MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298
P
packet filtering, IP. see IP packet filtering
packet filtering, L2TP/PPTP, 438
Padding field, 262
Padding Length, 262
pagefile, 466
Passport. see Microsoft Passport Authentication
password authentication, 640
Password Authentication Protocol (PAP), 653
Password Complexity policy, 477478
Password must meet complexity requirements setting, 475
password policies
for authentication strategy, 166
configuration of, 496
designing, 462
settings, 474476
password security, 474480
account lockout policy, creating, 478480
important points about, 496
password complexity requirements, 477478
Password policy settings, 474476
user password tips, 476477
password-based attack, 247, 344
passwords
AD and, 145
random password generators, 398
RIP and, 417418
security and, 4344
security of, 457
for service accounts, 461
storage locations, 635
Store passwords using reversible encryption setting, 677678
strong, requirements of, 68
Syskey and, 635637
patch management. see also Software Update Services
Group Policy and, 632
overview of, 631
Software Update Services and, 632633
third-party tools for, 633634, 676
update testing and, 679680
PEAP with EAP-MS-CHAPv2, 330
PEAP with EAP-TLS, 330
peer limiting, 419
Perform Volume Maintenance Tasks right, 469
performance
EFS and, 554
IAS server, 375
SSL/TLS and, 387
Performance Monitor, 469
permission structure for data
AGUDLP strategy, 491492
combining/nesting groups, 493494
Domain Local groups, 492
domain/forest functional levels, 494495
Global groups, 492
Universal groups, 492493
permissions
assigning, 458460
default, for DNS Server Service, 299
default, in AD-Integrated zones, 300301
discretionary, 508
for DNS RRs in Active Directory, 302303
groups and, 516
overview of, 512
registry objects and, 552553
remote access, 657
scenario, 504505
for service accounts, 497
for user accounts, 496
Permit filter action, 270
permit mode, 279
persistent connections, 443
persistent IPSec policy, 282, 345
persistent policies, 278
personal identification number (PIN), 153
PFS (Master Key Perfect Forward Secrecy), 268
Phase I Security Association
authentication methods , 254255
Diffie-Hellman groups, 255256
IPSec encryption algorithms, 252253
IPSec hash algorithms, 253254
Phase II Security Association, 252, 256
physical policies, 4
physical security, 171, 342
Ping of Death, 15
PKI. see public key infrastructure
Point-to-Point Tunneling Protocol (PPTP)
firewalls and, 450451
vs. L2TP, 438, 447
VPNs and, 425433, 654
policies
acceptable use, 45
account, Security Templates and, 6769
audit, enabling on local machine, 394395
auditing, 620
local, Security Templates and, 6971
nesting, for security groups, 524525
network management, 200
overview of, 39
password/account, 145
physical/technical/administrative, 4
Recovery Agent, removing, 579580
remote access, 654662
Resultant Set of, 9
retirement, for security groups, 526
for security groups creation, 521522
settings, results review, 8285
Terminal Services single-session, 206
policy CAs, 185. see also intermediary CAs
policy change auditing setting, 481
policy change events, 540
policy negotiation, 252256
POP3 mail servers
authentication methods, 118
security levels, 117118
security overview, 116117
summary of services for, 129
template for, 131
port authentication, 312
ports
configuring for two-way trusts, 233
IIS hardening and, 382
network communications and, 447
PPTP/L2TP and, 448
Terminal Services, changing, 202204
Power On Self Test (POST), 603
PPTP. see Point-to-Point Tunneling Protocol
Pre-Boot eXecution Environment (PXE), 603
predefined filter actions, 270272
predefined filter lists, 269270
predefined IPSec policies. see default IPSec policies
predefined security templates. see security templates
Preferred Networks tab, 324325
pre-shared keys, 255, 282
print servers
configuring, 123
summary of services for, 129
template for, 131132
printing, 580587
privacy, 45, 261263
private data, 25
private key pair, 181184
private keys
file security and, 557
installing CA and, 174
key retrieval/recovery, 157
in PKI process, 154
in public key cryptography, 153
security of, 564565
privilege use, 481, 538539
process tracking, 481, 540
Profile Single Process right, 469
Profile System Performance right, 469
profiles, remote access, 657659
protocols
authentication, 671
Digest Authentication, 650
Kerberos, 646648
L2TP for VPN access, 433438
NTLM authentication, 648650
PPTP for VPNs, 425433
selecting for clients , 646647, 652654
Server 2003 user authentication, 639
SSL/TLS, 650651
supported by IAS, 663665
proxy servers, 244, 309
public data, 25
public key
digital certificates hold, 156
installing CA and, 174
in public key cryptography, 153
public key cryptography
described, 153
for digital certificates, 153154
public key infrastructure (PKI)
architecture of, 155158, 187188
basic concepts of, 152155
certificate distribution, designing, 172184
with Certificate Services, designing, 186
certification authority implementation, designing, 158165
design questions, 188190
designing security for CA servers, 167171
logical authentication strategy, designing, 165167
overview of, 152
review of, 319320
viability of, 344
for wireless network infrastructure, 327
WLAN network infrastructure requirement, 322
public key infrastructure X.509 (PKIX), 155
public key pair, 181184
Publishing Points ACL, 128
PXE (Pre-Boot eXecution Environment), 603