Index_P

packets, attacks on, 5, 68–69

PAP (Password Authentication Protocol), 83

parent/child trusts, 130, 130

passwords,

See also authentication design

account password policies, 137, 139–141

cracking attacks, 5, 121–124, 122, 135, 137

strengthening in demand-dial routing, 94–95

path rules, in software restriction policies, 336

PEAP (Protected Extensible Authentication Protocol), 103–104, 103–104

permissions

to access AD objects,

See also access control

assigning, 134, 166–167

avoiding Deny permissions, 162

defined, 158

delegating, 167–168

design scenarios, 163–164, 168

extended rights permissions, 162

overview, 161

property set permissions, 163

real world scenario, 162

standard permissions, 161

validated write permissions, 163

to access files and folders

NTFS permissions, 169, 171–172

overview, 19

Share permissions, 169–172, 171

AG(G)DLP assignment guideline, 134–135

AG(G)UDLP assignment guideline, 164

assignment to users, 134

defined, 158

IIS account permissions, 245

implementing, 158–159

inheritance of, 159

modifying, 159

security baselines and, 289

physical security, 373, 374,

See also hardware

PKE (public key encryption), 194–195, 195

PKIs (public key infrastructures), 194–239

case study, 235–236

case study answers, 239

case study questions, 237–238

certificate authentication, 262–264, 263–264

certificate authorities

auditing, 218, 221–224, 222

CA Administrator role, 225–226, 225

defined, 198 , 204

design scenario, 228

overview, 203

securing CA servers, 224–228, 225–226

certificate authority implementations

certificate policy and, 210

certification practice statements and, 210

choosing CA role hierarchies, 207–208, 208

choosing CA roles, 206–207

choosing issuing CA hierarchies, 209–210

cross-certification, 205, 211–212

department CA hierarchy, 209

design scenarios, 206, 210

determining need, 204–205

enterprise CAs, 207

function CA hierarchy, 209

geographic CA hierarchy, 209

intermediate CA role, 207

issuing CA role, 207

legal requirements, 209–210

organizational CA hierarchy, 209

overview, 204

private versus commercial CAs, 205

root CA role, 206–207

security policy and, 209–210

stand-alone CAs, 207

certificate enrollment strategies

autoenrollment, 214–216, 215–216

Certificates MMC enrollment, 214, 214, 216, 217

choosing user interface, 216–217

command-line enrollment, 214

defined, 212

design scenario, 218

storing issued certificates, 217

web-based enrollment, 213, 213, 216–217

Certificate Manager role, 225–226, 225–226

certificates

choosing where to host, 206

computer certificates, 374

defined, 195–196

design scenario, 224

overview, 194, 197–198

real world scenario, 211

renewing, 218–219, 224

revocation lists, 198, 220, 229

revoking, 218, 220–221, 220–221

in software restriction policies, 335

technologies that rely on, 204–205

templates, 196–197

trusted, viewing/managing, 198–201, 199–200

trusting from other organizations, 211–212

verifying, 198, 207

defined, 194, 198

exam essentials, 229–230

when to implement, 201

key terms, 231

overview, 228–229

public key encryption, 194–195, 195

review question answers, 234

review questions, 232–233

Secure Sockets Layer example, 195, 195, 201–202, 202–203

poisoning DNS cache, 307–308, 308

policies and procedures. See security policies

PoLP (Principle of Least Privilege), 135, 136

POP3 mail server baseline templates, 300

PPTP (Point-to-Point Tunneling Protocol), 73, 73–74, 88

Print Spooler service, 251

property set permissions, 163