Index - MCSE Designing Security for a Windows Server 2003 Network [Electronic resources] : Exam 70-298 Study Guide نسخه متنی

Index

P

packet filtering, IP. see IP packet filtering

packet filtering, L2TP/PPTP, 438

Padding field, 262

Padding Length, 262

pagefile, 466

Passport. see Microsoft Passport Authentication

password authentication, 640

Password Authentication Protocol (PAP), 653

Password Complexity policy, 477–478

Password must meet complexity requirements setting, 475

password policies

for authentication strategy, 166

configuration of, 496

designing, 462

settings, 474–476

password security, 474–480

account lockout policy, creating, 478–480

important points about, 496

password complexity requirements, 477–478

Password policy settings, 474–476

user password tips, 476–477

password-based attack, 247, 344

passwords

AD and, 145

random password generators, 398

RIP and, 417–418

security and, 43–44

security of, 457

for service accounts, 461

storage locations, 635

Store passwords using reversible encryption setting, 677–678

strong, requirements of, 68

Syskey and, 635–637

patch management. see also Software Update Services

Group Policy and, 632

overview of, 631

Software Update Services and, 632–633

third-party tools for, 633–634, 676

update testing and, 679–680

PEAP with EAP-MS-CHAPv2, 330

PEAP with EAP-TLS, 330

peer limiting, 419

Perform Volume Maintenance Tasks right, 469

performance

EFS and, 554

IAS server, 375

SSL/TLS and, 387

Performance Monitor, 469

permission structure for data

AGUDLP strategy, 491–492

combining/nesting groups, 493–494

Domain Local groups, 492

domain/forest functional levels, 494–495

Global groups, 492

Universal groups, 492–493

permissions

assigning, 458–460

default, for DNS Server Service, 299

default, in AD-Integrated zones, 300–301

discretionary, 508

for DNS RRs in Active Directory, 302–303

groups and, 516

overview of, 512

registry objects and, 552–553

remote access, 657

scenario, 504–505

for service accounts, 497

for user accounts, 496

Permit filter action, 270

permit mode, 279

persistent connections, 443

persistent IPSec policy, 282, 345

persistent policies, 278

personal identification number (PIN), 153

PFS (Master Key Perfect Forward Secrecy), 268

Phase I Security Association

authentication methods, 254–255

Diffie-Hellman groups, 255–256

IPSec encryption algorithms, 252–253

IPSec hash algorithms, 253–254

Phase II Security Association, 252, 256

physical policies, 4

physical security, 171, 342

Ping of Death, 15

PKI. see public key infrastructure

Point-to-Point Tunneling Protocol (PPTP)

firewalls and, 450–451

vs. L2TP, 438, 447

VPNs and, 425–433, 654

policies

acceptable use, 4–5

account, Security Templates and, 67–69

audit, enabling on local machine, 394–395

auditing, 620

local, Security Templates and, 69–71

nesting, for security groups, 524–525

network management, 200

overview of, 39

password/account, 145

physical/technical/administrative, 4

Recovery Agent, removing, 579–580

remote access, 654–662

Resultant Set of, 9

retirement, for security groups, 526

for security groups creation, 521–522

settings, results review, 82–85

Terminal Services single-session, 206

policy CAs, 185. see also intermediary CAs

policy change auditing setting, 481

policy change events, 540

policy negotiation, 252–256

POP3 mail servers

authentication methods, 118

security levels, 117–118

security overview, 116–117

summary of services for, 129

template for, 131

port authentication, 312

ports

configuring for two-way trusts, 233

IIS hardening and, 382

network communications and, 447

PPTP/L2TP and, 448

Terminal Services, changing, 202–204

Power On Self Test (POST), 603

PPTP. see Point-to-Point Tunneling Protocol

Pre-Boot eXecution Environment (PXE), 603

predefined filter actions, 270–272

predefined filter lists, 269–270

predefined IPSec policies. see default IPSec policies

predefined security templates. see security templates

Preferred Networks tab, 324–325

pre-shared keys, 255, 282

print servers

configuring, 123

summary of services for, 129

template for, 131–132

printing, 580–587

privacy, 4–5, 261–263

private data, 25

private key pair, 181–184

private keys

file security and, 557

installing CA and, 174

key retrieval/recovery, 157

in PKI process, 154

in public key cryptography, 153

security of, 564–565

privilege use, 481, 538–539

process tracking, 481, 540

Profile Single Process right, 469

Profile System Performance right, 469

profiles, remote access, 657–659

protocols

authentication, 671

Digest Authentication, 650

Kerberos, 646–648

L2TP for VPN access, 433–438

NTLM authentication, 648–650

PPTP for VPNs, 425–433

selecting for clients, 646–647, 652–654

Server 2003 user authentication, 639

SSL/TLS, 650–651

supported by IAS, 663–665

proxy servers, 244, 309

public data, 25

public key

digital certificates hold, 156

installing CA and, 174

in public key cryptography, 153

public key cryptography

described, 153

for digital certificates, 153–154

public key infrastructure (PKI)

architecture of, 155–158, 187–188

basic concepts of, 152–155

certificate distribution, designing, 172–184

with Certificate Services, designing, 186

certification authority implementation, designing, 158–165

design questions, 188–190

designing security for CA servers, 167–171

logical authentication strategy, designing, 165–167

overview of, 152

review of, 319–320

viability of, 344

for wireless network infrastructure, 327

WLAN network infrastructure requirement, 322

public key infrastructure X.509 (PKIX), 155

public key pair, 181–184

Publishing Points ACL, 128

PXE (Pre-Boot eXecution Environment), 603