Flylib.com
List of Figures
Previous page
Table of content
Next page
< Day Day Up >
Chapter 1: Planning and Configuring an Authentication Strategy
Figure 1.1: The Default Domain Controllers Security Settings console
Figure 1.2: Security policy settings
Figure 1.3: Account lockout warning
Figure 1.4: Typical delegated authentication architecture
Figure 1.5: Computer account properties dialog box
Figure 1.6: Authentication Methods dialog box
Figure 1.7: Internet Explorer prompt for credentials
Figure 1.8: A forest
Figure 1.9: Raising the domain functional level
Figure 1.10: The Trust Name page of the New Trust Wizard
Figure 1.11: The Direction Of Trust page of the New Trust Wizard
Figure 1.12: The User Name And Password page of the New Trust Wizard
Figure 1.13: Dialog box notifying you that SID filtering is enabled by default
Figure 1.14: Verifying an incoming trust
Figure 1.15: Enabling earlier applications to connect anonymously to shares
Chapter 2: Planning and Configuring an Authorization Strategy
Figure 2.1: Windows Server 2003 represents ACLs by listing the permissions assigned to users and groups
Figure 2.2: Permissions are inherited by default, but this behavior can be manually overridden
Figure 2.3: The ACEs assigned to Mary’s account, and her group memberships, will determine the effective permissions
Figure 2.4: Deny ACEs override all ACEs that grant permissions
Figure 2.5: Some group types can be nested within other group types
Figure 2.6: You can assign permissions to special groups that apply to users based on how they connect to the network
Figure 2.7: Use Restricted Groups to control group membership on domain members
Figure 2.8: Windows Server 2003 allows you to view the effective permissions for most object types
Figure 2.9: Use auditing to troubleshoot complex authorization problems
Figure 2.10: Auditing must be enabled for the system before it can be enabled for individual resources
Figure 2.11: Failure auditing causes events to be added to the event log when a user is denied access to a resource
Figure 2.12: Event Viewer reveals the object that the user lacked sufficient permissions to access
Chapter 3: Deploying and Troubleshooting Security Templates
Figure 3.1: The Security Templates snap-in
Figure 3.2: System Policy Editor on Windows NT 4.0
Figure 3.3: Modifying Group Policy precedence
Figure 3.4: Denying a security group access to a Group Policy object
Figure 3.5: Managing WMI filters
Figure 3.6: Troubleshooting problems relating to failed Group Policy
Figure 3.7: Help And Support Center Group Policy information
Figure 3.8: A Group Policy event
Figure 3.9: Troubleshooting problems related to unexpected inheritance
Figure 3.10: Resultant Set Of Policy
Figure 3.11: Group Policy information stored in the registry
Figure 3.12: Group order for system policies
Chapter 4: Hardening Computers for Specific Roles
Figure 4.1: Administrative Templates GPO settings
Figure 4.2: Software restrictions forbidding the execution of Notepad
Figure 4.3: Services placed in a single-layer perimeter network
Figure 4.4: Managing authorized DHCP servers
Figure 4.5: DHCP dynamic update options
Figure 4.6: Configuring Application Server options
Figure 4.7: Filtering IIS requests by network
Figure 4.8: Using shared secrets and the Message Authenticator attribute
Figure 4.9: Exchange TLS encryption
Figure 4.10: Configuring SQL Server authentication
Figure 4.11: SQL Server trace data
Figure 4.12: Microsoft Baseline Security Analyzer IIS results
Figure 4.13: Security Configuration And Analysis identifying deficient settings
Figure 4.14: Suggested perimeter network architecture
Chapter 5: Planning an Update Management Infrastructure
Figure 5.1: The Windows Server 2003 product lifecycle
Figure 5.2: The Automatic Update client configured to prompt the user to download
Figure 5.3: Approval of updates using Software Update Services
Figure 5.4: Tiered Software Update Services architecture
Figure 5.5: Selecting Uninstall This Application When It Falls Out Of The Scope Of Management
Figure 5.6: The core updating process
Figure 5.7: Notification settings for Automatic Updates
Figure 5.8: Using Add/Remove Programs for updates
Figure 5.9: Your company’s network architecture
Chapter 6: Assessing and Deploying a Patch Management Infrastructure
Figure 6.1: MBSA configured to scan a subnet
Figure 6.2: MBSA scanning a subnet
Figure 6.3: A private installation network for multiple computers
Figure 6.4: A private installation network for a single computer
Figure 6.5: A private installation network allowing for access to Windows Update
Figure 6.6: Slipstreaming a service pack
Figure 6.7: SUS synchronizing with the Windows Update server.
Figure 6.8: Automatic Updates configured using a Group Policy object
Figure 6.9: Scheduling updates that were skipped
Figure 6.10: MBSA identifies an unpatched computer
Chapter 7: Installing, Configuring, and Managing Certification Services
Figure 7.1: A CA hierarchy
Figure 7.2: Creating a subordinate CA
Figure 7.3: Backing up a CA
Figure 7.4: Specifying the common name for a CA
Figure 7.5: Requesting a subordinate CA certificate
Figure 7.6: Certificate template location
Figure 7.7: Certificate template permissions
Figure 7.8: Properties of New Template dialog box
Figure 7.9: Smart Card Logon policy added to the Application Policies list
Figure 7.10: CRL publishing list
Figure 7.11: Adding a CRL publishing location
Figure 7.12: Web interface for manual enrollment
Figure 7.13: Advanced Certificate Request using Web enrollment
Figure 7.14: Properties for a new certificate
Figure 7.15: Revoking a certificate
Figure 7.16: Publishing a CRL
Figure 7.17: Specifying key archival
Figure 7.18: Exporting a certificate
Figure 7.19: Importing a certificate
Figure 7.20: Key Recovery Agent Selection dialog box
Figure 7.21: Creating a subordinate CA
Chapter 8: Planning and Configuring IPSec
Figure 8.1: Transport mode IPSec
Figure 8.2: Remote access with IPSec
Figure 8.3: Tunnel mode IPSec
Figure 8.4: A site-to-site IPSec tunnel
Figure 8.5: Allowing the ISAKMP service through ICF
Figure 8.6: IP security policy components
Figure 8.7: The Manage IP Filter Lists And Filter Actions dialog box
Figure 8.8: Specifying custom data integrity, encryption, and session key settings
Figure 8.9: Editing IP security policy properties
Figure 8.10: Configuring an IP filter list for Web traffic
Chapter 9: Deploying and Troubleshooting IPSec
Figure 9.1: Local IPSec policy overridden by a domain policy
Figure 9.2: Configuring certificate-to-account mapping
Figure 9.3: Security association authenticated with certificates
Figure 9.4: The Active Policy node of the IP Security Monitor
Figure 9.5: Main Mode SA details
Figure 9.6: Event ID 541 showing a successful IKE SA established
Figure 9.7: Event ID 547 showing an IKE negotiation failure
Figure 9.8: Event ID 4290 showing dropped packets
Figure 9.9: Graphing IPSec performance statistics
Figure 9.10: Network Monitoring displaying ESP-encrypted packets
Figure 9.11: Ping permitted, but not secured
Figure 9.12: Event Viewer details about a dropped ICMP request
Figure 9.13: Configuring a policy to use the most common IKE security algorithms
Figure 9.14: Problematic IPSec architecture
Figure 9.15: Problematic IPSec architecture
Chapter 10: Planning and Implementing Security for Wireless Networks
Figure 10.1: Connecting to an 802.1X-authenticated wireless network
Figure 10.2: Sample user and group hierarchy for controlling wireless network authorization
Figure 10.3: Configuring policy conditions to apply the policy to wireless connections
Figure 10.4: Configuring authentication methods for a RAP
Figure 10.5: Configuring session timeout for WEP
Figure 10.6: Enabling IAS authentication auditing
Figure 10.7: Windows XP wireless network authentication configuration
Figure 10.8: The General tab of the wireless network policy properties dialog box
Figure 10.9: The Network Properties tab of the New Preferred Setting Properties dialog box
Figure 10.10: Configuring security on a WAP
Figure 10.11: Default IAS PEAP properties
Figure 10.12: The Protected EAP Properties dialog box
Figure 10.13: Wireless network architecture
Chapter 11: Deploying, Configuring, and Managing SSL Certificates
Figure 11.1: Internet Explorer’s trusted root CAs
Figure 11.2: Internet Explorer warning regarding an untrusted CA
Figure 11.3: Requiring HTTPS for a Web server
Figure 11.4: Configuring one-to-one certificate mapping
Figure 11.5: Editing rule properties for many-to-one client certificate mappings
Figure 11.6: The SSL Diagnostic Utility probing IIS
Figure 11.7: The SSL Diagnostic Utility monitoring client certificates
Figure 11.8: Exporting a SQL Server certificate
Figure 11.9: IIS configured to require SSL
Figure 11.10: The requested host name does not match the common name in the certificate
Figure 11.11: Network Monitor displaying the results of an unencrypted LDAP query
Figure 11.12: The subject field of a certificate containing the domain controller’s common name
Figure 11.13: Requiring messaging encryption
Figure 11.14: Creating an Address Book query
Figure 11.15: Configuring Address Book for encryption
Figure 11.16: Network Monitor attempting to analyze SSL-encrypted LDAP queries
Figure 11.17: Systems architecture for www.adventure-works.com
Chapter 12: Securing Remote Access
Figure 12.1: PPTP-tunneled data packet structure
Figure 12.2: L2TP-tunneled data packet structure
Figure 12.3: Configuring Routing And Remote Access to authenticate to a RADIUS server
Figure 12.4: Default server authentication and accounting settings
Figure 12.5: Default server authentication methods
Figure 12.6: Editing user dial-in properties
Figure 12.7: Configuring RAP encryption levels
Figure 12.8: Network architecture for testing VPN connectivity
Figure 12.9: Creating a new test VPN connection
Figure 12.10: Default client authentication settings
Figure 12.11: Advanced client authentication settings
Figure 12.12: Configuring VPN servers and security settings
Figure 12.13: Editing basic VPN security settings by using the CMAK wizard
Figure 12.14: Editing advanced VPN security settings by using the CMAK wizard
Figure 12.15: Editing EAP configuration settings
Figure 12.16: VPN destinations as specified in the VPN file
Figure 12.17: VPN connection details confirming security configuration
Figure 12.18: Dial-in properties of problematic user account
< Day Day Up >
Previous page
Table of content
Next page
MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)
ISBN: 073562061X
EAN: 2147483647
Year: 2004
Pages: 217
Authors:
Anthony Northrup
,
Orin Thomas
BUY ON AMAZON
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
SWT/JFace Mechanisms
Menus, Toolbars, Cool, Bars, and Actions
Tables
JFace Wizards
Eclipse Forms
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
Working with Excel Objects
Working with the Application Object
Working with the Window Object
Working with the MAPIFolder Object
Advanced Topic: Deploying Network Solutions to Be Cached Locally
Java All-In-One Desk Reference For Dummies
Using Arrays
Programming Threads
Book VI - Swing
Creating Servlets
Fun with Fonts and Colors
Python Standard Library (Nutshell Handbooks) with
The marshal Module
The gzip Module
The MimeWriter Module
The tty Module
The readline Module
Python Programming for the Absolute Beginner, 3rd Edition
PyClock: An Analog/Digital Clock Widget
Climbing the CGI Learning Curve
The PyMailCgi Web Site
Grail: A Python-Based Web Browser
Regular Expression Matching
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
Numbers, Dates, and Other Data Types
Windows Controls
Windows Services
ADO.NET
ASP.NET Web Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies