Index[SYMBOL]
[A]
[B]
[C]
[D]
[E]
[F]
[G]
[H]
[I]
[J]
[K]
[L]
[M]
[N]
[O]
[P]
[Q]
[R]
[S]
[T]
[U]
[V]
[W]
[X]
[Z]
S4U2Self (Service-for-User-to-Self) extension, Kerberos 2nd 3rd SACL (System Access Control List)Safe Mode Software Restriction Policies SafeDllSerachMode setting (security baseline templates) SAM (Security Account Manager)SAM (security accounts manager) password hash storagescanning vunerabilities 2nd 3rd 4th 5th 6th 7th 8th 9th Schema Admins group forest-wide permissions Schema Master FSMOscope groups 2ndScope of Managements (SOMs)
[See SOMs (Scope of Management)]scopes Authorization Manager 2nd 3rd 4th 5th 6th ScreenSaverGracePeriod setting (security baseline templates)scripts Authorization Scripts 2nd 3rd 4th 5th 6th 7th 8th 9th Scripts shutdown subfolder (GPO) Scripts startup subfolder (GPO) Scripts subfolder (GPO)secedit commandsecurity templates applying 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15thSecure Sockets Layer (SSL)
[See communication;SSL (Secure Sockets Layer)] Securedc security template Securews security templatesecurity information security goal of 2nd 3rd principles 2nd attack surface reduction auditing 2nd 3rd availability complete mediation 2nd confidentiality 2nd 3rd 4th defense in depth 2nd 3rd diversity of mechanism 2nd economy of mechanism fail-safe defaults integrity 2nd 3rd least privilege 2nd open designs psychological acceptability 2nd relevance security policy separation of duties 2nd training and awareness Security Account Manager (SAM)security accounts manager (SAM) password hash storagesecurity areas (networks) segmenting security assessment security awarenesssecurity baseline configuration domain controllers 2ndsecurity boundaries (forests) trusts 2nd 3rd 4th 5th 6th 7th 8th 9th Security Descriptorssecurity filteringGPOs checking 2nd security groupssecurity identifier (SID)
[See SID (security identifier)]security levelsCOM/COM+ applications setting 2ndSoftware Restriction Policies hacking levels 2nd 3rd setting 2ndsecurity logs monitoring security monitoring 2nd 3rd 4th 5th Active Directory 2nd 3rd dcdiag 2nd 3rd 4th Group Policy 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th replication 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th 26th 27th 28th 29th DHCP 2nd 3rd DNS 2nd 3rd 4th 5th 6th 7th 8th 9th 10th event logs 2nd 3rd 4th 5th 6th 7th Group Policy 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st dcdiag 2nd 3rd 4th replication 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th 26th 27th 28th 29th network connectivity 2nd 3rd 4th 5th 6th 7th 8th 9th 10th performance monitoring 2nd 3rd 4th 5th 6th 7th 8th 9th PKI (public key infrastructure) 2nd 3rd remote access 2nd 3rd 4th routing 2nd 3rd 4th shares 2nd 3rd Security Options 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th baseline templates 2nd 3rd 4th 5th 6th 7th 8th 9th 10th TCP/IP settings 2nd 3rd 4th Domain controllers 2nd 3rd 4th 5th establishing Security Options (Group Policy) Security permission (event logs)security policies implementingsecurity policy boundaries Active Directory 2ndsecurity principals anonymous access 2nd Security Principals (authorization) Security Reference Monitor (SRM) [See SRM (Security Reference Monitor)] Security Support Provider Interface (SSPI). SSPI (Security Support Provider Interface)Security Support Providers (SSP)
[See SSP (Security Support Providers)]security template consoles creating security templates 2nd 3rd 4th 5th 6th 7th applying 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th baseline templates 2nd 3rd 4th 5th Account Policies 2nd categories dowloading reviewing Security Options 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th services 2nd 3rd 4th user rights 2nd 3rd 4thcomputer roles securing by 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th 26th 27th 28th 29th 30th 31st 32nd 33rd 34th 35th 36th 37th 38th 39th 40th 41st configuring 2nd 3rd creating 2nd 3rd default security templates 2ndGPOs importing into incremental templates 2nd 3rd 4th DHCP servers 2nd 3rd 4th DNS clients DNS servers 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th DNS zones downloading infrastructure servers 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd port blocking 2nd service accounts well-known account protection 2nd WINS servers modifying 2nd 3rd 4th 5th 6thpermissions setting 2nd testingtesting of hacking contests security updates 2nd 3rd 4th 5th non-Internet computerspatches Automatic Updates 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th directly applying Software Update Services 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th 26th 27th Windows Update Site 2nd 3rdproactive updates implementing 2nd 3rd 4threactive updates implementingsecurity vunerability announcements best practices security vuneralibility announcements Select Users or Groups dialog box 2nd selective authentication trusts 2nd self-signed certificates 2nd 3rd separation of duties security principle 2nd Server Operators groupserversDHCP servers securing 2nd 3rd 4thDNS servers securing 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14thdomain controllers promoting to 2nd 3rd 4th 5th 6th 7thinfrastructure servers securing 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rdinstalling as domain controllers 2nd 3rdnetwork authentication configuring for 2nd promoting to domain controller 2ndWINS servers securingservice accountssecuring incremental templatesservice administration secure configuration 2nd 3rd service logons Service ticket (Kerberos) Service-for-User-to-Self (S4U2Self) extension, Kerberos 2nd 3rdservices baseline templates 2nd 3rd 4th locking down servicessession security NTLM NTLMv2 2nd 3rd Set Value permission (registry) Setup security template Shadow Copy volumes 2nd 3rd command-line administration creating 2nd 3rd 4th 5th 6th 7th 8th restoring 2nd 3rdshared folders Shadow Copy volumes 2nd 3rd command-line administration creating 2nd 3rd 4th 5th 6th 7th 8th restoring 2nd 3rd shares 2nd 3rdanonymous access limiting best practices 2nd creating 2nd 3rd 4th 5th 6th 7th default permissions 2nd 3rd 4th default shares 2nd 3rd File and Printer Sharing mode 2nd 3rdpermissions combining 2nd remote administration security monitoring 2nd 3rdSMB shares remote storage 2ndsharingencrypted files EFS 2nd 3rd 4th 5th shortcut trusts 2nd 3rd 4th 5th 6thSID relative identifiers well-known SIDs SID (security identifier) SIDs filtering 2nd 3rdwell-known SIDs anonymous access 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14thsigning (message) SMB (server message block) signing 2nd 3rdsigning (server) LDAP 2nd 3rdsilent decryption EFS (Encrypting File System) Simple Certificate Enrollment Protocol (SCEP) Add on for Certificate Servicessingle (symmetric) key encryption EFS (Encrypting File System) 2nd 3rd 4th 5th 6th 7th 8th 9thsites Active Directory 2ndsmall officesdomain controllers physical security 2nd 3rd 4th 5th 6th 7thsmart cards authentication 2nd Certificate Services 2ndSMBWebDAV compared SMB (server message block) signing 2nd 3rdSMB shares remote storage 2ndSMB signing requiring SMS (Systems Management Server)softwareauthorization Authorization Manager 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th 26th 27th 28th 29th 30th 31st 32nd 33rd 34th 35th 36th 37th 38th 39th 40th 41st 42nd 43rd 44th 45th 46th 47th 48th 49th 50th 51st 52nd 53rd 54th 55th 56th 57th 58th 59th 60th 61st 62nd 63rd 64th 65th 66th 67th 68th Component Services 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th Software Restriction Policy 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th 26th 27th 28th 29th 30th 31st 32nd 33rd 34th 35th 36th 37th 38th 39th 40th 41st 42nd 43rd 44th 45th 46th 47th 48th 49th 50th 51st 52nd 53rd 54th 55th 56th 57th 58th 59th 60th 61stcryptographic software Federal Information Processing Standard (FIPS) 140-1 legacy application permissions 2nd 3rd 4th Software Restriction Policies 2nd 3rd 4th 5th 6thanti-virus protection compared automatic path rules best practices 2nd 3rdCOM+ applications setting 2nd 3rd creating 2nd 3rddesignated file types establishing 2nd 3rdenforcement determining 2nd 3rd examplesoftware restriction policies Group PolicySoftware Restriction Policies limitations 2nd 3rd Local Security Policyrules certificate rules 2nd 3rd creating 2nd 3rd 4th 5th hash rules 2nd 3rd 4th 5th Internet zone rules 2nd path rules 2nd 3rd 4th 5th registry rules 2nd 3rd 4th 5th Safe Modesecurity levels hacking levels 2nd 3rd setting 2nd troubleshooting 2nd 3rd trusted publishers 2nd 3rd Software Update Services 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th 26th 27th SOMs (Scope of Management)sonarFRS functionality checking 2ndSonarFRS traffic levels monitoring 2nd 3rd 4thspoofsSID spoofs catching 2nd 3rdSPOOLSS named pipe anonymous accessSQLnamed pipe anonymous access SRM (Security Reference Monitor) 2nd SRV (Service Locator) resource records (DNS) 2nd SSL 2nd 3rd 4th (Secure Sockets Layer)implementing IIS 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11thSSP (Security Support Providers) SSPI (Security Support Provider Interface)standalone root CAs configuring 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th Standalone Root Certification Authoritystandalone servers built-in groupsgroups managing 2nd 3rd 4th 5th 6th 7th 8th 9thusers managing 2nd 3rd 4th 5th 6th 7th 8th 9th Standalone Subordinate Certification Authoritystandar template types certificate templatesstandards auditing backups Startup Key dialog boxstartup mode basline template services Store password using reversible encryption user account restriction Store passwords using reversible encryption option (Password Policy)subfolders GPOssubordinate CAsautoenrollment configuring 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th configuring 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th installing 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th 26th 27th 28th 29throle separations establishing 2nd 3rd 4th 5th 6thsuperceding certificate templates 2ndSupport Tools group (Windows 2003 Server installation CD)Group Policy troubleshootingSUS serversAutomatic Update clients configuring 2nd 3rd 4th configuring 2nd 3rd 4th 5th 6th hierarchies 2nd 3rd installing 2nd 3rd 4th 5th 6th 7th 8thoffline SUS servers preparing 2nd securing 2ndsymmetric (single) key encryption EFS (Encrypting File System) 2nd 3rd 4th 5th 6th 7th 8th 9th symmetric key cryptographypublic key cryptography compared SynAttackProtect setting (security baseline templates)synchronization external timeservers 2nd 3rd 4th 5th 6thsynchronization (time) trust relationships Synchronize file/folder permission (NTFS) Syskey syskeySyskeyaccount database protecting 2nd 3rd 4th 5thsyskey configuring startingSystem Access Control List (SACL)
[See SACL (System Access Control List)] System File Checker System log permission (event logs)System Restore EFS (Encrypting File System)system services domain controllers 2nd 3rd system services (Group Policy)system state backups ntbackup tool 2nd 3rd 4th system user accountssystems state backups restoring 2nd Sysvol share |
لطفا منتظر باشید ...
Windows Server 2003 Security: A Technical ReferenceBy
Table of Contents
| Index
If you''''re a working Windows administrator, security is your #1
challenge. Now there''''s a single-source reference you can rely on
for authoritative, independent help with every Windows Server
security feature, tool, and option: Windows Server 2003
SecurityRenowned Windows security expert Roberta Bragg has brought
together information that was formerly scattered through dozens of
books and hundreds of online sources. She goes beyond facts and
procedures, sharing powerful insights drawn from decades in IT
administration and security. You''''ll find expert implementation tips
and realistic best practices for every Windows environment, from
workgroup servers to global domain architectures. Learn how to:
Reflect the core principles of information security throughout
your plans and processes
Establish effective authentication and passwords
Restrict access to servers, application software, and
data
Make the most of the Encrypting File System (EFS)
Use Active Directory''''s security features and secure Active
Directory itself
Develop, implement, and troubleshoot group policies
Deploy a secure Public Key Infrastructure (PKI)
Secure remote access using VPNs via IPSec, SSL, SMB
signing,
LDAP signing, and more
Audit and monitor your systems, detect intrusions, and respond
appropriately
Maintain security and protect business continuity on an ongoing
basis"Once again, Roberta Bragg proves why she is a leading authority
in the security field! It''''s clear that Roberta has had a great deal
of experience in real-world security design and implementation. I''''m
grateful that this book provides clarity on what is often a
baffling subject!"James I. Conrad, MCSE 2003, Server+, Certified Ethical
Hacker
James@accusource.net"Full of relevant and insightful information. Certain to be a
staple reference book for anyone dealing with Windows Server 2003
security. Roberta Bragg''''s Windows Server 2003 Security is a
MUST read for anyone administering Windows Server 2003."Philip Cox, Consultant, SystemExperts Corporation
phil.cox@systemexperts.com"Few people in the security world understand and appreciate
every aspect of network security like Roberta Bragg. She is as
formidable a security mind as I have ever met, and this is
augmented by her ability to communicate the concepts clearly,
concisely, and with a rapier wit. I have enjoyed working with
Roberta more than I have on any of the other 20 some odd books to
which I have contributed. She is a giant in the field of network
security."Bob Reinsch
bob.reinsch@fosstraining.com"Windows Server 2003 Security explains why you should do
things and then tells you how to do it! It is a comprehensive guide
to Windows security that provides the information you need to
secure your systems. Read it and apply the information."Richard Siddaway, MCSE
rsiddaw@hotmail.com"Ms. Bragg''''s latest book is both easy to read and technically
accurate. It will be a valuable resource for network administrators
and anyone else dealing with Windows Server 2003 security."Michael VonTungeln, MCSE, CTT
mvontung@yahoo.com"I subscribe to a number of newsletters that Roberta Bragg
writes and I have ''''always'''' found her writing to be perfectly
focused on issues I ''''need'''' to know in my workplace when dealing
with my users. Her concise writing style and simple solutions bring
me back to her columns time after time. When I heard she had
written a guide on Windows 2003 security, I ''''had'''' to have it.Following her guidance on deployment, her advice on avoiding
common pitfalls, and her easy to follow guidelines on how to lock
down my network and user environments (those darned users!) has me
(and my clients) much more comfortable with our Win2k3 Server
deployments. From AD to GPO''''s to EFS, this book covers it all."Robert Laposta, MCP, MCSA, MCSE, Io Network Services, Sierra
Vista
AZrob.laposta@cox.net"Roberta Bragg has developed a ''''must have'''' manual for
administrators who manage Microsoft Windows 2003 servers in their
organizations. The best practices for strengthening security
controls are well organized with practical examples shared
throughout the book. If you work with Windows 2003, you need this
great resource."Harry L. Waldron, CPCU, CCP, AAI, Microsoft MVP - Windows
Security Information Technology Consultant
harrywaldronmvp@yahoo.com"Roberta Bragg''''s Windows Server 2003 Security offers more
than just lucid coverage of how things work, but also offers sound
advice on how to make them work better."Chris Quirk; MVP Windows shell/user
cquirke@mvps.org"This book is an invaluable resource for anyone concerned about
the security of Windows Server 2003. Despite the amount and
complexity of the material presented, Roberta delivers very
readable and clear coverage on most of the security-related aspects
of Microsoft''''s flagship operative system. Highly recommended
reading!"Valery Pryamikov, Security MVP, Harper Security Consulting
valery.pryamikov@harper.no"As long as you have something to do with Windows 2003, I have
four words for you: ''''Order your copy now.''''"Bernard Cheah, Microsoft IIS MVP, Infra Architect, Intel
Corp.
bernard@mvps.org"Roberta Bragg has developed a ''''must have'''' manual for
administrators who manage Microsoft Windows 2003 servers in their
organizations. The best practices for strengthening security
controls are well organized, with practical examples shared
throughout the book. If you work with Windows 2003, you need this
great resource."Harry L. Waldron
CPCU, CCP, AAI Microsoft MVPWindows Security Information
Technology Consultant
