Index_I

IAS (Internet Authentication Service), 264–265

identity spoofing attacks, 5, 42, 43

IIS (Internet Information Server) security, 242–286,

See also server

authenticating users on websites

ASP.NET forms-based authentication, 261–262

certificate authentication, 262–264, 263–264

IIS methods of, 258–261, 259

overview, 257–258

RADIUS authentication, 264–265

case study, 280–282

case study answers, 286

case study questions, 283–285

designing baselines based on business requirements

backing up server content, 247

conflicting requirements and, 247

design scenario, 248

enabling logging, 246

enabling used services only, 244

encrypting communications, 245

enforcing/verifying baselines, 248

evaluating account permissions, 245

filtering unused protocols, 245–246

installing Authorization Manager, 246–247

installing UrlScan, 246

overview, 242–243

questions to ask in, 243–244

removing sample applications, 246

removing unused components, 244

setting ACLs on web content, 244

updating server content/security, 247

designing for minimum required website services

Code Red worms and, 249–250

design scenario, 258

on IIS, 253–256, 254

overview, 244, 249

real world scenario, 249–250

for Web Service Extensions, 244, 256–257, 256

on Windows Server 2003, 250–253

exam essentials, 273–274

IIS authentication methods

anonymous access, 259

basic authentication, 259

design scenario, 261

digest authentication, 260

integrated Windows authentication, 260

Microsoft .NET Passport, 260

overview, 258

setting, 258, 259

IIS, defined, 242

key terms, 274

monitoring and auditing IIS

with audit policies, 268–269, 269

design scenario, 270

with HTTP.sys logging, 268

with IIS protocol logging, 266–268, 266–267

overview, 246, 265

overview, 3, 242, 272–273

review question answers, 278–279

review questions, 275–277

updating server security, 247

updating website/server content

design scenario, 272

using file share, 271

using File Transfer Protocol, 271

using FrontPage Server extensions, 272

overview, 247, 270

in-band tools. See remote networkusing

WebDAV, 271

information disclosure threats, 42, 43

infrastructure mode of communication, 99

infrastructure server baseline templates, 299

infrastructures. See network; PKIs

integrated Windows authentication, 260

intelligent UPSes, 394–396, 395–396

intermediate CA role, 207–208, 208

internal user accounts, 131, 133

Internet Authentication Service (IAS), 264–265

Internet connection security, 3

Internet Information Services dialog box, 253–254, 254, 255

Internet Options dialog box, 199, 199

Internet Printing service, 255

Internet Zone rules, 335

interoperability constraints, 21–22 , 124

IP address filtering,

See also filtering

defined, 79

enabling, 79–80, 80

machine authentication using, 374

IP infrastructures. See network

IP packet filtering

defined, 80

in demand-dial routing, 96

enabling, 80–82, 81

overview, 79

in remote management, 377

IPSec (IP Security) protocol,

See also network

configuring IPSec policies, 76–78, 76, 78

defined, 75

encrypting remote data transfers, 375

filters, applying in IIS, 245–246

using with L2TP, 75, 88–89

overview, 70, 71

issuing CA hierarchies, 209–210

issuing CA role, 207–208, 208