MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298

2017-07-07 02:10:07

S

S/MIME, Secure/Multipurpose Internet Mail Extensions

SA (Security Association), 252256, 286

SAC (Special Administration Console) environment, 605606, 625

SACL. see system access control list

safeguards, 8, 25

SAM (Security Account Manager), 641

scalability, Windows Server 2003 PKI, 161

scheduling priority, 468

scopes, DHCP, 326

scripts, 9596

SEA (Spokesman Election Algorithm), 315

secedit.exe

described, 51, 140

registry objects permissions and, 552553

overview of, 138139

in scripts, 9596

for settings reset, 139

streaming media servers and, 148

USER_RIGHTS and, 144145

using, 8895

secret data, 26

secure boundaries, 243244

Secure cache against pollution option, 298

secure dynamic updates, 300

Secure Hash Algorithm 1 (SHA1), 190, 253, 254, 304

secure mode, IPSec driver, 279

Secure Shell (SSH), 607

Secure Sockets Layer (SSL)

security certificates, 404

configuring IIS to use, 306308

in IIS, 356

NNTP security and, 384

Secure Sockets Layer/Transport Layer Security (SSL/TLS)

configuring, 305308

described, 303304

firewalls and, 309

pros/cons of, 305

server-gated cryptography and, 386387

overview of, 650651

secure templates, 5759

secure*.inf template

hisec*.inf comparison, 62

IIS 6.0 and, 130131

modifying, 142

overview of, 5759

server roles and, 131

SMB signing required in, 309

Secure/Multipurpose Internet Mail Extensions (S/MIME)

for e-mail security, 308, 309

PKI and, 156

securedc.inf template

for domain controllers, 107, 130

Kerberos and, 144

registry objects permissions and, 552

security. see also Active Directory security; network infrastructure security

best practices, 89, 140

for CA servers, 166171, 185

deployment with scripts, 9596

for interoperability, 226228

logical authentication strategy, 165167

vs. privacy, 45

update infrastructure, designing, 210217

vs. usability, 6, 141

security access token buffer, 520

Security Account Manager (SAM), 641

Security Association (SA), 252256, 286

security awareness, 1213

security boundary, 221

Security Configuration and Analysis snap-in

adding, 6466

described, 140

function of, 142143

overview of, 51, 138

registry objects permissions and, 552553

for review of settings, 8588

secure*.inf and, 144

Windows NT 4.0 and, 143

Security Configuration Manager. see Security Configuration Tool Set

Security Configuration Tool Set

described, 140

overview of, 5152, 138

Security Configuration Manager and, 142

Security Extensions to Group Policy

described, 140

overview of, 51, 138139

security groups. see groups, security

security incidents, responding to

attack indicators, recognizing, 27

network services, recovering, 31

overview of, 26

response plan, creating, 2830

Security log

event types, 396397

Generate Security Audits right and, 467

logon events in, 483

security negotiation, 270271

Security Parameter Index (SPI), 261, 262

security policies, 245246. see also policies

Security Policy Editor, 205

security principal, 454

Security Template snap-in, 310

adding, 6466

overview of, 138

secure*.inf template and, 142

security templates

application on domain controllers, 8082

applying, 141

best practices for, 5253

configuring, 6674

and console, saving, 67

defining baseline, 5052

deployment overview, 7576

described, 140

incremental, 102

modifying baseline according to server roles, 129137

overview of, 139

predefined, 140, 141

recommended for server roles, 130132

secure, overview of, 5759

SMB signing and, 309310

security templates, deploying

overview of, 7576

using Group Policy, 7680

on DCs, 8082

result of, 82

using RSoP MMC snap-in, 8385

using secedit.exe, 8895

using Security Configuration and Analysis, 8588

security threats

predicting network, 1315

recognizing external, 1521

recognizing internal, 1213

security updates, 41. see also Software Update Services

security*.inf, 5557

SECURITYPOLICY, 89

segmented namespace, DNS, 296

segmented networks, 313

Selectable Cryptographic Service Provider, 387388, 407

Selective Authentication, 224, 233

Sequence Number, 261, 262

Server (Request Security) policy

described, 265266

as high security default policy, 284

properties of, 287, 288

as standard security policy, 284

viewing, 267269

Server (Require Security) policy, 266

server authentication settings, 6061

server certificates, 400, 404

Server Message Block (SMB)

signing, 309312, 346

EFS and, 557

secure*.inf and, 59

server roles

common, 100101

defining/implementing/securing, 101102

described, 141

overview of, 99100

server security, function based

best practices for, 102106, 141

default settings, reapplying, 5666

DHCP servers, 120

DNS servers, 120122

domain controllers configuration, 106112

down-level clients , configuring, 7475

file/print/member servers, 123

high-profile servers, 141

IIS role, 112116

modifying baseline templates according to role, 129132

multiple OSs and GPMC, 9798

network infrastructure servers, 118119

overview of, 50

policy settings, reviewing result of, 8285

POP3 mail servers configuration, 116118

RAS servers, 125127

security application across enterprise, 132137

security deployment with scripts, 9596

security settings review, 8588

Server 2003 templates, 5356

server roles, 99102

streaming media servers, 128

template application on domain controllers, 8082

template deployment overview, 7576

templates, best practices for, 5253

templates, configuring, 6674

templates, defining baseline, 5052

terminal servers, 123125

using Group Policy to deploy settings, 7680

using secedit.exe, 8895

WINS servers, 122123

server setting, SMB signing, 310312

Server-Gated Cryptography (SGC), 386387

servers

headless, 607

IIS, risks to/hardening, 381383

security of, 501502

SUS, 213214

service accounts, 460461, 497

Service Administrators, 487, 497

service processor, 604, 610

service ticket, 472

SERVICES, 89

services, clients, 629630, 672

session ticket, 472

settings, security

deploying with Group Policy, 7680

reapplying default, 5666

review of, 8588

Setup security.inf template

described, 140

IIS 6.0 and, 130

overview of, 5556, 139

server roles and, 131

SGC (Server-Gated Cryptography), 386387

SHA1. see Secure Hash Algorithm 1

share permissions, 455456, 496

shared key authentication, 328

Shiva Password Authentication Protocol (SPAP), 653

shortcut trusts, 225226, 234235, 236

Shut Down the System right, 469

shut down, CA server, 168

shutdown, 467

signature algorithm, 154

Simple Mail Transport Protocol (SMTP), 116, 385

single namespace, 295

single-session policy, 206

Single Sign-on, 640, 643

smart cards

for CA authentication strategy, 166

for CA security, 171, 185

enterprise CAs and, 160

wireless network authentication and, 348

SMB. see Server Message Block

SMS (Systems Management Server), 216, 633634

SMTP (Simple Mail Transport Protocol), 116, 385

sniffer attack, 248

social engineering attacks, 20, 4344, 196, 248249

software

GPOs for deployment of, 213215

of network infrastructure, 243

restriction policies for Terminal Services, 206

for security updates, 211213

vulnerabilities, network security threats and, 1920

Software Update Services (SUS)

application updates and, 673

design overview, 210211, 232

identifying non-current clients, 215217

for patch management, 632633

rebooting and, 236

server requirements, 674

vs. SMS, 634

for software, 211213

for software, using GPOs for deployment, 213215

Solicited Remote Assistance, 207

SPAP (Shiva Password Authentication Protocol), 653

Special Administration Console (SAC) environment, 605606, 625

special identities, 512

SPI (Security Parameter Index), 261, 262

Spokesman Election Algorithm (SEA), 315

spoofing

identity described, 14

recognizing indicators of, 41

threat to wireless networks, 317

SQL access, 308

SSH (Secure Shell), 607

SSL. see Secure Sockets Layer

SSL/TLS. see Secure Socket Layer/Transport Layer Security

stand-alone CAs

certificate template in, 188

certificates and, 160

issue certificates, 186

as root CA, 168

scalability of, 161

securing, 170171

defining, 158

standard security policies

based on risk, 245246

when to use, 284

startrom.com, 605

startup and recovery options

disaster recovery and, 600

for safeguarding data, 591, 592

startup options, 612614

stateful filtering, 282

stateful mode, 279

static routes, 415416

Store passwords using reversible encryption setting, 475476

Streaming Media servers

configuring, 128

and internal users, 148

summary of services for, 129

template for, 132

STRIDE, 1415

striped set with parity. see RAID-5

strong authentication, RAS, 127

sub-authentication component, 364, 404

subordinate CA, 159

summarization routes, 415416, 449450

SUS. see Software Update Services (SUS)

switches, 312

symmetric encryption, 153

symmetric keys, 304

SYN flood, 15

/sync, 95

Synchronize Directory Service Data right, 469

Syskey utility, 634637

system access control list (SACL)

described, 513

auditing setting for, 481

vs. DACL, 619

object access events and, 539

system clock, 465, 472

system events auditing, 481, 539

System log, 396

System Management Server (SMS), 216, 633634

system root security template, 6263

System Services Policies, 72

system state, 594

S

Категории