Index - MCSE Designing Security for a Windows Server 2003 Network [Electronic resources] : Exam 70-298 Study Guide نسخه متنی

Index

C

CA administrator

approving certificates by, 179–180

request certificate from Web Enrollment Support, 177–179

revoking certificates by, 180–181

CA MMC console, 191

CA Web Enrollment Support

install/uninstall, 176

request certificate from, 177–179, 187

cache, DNS Server Service, 298

cell phones, 314

central processing unit (CPU), 305

certificate authority (CA). see also enterprise CAs

defined, 320

design factors to consider, 158–162

EFS and, 554, 616

enrollment and distribution, 177–179

exclude from certificate request, 283

geographical hierarchy, 162–163

installing on Windows Server 2003, 172–176

network trust hierarchy, 164–165

organizational hierarchy, 163–164

in PKI architecture, 156

in PKI process, 154–155

certificate authority (CA) servers

enabling auditing on, 181–183

securing enterprise hierarchy, 169–170

securing stand-alone CA, 170–171

threats against, 167–169

factors to consider, 161

trust hierarchies for, 162–165

certificate distribution

approving certificates by CA administrators, 179–180

enrollment and distribution, 177–179

installing CA on Windows Server 2003, 172–176

questions about, 190–191

renewal and auditing, 181–184

revoking certificates by CA administrators, 180–181

certificate policy and practice statements, 157

certificate repositories, PKI, 157

certificate request, 283

Certificate Revocation List (CRL)

EFS and, 565

function of, 320

offline CAs and, 168–169

defined, 157

Certificate Services

common threats against, 167–169

designing PKI that uses, 186

function of, 320

functionality of, 152

installing on Windows Server 2003, 172–176

on VPNs, 444

certificate template, 188

Certificate Trust List (CTL), 157

certificate, authentication, IIS, 399

certificate-based authentication, 422

certificates

approving certificates by CA administrators, 179–180

authentication, IIS, 356–362, 401

configuring L2TP RRAS to accept, 434–438

cross-certification of, 444

described, 254

EFS and, 580, 620, 624

EFS and third-party, 588

enrollment, 565–566

enterprise/stand-along CAs and, 160

function of, 319

PKI scalability and, 161

with private keys, backing up, 580–584

recovery agent, 554–555

renewal of, 565–566

request from CA Web Enrollment Support, 177–179

revoking certificates by CA administrators, 180–181

root CAs/subordinate CAs and, 159

RRAS and, 451–452

SGC, 387

storage, EFS and, 564–565

for wireless access authentication, 337

certutil.exe, 184, 185

Challenge Handshake Authentication Protocol (CHAP), 653, 678–679. see also Microsoft Challenge Handshake Authentication Protocol

Change the System Time right, 465

CIA triad, 6–8

cipher.exe, 566–569, 577–579, 616

Clear This Database check box, 137

Client (Respond Only) policy, 265, 284

client authentication, 308

client authentication settings, 60–61

client setting, SMB signing, 310–312

clients

authentication protocols, choosing, 646–651

authentication requirements analysis, 640–646

authentication strategy design, 639–640

DNS, securing, 303

down-level, configuring, 74–75

identifying non-current, 215–217

internal resource access for, 662

Network Access Quarantine Control and, 670

OS features, restricting access to, 637–639

OS hardening for, 629–637, 672

protocol selection for, 652–654

remote access account lockout and, 670

remote access plan overview, 651–652

remote access policy for, 654–662

security overview, 628–629, 671

using IAS for, 662–669

CM (Connection Manager), 438–439

CMAK (Connection Manager Administration Kit), 439

co-location, backup, 590

command-line tools

cipher.exe, 566–569

dsmod.exe, 528

GPUpdate command, 94–95

Hfnetchk.exe, 51–52

netsh, 668

secedit.exe, 51, 88–95, 140

common policy, remote access, 654

compat*.inf template

down-level clients and, 75

overview of, 57

server roles and, 131

compromised key attack, 248

computer account management plan, 165

computer forensics, 30

computer startup mode, IPSec driver, 278–279

computer-based authentication, Wi-Fi, 334–335

computers. see laptop computers; servers

conditions, remote access, 655–656

confidential data, 26

confidentiality, ESP, 263

/configure, 88–90

Configure Your Server Wizard

described, 141

for IIS, 113

using, 103–106

Connection Manager (CM), 438–439

Connection Manager Administration Kit (CMAK), 439

Connection Point Services (CPS), 438–439

connections

encrypted, SSL/TLS and. see Secure Socket Layer/Transport Layer Security

numbered/unnumbered, 421–422

persistent in extranets, 443

console redirection

EMS and, 602–603

service processor, 604

Windows, 604–605

content, 399, 404

Content Management Server (CMS), 399, 404

contexts, netsh.exe command, 272–273

control design strategy, 455

copy backup, 592

corruption, data, 510

CPS (Connection Point Services), 438–439

CPU (central processing unit), 305

Create a Pagefile right, 466

Create a Token Object right, 466

Create Global Objects right, 466

Create Permanent Shared Objects right, 466

CreateProcessAsUser, 469

credentials, basic authentication, 364

critical security updates, 41

CRL. see Certificate Revocation List

cross certificate, 164–165

CryptoAPI (cryptography application programming interface), 554

Cryptographic API (Crypto API), 387

cryptographic service provider (CSP)

described, 565

installing CA and, 174

securing stand-alone CA, 170–171

shut down, 189

cryptography, 386–388

CSP. see cryptographic service provider

CTL (Certificate Trust List), 157

custom policy, remote access, 655