| < Day Day Up > |
|
IAS (Internet Authentication Service), 264–265
identity spoofing attacks, 5, 42, 43
IIS (Internet Information Server) security, 242–286,
See also server
authenticating users on websites
ASP.NET forms-based authentication, 261–262
certificate authentication, 262–264, 263–264
IIS methods of, 258–261, 259
overview, 257–258
RADIUS authentication, 264–265
case study, 280–282
case study answers, 286
case study questions, 283–285
designing baselines based on business requirements
backing up server content, 247
conflicting requirements and, 247
design scenario, 248
enabling logging, 246
enabling used services only, 244
encrypting communications, 245
enforcing/verifying baselines, 248
evaluating account permissions, 245
filtering unused protocols, 245–246
installing Authorization Manager, 246–247
installing UrlScan, 246
overview, 242–243
questions to ask in, 243–244
removing sample applications, 246
removing unused components, 244
setting ACLs on web content, 244
updating server content/security, 247
designing for minimum required website services
Code Red worms and, 249–250
design scenario, 258
on IIS, 253–256, 254
overview, 244, 249
real world scenario, 249–250
for Web Service Extensions, 244, 256–257, 256
on Windows Server 2003, 250–253
exam essentials, 273–274
IIS authentication methods
anonymous access, 259
basic authentication, 259
design scenario, 261
digest authentication, 260
integrated Windows authentication, 260
Microsoft .NET Passport, 260
overview, 258
setting, 258, 259
IIS, defined, 242
key terms, 274
monitoring and auditing IIS
with audit policies, 268–269, 269
design scenario, 270
with HTTP.sys logging, 268
with IIS protocol logging, 266–268, 266–267
overview, 246, 265
overview, 3, 242, 272–273
review question answers, 278–279
review questions, 275–277
updating server security, 247
updating website/server content
design scenario, 272
using file share, 271
using File Transfer Protocol, 271
using FrontPage Server extensions, 272
overview, 247, 270
in-band tools. See remote networkusing
WebDAV, 271
information disclosure threats, 42, 43
infrastructure mode of communication, 99
infrastructure server baseline templates, 299
infrastructures. See network; PKIs
integrated Windows authentication, 260
intelligent UPSes, 394–396, 395–396
intermediate CA role, 207–208, 208
internal user accounts, 131, 133
Internet Authentication Service (IAS), 264–265
Internet connection security, 3
Internet Information Services dialog box, 253–254, 254, 255
Internet Options dialog box, 199, 199
Internet Printing service, 255
Internet Zone rules, 335
interoperability constraints, 21–22 , 124
IP address filtering,
See also filtering
defined, 79
enabling, 79–80, 80
machine authentication using, 374
IP infrastructures. See network
IP packet filtering
defined, 80
in demand-dial routing, 96
enabling, 80–82, 81
overview, 79
in remote management, 377
IPSec (IP Security) protocol,
See also network
configuring IPSec policies, 76–78, 76, 78
defined, 75
encrypting remote data transfers, 375
filters, applying in IIS, 245–246
using with L2TP, 75, 88–89
overview, 70, 71
issuing CA hierarchies, 209–210
issuing CA role, 207–208, 208
| < Day Day Up > |
|