List of Figures

 < Day Day Up > 



Chapter 1: Planning and Configuring an Authentication Strategy

Figure 1.1: The Default Domain Controllers Security Settings console
Figure 1.2: Security policy settings
Figure 1.3: Account lockout warning
Figure 1.4: Typical delegated authentication architecture
Figure 1.5: Computer account properties dialog box
Figure 1.6: Authentication Methods dialog box
Figure 1.7: Internet Explorer prompt for credentials
Figure 1.8: A forest
Figure 1.9: Raising the domain functional level
Figure 1.10: The Trust Name page of the New Trust Wizard
Figure 1.11: The Direction Of Trust page of the New Trust Wizard
Figure 1.12: The User Name And Password page of the New Trust Wizard
Figure 1.13: Dialog box notifying you that SID filtering is enabled by default
Figure 1.14: Verifying an incoming trust
Figure 1.15: Enabling earlier applications to connect anonymously to shares

Chapter 2: Planning and Configuring an Authorization Strategy

Figure 2.1: Windows Server 2003 represents ACLs by listing the permissions assigned to users and groups
Figure 2.2: Permissions are inherited by default, but this behavior can be manually overridden
Figure 2.3: The ACEs assigned to Mary’s account, and her group memberships, will determine the effective permissions
Figure 2.4: Deny ACEs override all ACEs that grant permissions
Figure 2.5: Some group types can be nested within other group types
Figure 2.6: You can assign permissions to special groups that apply to users based on how they connect to the network
Figure 2.7: Use Restricted Groups to control group membership on domain members
Figure 2.8: Windows Server 2003 allows you to view the effective permissions for most object types
Figure 2.9: Use auditing to troubleshoot complex authorization problems
Figure 2.10: Auditing must be enabled for the system before it can be enabled for individual resources
Figure 2.11: Failure auditing causes events to be added to the event log when a user is denied access to a resource
Figure 2.12: Event Viewer reveals the object that the user lacked sufficient permissions to access

Chapter 3: Deploying and Troubleshooting Security Templates

Figure 3.1: The Security Templates snap-in
Figure 3.2: System Policy Editor on Windows NT 4.0
Figure 3.3: Modifying Group Policy precedence
Figure 3.4: Denying a security group access to a Group Policy object
Figure 3.5: Managing WMI filters
Figure 3.6: Troubleshooting problems relating to failed Group Policy
Figure 3.7: Help And Support Center Group Policy information
Figure 3.8: A Group Policy event
Figure 3.9: Troubleshooting problems related to unexpected inheritance
Figure 3.10: Resultant Set Of Policy
Figure 3.11: Group Policy information stored in the registry
Figure 3.12: Group order for system policies

Chapter 4: Hardening Computers for Specific Roles

Figure 4.1: Administrative Templates GPO settings
Figure 4.2: Software restrictions forbidding the execution of Notepad
Figure 4.3: Services placed in a single-layer perimeter network
Figure 4.4: Managing authorized DHCP servers
Figure 4.5: DHCP dynamic update options
Figure 4.6: Configuring Application Server options
Figure 4.7: Filtering IIS requests by network
Figure 4.8: Using shared secrets and the Message Authenticator attribute
Figure 4.9: Exchange TLS encryption
Figure 4.10: Configuring SQL Server authentication
Figure 4.11: SQL Server trace data
Figure 4.12: Microsoft Baseline Security Analyzer IIS results
Figure 4.13: Security Configuration And Analysis identifying deficient settings
Figure 4.14: Suggested perimeter network architecture

Chapter 5: Planning an Update Management Infrastructure

Figure 5.1: The Windows Server 2003 product lifecycle
Figure 5.2: The Automatic Update client configured to prompt the user to download
Figure 5.3: Approval of updates using Software Update Services
Figure 5.4: Tiered Software Update Services architecture
Figure 5.5: Selecting Uninstall This Application When It Falls Out Of The Scope Of Management
Figure 5.6: The core updating process
Figure 5.7: Notification settings for Automatic Updates
Figure 5.8: Using Add/Remove Programs for updates
Figure 5.9: Your company’s network architecture

Chapter 6: Assessing and Deploying a Patch Management Infrastructure

Figure 6.1: MBSA configured to scan a subnet
Figure 6.2: MBSA scanning a subnet
Figure 6.3: A private installation network for multiple computers
Figure 6.4: A private installation network for a single computer
Figure 6.5: A private installation network allowing for access to Windows Update
Figure 6.6: Slipstreaming a service pack
Figure 6.7: SUS synchronizing with the Windows Update server.
Figure 6.8: Automatic Updates configured using a Group Policy object
Figure 6.9: Scheduling updates that were skipped
Figure 6.10: MBSA identifies an unpatched computer

Chapter 7: Installing, Configuring, and Managing Certification Services

Figure 7.1: A CA hierarchy
Figure 7.2: Creating a subordinate CA
Figure 7.3: Backing up a CA
Figure 7.4: Specifying the common name for a CA
Figure 7.5: Requesting a subordinate CA certificate
Figure 7.6: Certificate template location
Figure 7.7: Certificate template permissions
Figure 7.8: Properties of New Template dialog box
Figure 7.9: Smart Card Logon policy added to the Application Policies list
Figure 7.10: CRL publishing list
Figure 7.11: Adding a CRL publishing location
Figure 7.12: Web interface for manual enrollment
Figure 7.13: Advanced Certificate Request using Web enrollment
Figure 7.14: Properties for a new certificate
Figure 7.15: Revoking a certificate
Figure 7.16: Publishing a CRL
Figure 7.17: Specifying key archival
Figure 7.18: Exporting a certificate
Figure 7.19: Importing a certificate
Figure 7.20: Key Recovery Agent Selection dialog box
Figure 7.21: Creating a subordinate CA

Chapter 8: Planning and Configuring IPSec

Figure 8.1: Transport mode IPSec
Figure 8.2: Remote access with IPSec
Figure 8.3: Tunnel mode IPSec
Figure 8.4: A site-to-site IPSec tunnel
Figure 8.5: Allowing the ISAKMP service through ICF
Figure 8.6: IP security policy components
Figure 8.7: The Manage IP Filter Lists And Filter Actions dialog box
Figure 8.8: Specifying custom data integrity, encryption, and session key settings
Figure 8.9: Editing IP security policy properties
Figure 8.10: Configuring an IP filter list for Web traffic

Chapter 9: Deploying and Troubleshooting IPSec

Figure 9.1: Local IPSec policy overridden by a domain policy
Figure 9.2: Configuring certificate-to-account mapping
Figure 9.3: Security association authenticated with certificates
Figure 9.4: The Active Policy node of the IP Security Monitor
Figure 9.5: Main Mode SA details
Figure 9.6: Event ID 541 showing a successful IKE SA established
Figure 9.7: Event ID 547 showing an IKE negotiation failure
Figure 9.8: Event ID 4290 showing dropped packets
Figure 9.9: Graphing IPSec performance statistics
Figure 9.10: Network Monitoring displaying ESP-encrypted packets
Figure 9.11: Ping permitted, but not secured
Figure 9.12: Event Viewer details about a dropped ICMP request
Figure 9.13: Configuring a policy to use the most common IKE security algorithms
Figure 9.14: Problematic IPSec architecture
Figure 9.15: Problematic IPSec architecture

Chapter 10: Planning and Implementing Security for Wireless Networks

Figure 10.1: Connecting to an 802.1X-authenticated wireless network
Figure 10.2: Sample user and group hierarchy for controlling wireless network authorization
Figure 10.3: Configuring policy conditions to apply the policy to wireless connections
Figure 10.4: Configuring authentication methods for a RAP
Figure 10.5: Configuring session timeout for WEP
Figure 10.6: Enabling IAS authentication auditing
Figure 10.7: Windows XP wireless network authentication configuration
Figure 10.8: The General tab of the wireless network policy properties dialog box
Figure 10.9: The Network Properties tab of the New Preferred Setting Properties dialog box
Figure 10.10: Configuring security on a WAP
Figure 10.11: Default IAS PEAP properties
Figure 10.12: The Protected EAP Properties dialog box
Figure 10.13: Wireless network architecture

Chapter 11: Deploying, Configuring, and Managing SSL Certificates

Figure 11.1: Internet Explorer’s trusted root CAs
Figure 11.2: Internet Explorer warning regarding an untrusted CA
Figure 11.3: Requiring HTTPS for a Web server
Figure 11.4: Configuring one-to-one certificate mapping
Figure 11.5: Editing rule properties for many-to-one client certificate mappings
Figure 11.6: The SSL Diagnostic Utility probing IIS
Figure 11.7: The SSL Diagnostic Utility monitoring client certificates
Figure 11.8: Exporting a SQL Server certificate
Figure 11.9: IIS configured to require SSL
Figure 11.10: The requested host name does not match the common name in the certificate
Figure 11.11: Network Monitor displaying the results of an unencrypted LDAP query
Figure 11.12: The subject field of a certificate containing the domain controller’s common name
Figure 11.13: Requiring messaging encryption
Figure 11.14: Creating an Address Book query
Figure 11.15: Configuring Address Book for encryption
Figure 11.16: Network Monitor attempting to analyze SSL-encrypted LDAP queries
Figure 11.17: Systems architecture for www.adventure-works.com

Chapter 12: Securing Remote Access

Figure 12.1: PPTP-tunneled data packet structure
Figure 12.2: L2TP-tunneled data packet structure
Figure 12.3: Configuring Routing And Remote Access to authenticate to a RADIUS server
Figure 12.4: Default server authentication and accounting settings
Figure 12.5: Default server authentication methods
Figure 12.6: Editing user dial-in properties
Figure 12.7: Configuring RAP encryption levels
Figure 12.8: Network architecture for testing VPN connectivity
Figure 12.9: Creating a new test VPN connection
Figure 12.10: Default client authentication settings
Figure 12.11: Advanced client authentication settings
Figure 12.12: Configuring VPN servers and security settings
Figure 12.13: Editing basic VPN security settings by using the CMAK wizard
Figure 12.14: Editing advanced VPN security settings by using the CMAK wizard
Figure 12.15: Editing EAP configuration settings
Figure 12.16: VPN destinations as specified in the VPN file
Figure 12.17: VPN connection details confirming security configuration
Figure 12.18: Dial-in properties of problematic user account



 < Day Day Up > 



MCSA(s)MCSE Self-Paced Training Kit Exam 70-299 (c) Implementing and Administering Security in a M[.  .. ]twork
MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)
ISBN: 073562061X
EAN: 2147483647
Year: 2004
Pages: 217

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net