لطفا منتظر باشید ...
Index
I
IAS. see Internet Authentication Server
ICANN. see Internet Corporation for Assigned Names and Numbers
ICF. see Internet Connection Firewall
identity spoofing, 247
identity, worker process, 388
IEEE 802.11a, 315–316
IEEE 802.11b, 315
IEEE 802.11g, 316
IEEE 802.15, 314
IEEE 802.11development of/specifications, 315–316
identity verification/authentication, 328
WEP encryption, 329
WLAN defined by, 314
IEEE 802.1xauthentication for wireless networks, 329, 347–348
EAP and, 329–330
group policy settings, 331–334
IAS support for, 331
IETF. see Internet Engineering Task Force
IIS. see Internet Information Server
IIS Lockdown Wizard, 130
IISLockdown, 114–116
IKE. see Internet Key Exchange
Impersonate a Client After Authentication right, 468
implementation. see framework for security implementation
/import, 91–92
import IPSec policy, 276, 277
in-band connections, 600–601
in-band management, 209
inbound passthrough, 270, 271
Incident Response plan, 28–30
Increase Scheduling Priority right, 468
incremental backup, 593
incremental policies, 102
inetinfo.exe, 353, 396–397
information disclosure, 14
infrastructure capabilities analysis, 32
infrastructure servers template, 131
infrastructure-based wireless network, 315
installations, IIS, 376–381
Institute of Electrical and Electronic Engineers (IEEE), 315, 316
integrated Windows authenticationNNTP security and, 384
overview of, 367–369
SMTP and, 385
interactive group, 512
interactive logon, 641
interfaces, DNS Server Service, 297
intermediary CAsin CA hierarchy, 159
in geographical hierarchy, 162–163
in organizational hierarchy, 163–164
in PKI architecture, 187
root CA and, 186
internal CA, 161
internal namespace, DNS, 295–296
internal networks, 442
Internetfilter actions and, 271
firewall and, 292, 293
IPSec best practices for, 283
Internet Authentication Server (IAS)overview of, 674
RADIUS and, 369–370, 406, 678
as RADIUS server, 442
security issues with, 374
Server 2000/2003 and, 404
support for 802.1x authentication, 331
using, 370–373, 662–670
Network Access Quarantine Control and, 439
Internet Connection Firewall (ICF), 292, 378–381
Internet Corporation for Assigned Names and Numbers (ICANN), 295
Internet Engineering Task Force (IETF), 155
Internet Engineering Task Force (IETF) Request for Comments (RFCs) 2401-2409, 251
Internet Information Server (IIS)5.0 sub-authentication, 364
6.0 template for, 130–131
6.0, summary of services for, 129
certificate authentication, 356–362
FTP, securing, 383–384
installations, securing, 376–381
monitoring strategy for, 389–399
NNTP, securing, 384
RADIUS authentication, 369–375
security design overview, 375–376, 402–403
security overview, 352
servers, risks to/hardening, 381–383
SMTP, securing, 385
SSL security access information and, 404
updating, content management strategy for, 399
user authentication design overview, 353–356, 401–402
version 6.0, security features in, 385–389
Windows logon authentication, 362–369
basic security for, 114
Configure Your Server to set up, 113
configuring to use SSL, 306–308
security, 250
security overview, 112–113
on Server 2003, 142
using URLScan/IISLockdown, 114–116
Internet Key Exchange (IKE)filtering traffic, 293
in IPSec policy application, 274–275
process, 252–256
Internet Protocol Security (IPSec)filters for network infrastructure servers, 119
filters for POP3 servers, 117–118
for IIS, 114
spoofing, 294
WINS servers and, 146–147
demand dial routing and, 422–423
ESP on L2TP, 438
firewall configuration, 292–293
IAS access and, 374
modes, 256–257
for network infrastructure security, 244
for network services security, 250–251
overview, 251
overview of, 242
persistent policies, 345
PKI and, 156
policies, applying, 273–284
policies, default, 264–273
policies, designing, 284–289
policies, group policies and, 342–343
policies, rules, 246
policy settings, 345–346
process, 263–264
protocols, 257–263
security associations, 252–256
summary of, 339
Internet Protocol Security (IPSec) policiesapplying, 273–284
best practices for, 282, 283
default, 264–273
designing, 284–289
in IPSec process, 263–264
Internet Security & Acceleration server, 674
Internet Security Association and Key Management Protocol (ISAKMP)/Oakley, 252–256
Internet Server Application Programming Interface (ISAPI), 353
interoperabilityconstraints analysis, 34–38
designing security for, 226–228
overview of, 39
interoperability constraints analysisand MIT Kerberos, 35–37
overview of, 34–35
UNIX DNS with Server 2003, 37–38
intranet, 375–376
IP addressDNS clients, securing, 303
DNS security and, 293–294
DNS Server Service security and, 297
IPSec modes and, 256–257
NNTP security and, 384
SMTP security and, 385
spoofing, 247
IP filtering, 272, 289–292
IP forwarding, 293
IP packetwith AH in IPSec modes, 260–261
with ESP, 261–262
IPSec process, 263–264
protection with IPSec protocols, 257–259
IP protocol 50. see Authentication Header
IP protocol 51. see Encapsulating Security PayloadIP Routing. see Routing Information Protocol
IP Security Monitor snap-in, 282
IP Security Policy Managementto configure IPSec policy, 285
for exporting/importing IPSec policy, 276
tunnels configured via, 260
IP Security Policy Management snap-in, 286–289
IPSec. see Internet Protocol Security
IPSec context, netsh.exe, 273
IPSec deployment plan, 282
IPSec drivermodes, 278–282
packet secured with, 263
policy application with, 274–275
IPSec Policy Agent Service, 263, 274
IPSec Policy Management console, 283
IPSec polling interval, 277
IPSEC/L2TP, 46
ISAKMP (Internet Security Association and Key Management Protocol), 252–256
ISAPI (Internet Server Application Programming Interface), 353
isolation mode, worker process, 354–355
isolation, delegation requirement, 487–488
issuing CAs, 162–164
IT personnel, 197
Itanium-based systems, 603
IUSR_ComputerName account, 401, 403. see also anonymous authentication
