| < Day Day Up > |
|
packets, attacks on, 5, 68–69
PAP (Password Authentication Protocol), 83
parent/child trusts, 130, 130
passwords,
See also authentication design
account password policies, 137, 139–141
cracking attacks, 5, 121–124, 122, 135, 137
strengthening in demand-dial routing, 94–95
path rules, in software restriction policies, 336
PEAP (Protected Extensible Authentication Protocol), 103–104, 103–104
permissions
to access AD objects,
See also access control
assigning, 134, 166–167
avoiding Deny permissions, 162
defined, 158
delegating, 167–168
design scenarios, 163–164, 168
extended rights permissions, 162
overview, 161
property set permissions, 163
real world scenario, 162
standard permissions, 161
validated write permissions, 163
to access files and folders
NTFS permissions, 169, 171–172
overview, 19
Share permissions, 169–172, 171
AG(G)DLP assignment guideline, 134–135
AG(G)UDLP assignment guideline, 164
assignment to users, 134
defined, 158
IIS account permissions, 245
implementing, 158–159
inheritance of, 159
modifying, 159
security baselines and, 289
physical security, 373, 374,
See also hardware
PKE (public key encryption), 194–195, 195
PKIs (public key infrastructures), 194–239
case study, 235–236
case study answers, 239
case study questions, 237–238
certificate authentication, 262–264, 263–264
certificate authorities
auditing, 218, 221–224, 222
CA Administrator role, 225–226, 225
defined, 198 , 204
design scenario, 228
overview, 203
securing CA servers, 224–228, 225–226
certificate authority implementations
certificate policy and, 210
certification practice statements and, 210
choosing CA role hierarchies, 207–208, 208
choosing CA roles, 206–207
choosing issuing CA hierarchies, 209–210
cross-certification, 205, 211–212
department CA hierarchy, 209
design scenarios, 206, 210
determining need, 204–205
enterprise CAs, 207
function CA hierarchy, 209
geographic CA hierarchy, 209
intermediate CA role, 207
issuing CA role, 207
legal requirements, 209–210
organizational CA hierarchy, 209
overview, 204
private versus commercial CAs, 205
root CA role, 206–207
security policy and, 209–210
stand-alone CAs, 207
certificate enrollment strategies
autoenrollment, 214–216, 215–216
Certificates MMC enrollment, 214, 214, 216, 217
choosing user interface, 216–217
command-line enrollment, 214
defined, 212
design scenario, 218
storing issued certificates, 217
web-based enrollment, 213, 213, 216–217
Certificate Manager role, 225–226, 225–226
certificates
choosing where to host, 206
computer certificates, 374
defined, 195–196
design scenario, 224
overview, 194, 197–198
real world scenario, 211
renewing, 218–219, 224
revocation lists, 198, 220, 229
revoking, 218, 220–221, 220–221
in software restriction policies, 335
technologies that rely on, 204–205
templates, 196–197
trusted, viewing/managing, 198–201, 199–200
trusting from other organizations, 211–212
verifying, 198, 207
defined, 194, 198
exam essentials, 229–230
when to implement, 201
key terms, 231
overview, 228–229
public key encryption, 194–195, 195
review question answers, 234
review questions, 232–233
Secure Sockets Layer example, 195, 195, 201–202, 202–203
poisoning DNS cache, 307–308, 308
policies and procedures. See security policies
PoLP (Principle of Least Privilege), 135, 136
POP3 mail server baseline templates, 300
PPTP (Point-to-Point Tunneling Protocol), 73, 73–74, 88
Print Spooler service, 251
property set permissions, 163
| < Day Day Up > |
|