Index - MCSE Designing Security for a Windows Server 2003 Network [Electronic resources] : Exam 70-298 Study Guide نسخه متنی

Index

A

AAA (authentication, authorization, accounting) Model, 639

ABR (area border routers), 419

Acceptable Use Policy (AUP), 4–5

access

anonymous, 109–110

default IIS options, 377

Deny Access to This Computer from the Network right, 466

group strategy for accessing resources, 490–495

Network Access Quarantine Control and, 670

registry, securing, 615

removable media, 108

user, securing, 615

wireless using IAS, 669

access control. see also data access control

audit requirement analysis, 534–541

domain local groups and, 520

/image/library/english/13827_folders design strategy, 617

registry access control, 541–553

access control entries (ACEs), 513–514

Access Control List Editor, 533

Access Control Lists (ACLs)

NTFS/share permissions, 455–457, 496

data access and, 509

overview of, 513

access control strategy

account security policies, 463–474

administrative and service accounts, 460–462

auditing user account activity, 480–486

delegation strategy, 487–490

for directory services, designing, 454–457, 499

important points about, 496

password policies, designing, 462

password security, 474–480

rights/permissions, assigning, 458–460

risks to directory services, 457–458

access design strategy, 455

access mask, 514

access request, 514

Access This Computer from the Network right, 464

accidental network access, 317, 343

account group, 515

Account Group/ACL (AG/ACL), 517–518, 621–622

Account Group/Resource Group (AG/RG), 518

account groups, 619

Account lockout duration setting, 479

Account Lockout policy

creating, 478–480

duration, 68

password security and, 477

Restricted groups, 470–472

scenario, 503–504

user rights assignments, 463–470

Account lockout threshold setting, 479

account logon event, 537–538

account management, 481

account policies, 67–69, 145

account security policies

implementing via Group Policy, 463

Kerberos policy, creating, 472–474

Restricted groups, 470–472

user rights assignments, 463–470

accounts

administrator, 645

local system, 512

naming conventions, securing, 646

user, securing, 645–646

ACEs (access control entries), 513–514

ACL. see Access Control Lists

Act as Part of the Operating System right, 464

Active Directory (AD)

certificate temples and, 188

DNS RR in, 302–303

domains, 133

IAS servers and, 666

IPSec policy stored in, 273–274

for network infrastructure security, 246

role-based delegation with, 198

WLAN network infrastructure requirement, 322

Active Directory Client Services extensions, 74–75

Active Directory security

access control strategy for directory services, 454–457

account security policies, 463–474

administrative and service accounts, 460–462

auditing user account activity, 480–486

delegation strategy, 487–490

group strategy for accessing resources, 490–495

overview of, 454

password policies, designing, 462

password security, 474–480

rights/permissions, assigning, 458–460

risks to directory services, 457–458

Active Directory Users and Computers Snap-in

Account Lockout policy creation with, 479–480

Audit policy creation with, 482

setting Password Complexity policy with, 477–478

Active Directory-Integrated zones, 300–301

ad hoc wireless network

described, 315

scenario, 347

when to use, 343

Add Workstations to the Domain right, 464

Adjust Memory Quotas for a Process right, 464

administration delegation strategy, 487–490

Administrative account, 461–462

administrative credentials, 283

administrative policies, 4

administrator accounts, 645, 646

administrators

authority delegation for, 197–199

credentials restriction of, 195–196, 231

delegation strategy, 487–490

securing tools for, 197–199

security policies for administrators/IT personnel, 197

advanced digest authentication, 385–386

Advanced Digest Security, 407

AG/ACL (Account Group/ACL), 517–518, 621–622

AG/RG (Account Group/Resource Group), 518

AGDLP

defined, 454

described, 491, 498, 512

nesting groups, 493–494

user rights and, 513

AGUDLP strategy, 491–492, 498

AH. see Authentication Header

AIA (Authority Information Access) 168-169. see Authentication Header

All ICMP Traffic filter list, 269

All IP Traffic filter list, 269

Allow automatic administrative logon, 611, 612

Allow floppy copy and access to all drivers and all folders, 612

Allow Log On Locally right, 464–465

Allow Log On through Terminal Services right, 465

/analyze, 90–91

anonymous access restriction, 109–110

anonymous authentication, 362–364

anti-virus protection, 630

anti-virus software, 485

APIPA (Automatic Private IP Addressing), 421

Application log, 396

Application server mode, Terminal Services, 202

application servers, 129, 131

application sharing security, 250–251

application-layer attack, 248

Apply Group Policy permissions, 215

area border routers (ABR), 419

/areas, 89

AS boundary router (ASBR), 420

ASP.NET

404 errors and, 406

IIS 6 authorization options, 388–389

IIS hardening and, 382

ASR. see Automated System Recovery

assets risk analysis, 23

asymmetric encryption, 153–154. see also public key cryptography

asymmetric keys, 304

ATM (Automatic Teller Machine), 153

attack vectors, 629–630

attacks. see also specific type of attack

analysis of, 623

combating network, 18

external, motivations for, 22

network infrastructure security and, 247–249

nontechnical, 20

overview of, 39

recognizing indicators of, 27

risk analysis and, 510–511

threat to wireless networks, 317–318

Audit account logon events setting, 480

Audit account management setting, 481

Audit directory service access setting, 481

audit events, domain controller, 108

Audit logon events policy, 482–483

Audit logon events setting, 481

Audit object access setting, 481, 484–485

Audit policy

creating, 482

Group Policy for, 497

Manage Auditing and Security Log right, 468

on Web server, 501

what to include in, 503

Audit policy change setting, 481

Audit privilege use setting, 481

Audit process tracking setting, 481

audit requirement analysis, 534–541

Audit system events setting, 481

auditing

of account logon events, 537–538

attack indicators and, 27

of Directory Service access events, 538

enabling in IIS, 392–396

enabling on CA server, 181–183, 187

of logon events, 535–537

of object access events, 539

overview of, 615

of policy change events, 540

policy for, 620

practices for data security, 511

of privilege use events, 538–539

of process tracking events, 540

requirements analysis, 534–535

of system events, 539

auditing data analysis, 485–486

auditing user account activity

analyzing auditing data, 485–486

Audit policy, creating, 482

Auditing settings, 480–481

logon events, 482–484

object access, 484–485

AUP (Acceptable Use Policy), 4–5

authentication

anonymous, 362–364

basic, 364–365

client design strategy, 639–640

client requirements analysis, 640–641

digest, 366–367

DLL for IIS security incident detection, 399

with EAP, 316

IEEE 802.1x, 347–348

IIS 6.0, 401

IIS certificate, 362–369, 400

IIS hardening and, 382

IIS RADIUS, 369–375

IIS user, 353–356

IIS Windows logon, 362–369

logical authentication strategy, designing, 165–167, 186–187

multifactor, 645

mutual, 647

network, 641–645

protocols for client access, 646–651

protocols overview, 671

protocols supported by IAS, 663–665

remotely managing wireless network, 348

selecting scope for users in trusts, 223–224

strategy for clients, 672

strong, 127

via SSL/TLS, 304, 305

for wireless networks, 328–336, 340

authentication data header, 261

Authentication Data, ESP authentication trailer, 263

authentication firewall, 224

Authentication Header (AH)

with ESP, 343

ESP vs., 259

function of, 339

IPSec modes and, 256–257, 260–261

IPSec packet protection with, 257–258

no confidentiality with, 263

authentication methods, 118, 254–255

authentication profiles, 658

authentication traffic digital signatures, 110–112

Author Mode, MMC, 201

authority delegation, 197–199

Authority Information Access (AIA), 168–169

authorization framework, IIS 6.0, 388–389

Authorization Manager snap-in, 533

authorization rules, role-based, 519

authorization, role-based, 519

auto-enrollment, CA, 181

Automated System Recovery (ASR)

vs. Emergency Management Console/Recovery Console, 621

when to use, 625

backup set, creating, 596–598

backup set, described, 595

automatic mode, IPSec driver, 279

Automatic Private IP Addressing (APIPA), 421

Automatic Teller Machine (ATM), 153

Automatic Updates, SUS, 632–633

autonomous system (AS), 420

autonomy, 488, 497–498

auto-static updates, 416