لطفا منتظر باشید ...
Index
D
DACL. see Discretionary Access Control Listsdaily backup, 592
dataanalysis for different types of, 25–26
EFS encryption and, 557–558
identifying valuable information, 245
permission structure for, 491–495
practices for safeguarding, 591
data access controlgroups, working with, 521–534
overview of, 508–509
resource access, 516–521
reviewing access/ACLs, 511–516
risk analysis, 509–511
Data Administrators, 487, 497
Data Encryption Standard (DES), 253
Data Encryption Standard Extended (DESX), 558
data modificationas attack type, 247
DNS servers and, 121
threat to DNS, 294
threat to wireless networks, 317
Data Recovery Agent (DRA)adding for local computer, 574–577
adding with cipher.exe, 577–579
configuring, 574
described, 555
policy, removing, 579–580
data storage, 589–590
data transmission securityport authentication for switches, 312
S/MIME, 309
segmented networks, 313
SMB signing, 309–312
SSL/TLS, 303–309
database settings, CA installation, 175–176
DC. see domain controllers
DC Security.inf templateoverview of, 56–57
DC/DHCP servers, 143
domain controllers and, 130
Debug Programs right, 466
decentralized management model, 200
decryption. see Encrypted File System
default exemptions, 281
default IPSec policiesIP packet filtering, 272
IPSec rules, 264
list chart, 265–266
netsh commands, 272–273
predefined filter actions, 270–272
predefined filter lists, 269–270
view Server (Request Security), 267–269
default lease period, Wi-Fi, 327
Default Locked down status, 388
default policy, remote access, 655
default security settings, 56
default security template, 55–56
default trust relationship, 222
defense in depth, 198
delegated administrators, 487
delegated namespace, DNS, 295
delegation, 197–199. see also groups
Delegation of Control Wizard, 530–534
delegation strategydelegation structure, selecting, 488–490
example of, 502
important points about, 497–498
isolation/autonomy, 487–488
scenario, 504
Service/Data administrators, 487
delegation structure, 488–490
Delta Certification Revoke List (Delta CRL), 157
demand dial routingdescribed, 446
between internal networks, 420–423
OSPF and, 447
denial-of-service (DoS)DNS servers and, 121
defined, 248
overview of, 15–16
STRIDE and, 14
TCP SYN packet requests and, 45
threat to DNS, 294
threat to wireless networks, 317
Deny Access to This Computer from the Network right, 466
Deny Log On as a Batch Job right, 467
Deny Log On as a Service right, 467
Deny Log On Locally right, 467
Deny Log On through Terminal Services right, 467
DESX (Data Encryption Standard Extended), 558
device drivers, 468
DHCP. see Dynamic Host Configuration Protocol
diagnostic mode, IPSec driver, 278, 280
dial-up connectionsecurity vs. VPNs, 447
IAS and, 665
differential backup, 593
Diffie-Hellman encryption. see also public key cryptography
Diffie, Whitman, 253
Diffie-Hellman (DH) group 1 (low), 282
Diffie-Hellman (DH) groups, 255–256, 281
Diffie-Hellman encryption, 253
digest authenticationMD5 hash and, 403
overview of, 366–367, 650, 672
WebDAV and, 386, 404
Windows logon with, 405
Digest Security, 385–386
digital certificates, 153–158
digital encryption, 110–111
direct-dial remote access, 652
directory object, 466
Directory Service access event auditing, 538
Directory Services (DS)access control strategy for, 454–457
auditing setting for, 481
mapping, 356
risks to, 457–458, 496
directory traversal vulnerability, 20
disabled mode, IPSec driver, 279
disaster recoverybest practices for, 598–600
corporate business continuity and, 616
overview of, 616–617
discretionary access control list (DACL)in Active Directory-Integrated zones, 300–301
described, 513
securing DNS Server Service and, 299
vs. SACL, 619
diskbased backup, 590
management, 510
volumes, data loss and, 509
Distributed Denial-of-Service, 16–18
distribution group, 515
DLL, authentication, 399
DNS. see Domain Name Service
DNS Resource Records, 302–303
DNS Server Service, 297–300
DNS zones, 300–302
Domain Admins group, 470, 489
Domain Controller Default security template, 56–57
domain controllers (DCs)anonymous access restriction, 109–110
authentication traffic digital signatures, 110–112
common threats to, 107–108
configuration overview, 106–107
configuring IAS on, 666–669
DC security.inf and, 56–57
L2TP and, 434
removable media access restriction, 108
summary of services for, 129
template application on, 80–82
template for, 130
DC Security.inf template and, 143
securing DNS Server Service, 299
domain delegation structure, 489
domain functional levelsdescribed, 498
Server 2003, 227–230
with Windows Server 2000/2003, 494–495
Windows Server 2003 domain functional level, 500
domain local groupsdescribed, 516
function of, 491
nesting, 493
overview of, 519–520
in permission structure, 492, 493, 498
Domain Name Service (DNS)clients, 303
DNS Server Service, 297–300
namespace, 295–296
resource records, 302–303
securing, 293–295
security, 250
server log, 395
for wireless network infrastructure, 327
WLAN network infrastructure requirement, 322
zones, 300–302
Domain Naming System (DNS) serversDNS clients, securing, 303
threats to, 294–295
configuring, 120–122
summary of services for, 129
domain-based IPSec policy, 275–276
domainsadding recovery agents for, 578–579
functionality of, 229–230
models for trust relationships, 221–226
templates application with Group Policy Editor, 77–80
trust relationships and, 217–221
DoS. see Denial-of-Service
down-level clients, 74–75, 226–228
DRA. see Data Recovery Agent
DS. see Directory Services
dsmod.exe, 528
dump files, 614
Dumpel.exe, 486
<Dynamic> Default Response rulein all IPSec policies, 264
disabling, 269–270
removing, 293
Dynamic Host Configuration Protocol (DHCP)RRAS and, 450
security, 249–250
for WLAN network infrastructure, 326–327
WLAN network infrastructure requirement, 322
Dynamic Host Configuration Protocol (DHCP) serversconfiguring, 120
DC Security.inf template and, 143
summary of services for, 129
VPNs and, 451
