13, 14-15—14-33
product lifecycles, 5-10—5-11
restriction policies, 4-5—4-7
Software Update Services (SUS), 5-16—5-21
deploying updates (patches), 6-29—6-32, 6-38—6-39
source IP address filtering, 4-18
IPSec configuration, 8-24—8-30, 9-5
SPAP (Shiva Password Authentication Protocol), 12-8—12-10, 12-14
special groups (identities), 2-28—2-31
special permissions, 2-7—2-14
Active Directory, 2-10—2-11
files and folders, 2-7—2-10
printers, 2-13
registry, 2-12, 3-12
services, 2-12
shared folders, 2-13
SPIs (Security Parameter Indices), 8-12
spoofing SIDs, 1-46
SQL Server security, 4-46—4-50
authentication, 4-47—4-48
authorization, 4-48—4-49
enabling SSL, 11-27—11-31
logging considerations, 4-49—4-50
protecting with firewalls, 4-50
SRPs (security rollup packages), 5-9, 5-44
SSID broadcasts, disabling, 10-14
SSL (Secure Sockets Layer), 11-1—11-43
on Active Directory domain controllers, 11-26—11-27, 11-34—11-37
assigning certificates, 11-15
deployment and management of certificates, 11-10—11-25, 15-50
firewall configuration, 11-7
hardware SSQL accelerators, 11-11
how it works, 11-3
IPSec vs., 11-4—11-5
mail servers, 11-31—11-33
Microsoft Outlook, 11-33—11-34
obtaining certificates, 11-5—11-6, 11-13—11-14
renewing certificates, 11-16
reviewing certificates, 11-6
SQL Server, 11-27—11-31
TLS vs., 11-31
SSL accelerators, 11-11
SSL Diagnostic Utility for IIS, 11-20
SSL encryption. See also encryption
IIS support, 4-37—4-38, 11-10—11-25, 15-50
troubleshooting, 11-19—11-20
standalone CAs (certification authorities), 7-9, 16-29
certificate enrollment methods, 7-32
IPSec authentication, 15-46
standard permissions, 2-7—2-14
Active Directory, 2-10—2-11
files and folders, 2-7—2-10
printers, 2-13
registry, 2-12, 3-12
services, 2-12
shared folders, 2-13
Start, Stop, And Pause permission, 2-12
stateful inspection, 4-18
statement permissions (SQL), 4-49
static mode, Netsh utility, 8-32
static WEP, 10-5, 10-6, 10-11
Statistics node, IP Security Monitor, 9-19
storage
LM authentication passwords, 1-11—1-12
user credentials, 1-8—1-9, 1-15
strong passwords, defined, 1-19
Strong Private Key Protection option, 8-20, 9-11, 9-43
subordinate CAs (certification authorities), 7-9, 7-14
enterprise and standalone, 16-29
superseding certificate templates, 7-26—7-29
SUS (Software Update Services), 5-16—5-21
deploying updates (patches), 6-29—6-32, 6-38—6-39
patch management, 5-1—5-44, 6-3—6-53, 14-1, 14-4—14-13, 14-15—14-33
SUS Feature Pack, 5-23
Syskey (System Key) utility, 4-29
syskey.exe program, 1-15
system administration, 4-4
Administrator certificate template, 7-22
Administrators group, 2-24
PKI (public key infrastructure), 7-8
responsibility for updates (patches), 5-16
security bulletins for, 5-5—5-8
system auditing
authorization troubleshooting, 2-50—2-52
Certificate Services, 7-13
event analysis, 2-52—2-54
Exchange Server, 4-45
IPSec negotiations, 9-23—9-25
patch level assessment, 6-3—6-14
policies, 3-10
SQL Server security, 4-49—4-50
updates (patches), 5-35—5-36
System event log, 3-11
System group, 2-31
System Monitor (Performance Console), 9-29
System Policy, 3-13, 3-50
troubleshooting, 3-43—3-44
System Policy Editor, 3-4
system services
authorization settings for, 3-12
certificates. See Certificate Services
disabling for domain controllers, 13-9
permissions, 2-12
Systems Management Server (SMS), 5-17, 5-23
| < Day Day Up > |
|