|
pass-through authentication, 288
Password Policy group control settings, 105–6
passwords
auditing account management, 358
KMS setup and, 247
Outlook Web Access and, 299–301
policy settings, 105–7
threats to, 79
weak, 88, 92–93
Passwords tab, KMS Key Manager object, 249
patches, 83–100
additional reading, 115
checklist for, 101–2
creating/distributing, 83–85
distributing automatically, 97–100
figuring out what needs, 85–86
patches, MBSA
from command line, 93–97
downloading and installation, 89–90
launching, 90–93
overview, 86–89
PEAP (Protected EAP), 38
penetration attacks, 63
perimeter spam filtering, 156
perimeters, virus scanners for, 180–82
Perl, 357
permissions, 49–56. See also delegation
ADC installation and, 121
CA security and, 255
Certificate Services, 251–52
certificates for Exchange, 193
Exchange installation and, 124
Exchange-specific, 49–52
Explorer and Exchange, 52
group structure, 119–20
KMS, 249
mailbox, 54–56, 168–69
management tasks, 125
overview of, 42
roles and, 52–54
running /domainprep and, 123–24
running /forestprep and, 122
strengthening, 135–36
upgrading servers, 124–25
Web site information, 137
Permissions page, Delegation of Control wizard, 128
PGP (Pretty Good Privacy), 19
physical security, 73–82
additional reading, 80
Certificate Services installation planning, 242
confidentiality, 9
environment, 75–77
hardware, 77–78
laptops and, 78–79
overview of, 73–74
threat assessment, 74–75
PKCS#10 requests, 193, 195–98
PKI (public-key infrastructure)
building, 225–27
components of, 23–24
designing hierarchy, 228–32
history of, 221
outsourcing, 225–26
planning for, 222–25
standalone vs. enterprise CAs, 227–28
plaintext, 279–80
Pocket Outlook, 329
policies, IPsec
creating, 207–15
exemptions, 207
FE/BE communications and, 310–13
overview of, 204–6
policy settings, 102–7
auditing, 103–5
content filters, 166
Group Policies, 102–3
password and account, 105–7
SUS clients, 100
polymorphic viruses, 178
POP3 (Post Office Protocol version 3), 323–30
access control, 324–26
additional reading, 329
IPsec, 208
overview of, 323–24
SMTP relaying and, 141
SSL, 326–29
ports
access control and, 326
firewalls and, 306–9
IM traffic blocks, 341–43
Post Office Protocol version 3. See POP3 (Post Office Protocol version 3)
predefined groups, 46
preshared keys, IPsec, 203
Pretty Good Privacy (PGP), 19
PreventAutoUpdate value, Windows Messenger, 341
PreventRun value, IM client, 340
Print Operators group, defined, 45–46
privacy
additional reading, 13
IM controls, 336, 337–38
protecting, 10–11
Web site information, 13
Privacy tab, IM, 336–37
private keys, 20, 235–36
privileges
attacks on, 63, 118
auditing use events, 359–60
Exchange Full Administrator, 124–25
Exchange installation on member servers, 119
KMS, 247
requesting certificates, 193
proactive scans, 179
Programmatic Settings tab, Outlook security form template, 269–71
properties, 134–35
property sets, 131–34
Protected EAP (PEAP), 38
protocols, security, 29–40. See also algorithms
additional reading, 40
authentication-only, 35–39
IPSec, 30–34
overview of, 15–16
S/MIME, 34–35
SSL and TLS, 30
protocolSettings attribute, 326
proxies, 305–6
public folders
Exchange-specific permissions for, 50–52
permissions and, 55–56
security settings, 266–67
stores, 318
public-key encryption, 20–26
algorithms, 25–26
digital certificates, 21–24
how it works, 24–25
overview of, 20–21
public-key infrastructure. See PKI (public-key infrastructure)
publishing, certificates in GAL, 275
publishing CRLs, 253
publishing CTLs, 252–53
publishing MAPI RPCs with ISA server, 215–18
|