Index
T
tables, routing, 414–415
Take Ownership of Files or Other Objects right, 470
tampering with data, 14
Task Scheduler, 465
TCP ports, 290–291
technical constraints analysisexisting infrastructure capabilities, 32–34
overview of, 31–32, 40–41
technology limitations, identifying, 34
technical policies, 4
technology limitations, 34
Telnet, 208
templates, baseline, 129–132
templates, security. see security templates
terminal concentrators, 607
Terminal Serversconfiguring, 123–125
network security management and, 201–204
to remotely manage IPSec, 283
securing, 147
summary of services for, 129
template for, 132
Terminal Services (TS)IAS access and, 374
Audit logon events policy and, 483
user rights assignments and, 464, 465, 467
text-mode setup, 605
third-party encryption, 588, 620
third-party tools for patch management, 216–217, 633–634, 676
threat prediction, 13–26
threatsagainst CA servers, 167–169, 185
common types of attacks, 247–249
to DNS servers, 294–295
to domain controllers, 107–108
password-based attack, 344
to wireless networks, 317–318
three-tier CA modeldescribed, 185
described/examples of, 162–165
securing enterprise hierarchy, 169–170
tickets, Kerberos, 647–648
time limit, account usage, 166
timestamps, 648
token object, 466
tokens, access, 466, 520, 525
tools. see also command-line tools
administrative, securing, 200, 231
MMC, 201
for patch management, 216–217
Remote Assistance, 207–208
Remote Desktop for Administration, 205–206
for securing administrators, 197–199
Syskey utility, 634–635
Telnet, 208
Terminal Server, 201–204
third-party for patch management, 633–634, 676
traffic, authentication, 110–111
transference, risk, 24, 45
transitive trust, 217, 219–222
Transport Layer Security (TLS). see also Secure Sockets Layer/Transport Layer Security
PKI and, 156
uses HMAC, 304
transport modewith Authentication Header, 257
described, 256
with ESP, 258
ESP in, 261
IP packet with AH in, 260
Triple Data Encryption Standard (3DES)described, 253
EFS and, 558
L2TP and, 438
trojan horses, 18–19, 44
trust hierarchiesgeographical, 162–163
network, 164–165
organizational, 163–164
three-tier CA, 162
trust relationshipsdesigning, 232–233
digest authentication and, 367
between domains/forests, overview of, 217–221
forest/domain functionality, 229–230
forest/domain models for, 221–226
security for interoperability in, 226–228
Trusted for delegation setting, 467
trustsPKI system dependent, 152
security of, 500
Windows Server 2003 upgrade and, 500
TS. see Terminal Servers
tunnel modewith Authentication Header, 258
described, 256–257
with ESP, 259
ESP in, 261, 262
IP packet with AH in, 261
tunnels, 423–425, 446
two-way trust, 219–221