tables, routing, 414–415
Take Ownership of Files or Other Objects right, 470
tampering with data, 14
Task Scheduler, 465
TCP ports, 290–291
technical constraints analysis
existing infrastructure capabilities, 32–34
technology limitations, identifying, 34
technical policies, 4
technology limitations, 34
Telnet, 208
templates, baseline, 129–132
templates, security. see security templates
terminal concentrators, 607
Terminal Servers
configuring, 123–125
network security management and, 201–204
to remotely manage IPSec, 283
securing, 147
summary of services for, 129
template for, 132
Terminal Services (TS)
IAS access and, 374
Audit logon events policy and, 483
user rights assignments and, 464, 465, 467
text-mode setup, 605
third-party encryption, 588, 620
third-party tools for patch management, 216–217, 633–634, 676
threat prediction, 13–26
threats
against CA servers, 167–169, 185
common types of attacks, 247–249
to DNS servers, 294–295
to domain controllers, 107–108
password-based attack, 344
to wireless networks, 317–318
three-tier CA model
described, 185
described/examples of, 162–165
securing enterprise hierarchy, 169–170
tickets, Kerberos, 647–648
time limit, account usage, 166
timestamps, 648
token object, 466
tools. see also command-line tools
administrative, securing, 200, 231
MMC, 201
for patch management, 216–217
Remote Assistance, 207–208
Remote Desktop for Administration, 205–206
for securing administrators, 197–199
Syskey utility, 634–635
Telnet, 208
Terminal Server, 201–204
third-party for patch management, 633–634, 676
traffic, authentication, 110–111
transitive trust, 217, 219–222
Transport Layer Security (TLS). see also Secure Sockets Layer/Transport Layer Security
PKI and, 156
uses HMAC, 304
transport mode
with Authentication Header, 257
described, 256
with ESP, 258
ESP in, 261
IP packet with AH in, 260
Triple Data Encryption Standard (3DES)
described, 253
EFS and, 558
L2TP and, 438
trust hierarchies
geographical, 162–163
network, 164–165
organizational, 163–164
three-tier CA, 162
trust relationships
designing, 232–233
digest authentication and, 367
between domains/forests, overview of, 217–221
forest/domain functionality, 229–230
forest/domain models for, 221–226
security for interoperability in, 226–228
Trusted for delegation setting, 467
trusts
PKI system dependent, 152
security of, 500
Windows Server 2003 upgrade and, 500
TS. see Terminal Servers
tunnel mode
with Authentication Header, 258
described, 256–257
with ESP, 259
IP packet with AH in, 261
two-way trust, 219–221