MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298
D
DACL. see Discretionary Access Control Lists
daily backup, 592
data
analysis for different types of, 2526
EFS encryption and, 557558
identifying valuable information, 245
permission structure for, 491495
practices for safeguarding, 591
data access control
groups, working with, 521534
overview of, 508509
resource access, 516521
reviewing access/ACLs, 511516
risk analysis, 509511
Data Administrators, 487, 497
Data Encryption Standard (DES), 253
Data Encryption Standard Extended (DESX), 558
data modification
as attack type, 247
DNS servers and, 121
threat to DNS, 294
threat to wireless networks, 317
Data Recovery Agent (DRA)
adding for local computer, 574577
adding with cipher.exe, 577579
configuring, 574
described, 555
policy, removing, 579580
data storage, 589590
data transmission security
port authentication for switches, 312
S/MIME, 309
segmented networks, 313
SMB signing, 309312
SSL/TLS, 303309
database settings, CA installation, 175176
DC. see domain controllers
DC Security.inf template
overview of, 5657
DC/DHCP servers, 143
domain controllers and, 130
Debug Programs right, 466
decentralized management model, 200
decryption. see Encrypted File System
default exemptions, 281
default IPSec policies
IP packet filtering, 272
IPSec rules, 264
list chart, 265266
netsh commands, 272273
predefined filter actions, 270272
predefined filter lists, 269270
view Server (Request Security), 267269
default lease period, Wi-Fi, 327
Default Locked down status, 388
default policy, remote access, 655
default security settings, 56
default security template, 5556
default trust relationship, 222
defense in depth, 198
delegated administrators, 487
delegated namespace, DNS, 295
delegation, 197199. see also groups
Delegation of Control Wizard, 530534
delegation strategy
delegation structure, selecting, 488490
example of, 502
important points about, 497498
isolation/autonomy, 487488
scenario, 504
Service/Data administrators, 487
delegation structure, 488490
Delta Certification Revoke List (Delta CRL), 157
demand dial routing
described, 446
between internal networks, 420423
OSPF and, 447
denial-of-service (DoS)
DNS servers and, 121
defined, 248
overview of, 1516
STRIDE and, 14
TCP SYN packet requests and, 45
threat to DNS, 294
threat to wireless networks, 317
Deny Access to This Computer from the Network right, 466
Deny Log On as a Batch Job right, 467
Deny Log On as a Service right, 467
Deny Log On Locally right, 467
Deny Log On through Terminal Services right, 467
DESX (Data Encryption Standard Extended), 558
device drivers, 468
DHCP. see Dynamic Host Configuration Protocol
diagnostic mode, IPSec driver, 278, 280
dial-up connection
security vs. VPNs, 447
IAS and, 665
differential backup, 593
Diffie-Hellman encryption. see also public key cryptography
Diffie, Whitman, 253
Diffie-Hellman (DH) group 1 (low), 282
Diffie-Hellman (DH) groups, 255256, 281
Diffie-Hellman encryption, 253
digest authentication
MD5 hash and, 403
overview of, 366367, 650, 672
WebDAV and, 386, 404
Windows logon with, 405
Digest Security, 385386
digital certificates, 153158
digital encryption, 110111
direct-dial remote access, 652
directory object, 466
Directory Service access event auditing, 538
Directory Services (DS)
access control strategy for, 454457
auditing setting for, 481
mapping, 356
risks to, 457458, 496
directory traversal vulnerability, 20
disabled mode, IPSec driver, 279
disaster recovery
best practices for, 598600
corporate business continuity and, 616
overview of, 616617
discretionary access control list (DACL)
in Active Directory-Integrated zones, 300301
described, 513
securing DNS Server Service and, 299
vs. SACL, 619
disk
based backup, 590
management, 510
volumes , data loss and, 509
Distributed Denial-of-Service, 1618
distribution group, 515
DLL, authentication, 399
DNS. see Domain Name Service
DNS Resource Records, 302303
DNS Server Service, 297300
DNS zones, 300302
Domain Admins group, 470, 489
Domain Controller Default security template, 5657
domain controllers (DCs)
anonymous access restriction, 109110
authentication traffic digital signatures, 110112
common threats to, 107108
configuration overview, 106107
configuring IAS on, 666669
DC security.inf and, 5657
L2TP and, 434
removable media access restriction, 108
summary of services for, 129
template application on, 8082
template for, 130
DC Security.inf template and, 143
securing DNS Server Service, 299
domain delegation structure, 489
domain functional levels
described, 498
Server 2003, 227230
with Windows Server 2000/2003, 494495
Windows Server 2003 domain functional level, 500
domain local groups
described, 516
function of, 491
nesting, 493
overview of, 519520
in permission structure, 492, 493, 498
Domain Name Service (DNS)
clients , 303
DNS Server Service, 297300
namespace, 295296
resource records, 302303
securing, 293295
security, 250
server log, 395
for wireless network infrastructure, 327
WLAN network infrastructure requirement, 322
zones, 300302
Domain Naming System (DNS) servers
DNS clients, securing, 303
threats to, 294295
configuring, 120122
summary of services for, 129
domain-based IPSec policy, 275276
domains
adding recovery agents for, 578579
functionality of, 229230
models for trust relationships, 221226
templates application with Group Policy Editor, 7780
trust relationships and, 217221
DoS. see Denial-of-Service
down-level clients, 7475, 226228
DRA. see Data Recovery Agent
DS. see Directory Services
dsmod.exe, 528
dump files, 614
Dumpel.exe, 486
<Dynamic> Default Response rule
in all IPSec policies, 264
disabling, 269270
removing, 293
Dynamic Host Configuration Protocol (DHCP)
RRAS and, 450
security, 249250
for WLAN network infrastructure, 326327
WLAN network infrastructure requirement, 322
Dynamic Host Configuration Protocol (DHCP) servers
configuring, 120
DC Security.inf template and, 143
summary of services for, 129
VPNs and, 451