MCSE: Windows(r) Server 2003 Network Security Design Study Guide (70-298)
Chapter 2: Identifying and Designing for Potential Security Threats
- Figure 2.1: Telnet session to Exchange Server 2003
- Figure 2.2: Telnet Session to IIS 4.0
- Figure 2.3: Telnet Session to IIS 6.0
- Figure 2.4: The Event Viewer
- Figure 2.5: An example of the net share output
- Figure 2.6: Task Manager
- Figure 2.7: Tasklist output
- Figure 2.8: A bastion host
- Figure 2.9: A three-pronged configuration
- Figure 2.10: A back-to-back configuration
Chapter 3: Designing Network Infrastructure Security
- Figure 3.1: The usual place for SSL in a network infrastructure.
- Figure 3.2: Enabling PPP encryption on Windows Server 2003
- Figure 3.3: The policy settings for IPSec on Windows Server 2003
- Figure 3.4: Creating IPSec rules on Windows Server 2003
- Figure 3.5: Filtering IP addresses using the IP Address And Domain Name Restrictions dialog box
- Figure 3.6: Filtering IP packets using the TCP/IP Filtering dialog box
- Figure 3.7: Selecting the Store Password Using Reversible Encryption option
- Figure 3.8: Various demand-dial connection types that can be used for the demand-dial interface
- Figure 3.9: Setting up caller ID and callback.
- Figure 3.10: Configuring WEP keys in Windows Server 2003
- Figure 3.11: The wireless network policy settings container
- Figure 3.12: The Wireless Networks tab on the wireless network’s Properties dialog box
- Figure 3.13: Enabling 802.1x on a client
- Figure 3.14: Enabling PEAP for 802.1x authentication
- Figure 3.15: Enabling PEAP on Windows Server 2003
- Figure 3.16: Network layout with an open access point
Chapter 4: Designing an Authentication Strategy for Active Directory
- Figure 4.1: LC4 password recovery
- Figure 4.2: Transitive trust model
- Figure 4.3: User Rights Assignment
Chapter 5: Designing an Access Control Strategy for Network Resources
- Figure 5.1: The net share command
- Figure 5.2: Viewing shared folders in Computer Management
- Figure 5.3: The Advanced Attributes dialog box
- Figure 5.4: The Registry Editor
Chapter 6: Designing a Public Key Infrastructure with Certificate Services
- Figure 6.1: How PKI works when applied to SSL
- Figure 6.5: The Details tab of the Certificate dialog box
- Figure 6.2: The Content tab of the Internet Options dialog box
- Figure 6.3: The Trusted Root Certification Authorities tab of the Certificates dialog box
- Figure 6.4: The General tab of the Certificate dialog box
- Figure 6.6: Warning in Internet Explorer
- Figure 6.7: Client requesting certificate from the server
- Figure 6.8: Client verifies certificate signature and uses public key to encrypt response.
- Figure 6.9: An encrypted response with the session key is sent to the server.
- Figure 6.10: A two-tier hierarchy
- Figure 6.11: A three-tier hierarchy
- Figure 6.12: Web-based certificate administration
- Figure 6.13: The Automatic Certificate Request Setup Wizard
- Figure 6.14: The automatic certificate request settings in the Group Policy Editor
- Figure 6.15: The Autoenroll setting on the Security tab
- Figure 6.16: The Security tab of a CA server Properties dialog box
- Figure 6.17: The Certificate Managers Restrictions tab
Chapter 7: Designing Security for Internet Information Services
- Figure 7.1: Selecting the IIS services to install through Windows Component Wizard’s Internet Information Services (IIS) dialog box
- Figure 7.2: Prohibiting or Allowing Web Service Extensions.
- Figure 7.3: Setting authentication mechanisms in the Authentication Methods dialog box
- Figure 7.4: Requiring client certificates to access the website
- Figure 7.5: Mapping your certification using the Account Mappings dialog box
- Figure 7.6: Enabling logging through the Web Site tab
- Figure 7.7: The Advanced tab of the Logging Properties dialog box is where you can configure additional information to log.
- Figure 7.8: Configuring the audit policy
Chapter 8: Designing Security for Servers with Specific Roles
- Figure 8.1: Security Templates MMC snap-in
- Figure 8.2: Security Templates World Wide Web Publishing Service properties
- Figure 8.3: User Rights Assignment
- Figure 8.4: Do Not Store LAN Manager Hash Value On Next Password Change Setting dialog
- Figure 8.5: Sample OU design for Group Policy
- Figure 8.6: DNS zone SRV records
- Figure 8.7: Zone Transfers tab
- Figure 8.8: Dynamic updates via the General tab
- Figure 8.9: Proper DNS caching process
- Figure 8.10: Compromised process
- Figure 8.11: DNS server properties
Chapter 9: Designing an Infrastructure for Updating Computers
- Figure 9.1: Example OU hierarchy for application of Group Policy based on operating system
- Figure 9.2: Example OU hierarchy for application of Group Policy based on computer type
- Figure 9.3: OU Model with security groups for computer function.
- Figure 9.4: Computer Properties dialog box
- Figure 9.5: Setting the default security level
- Figure 9.6: The Enforcement Properties dialog box
- Figure 9.7: The Designated File Types Properties dialog box
- Figure 9.8: The Trusted Publishers Properties dialog box
- Figure 9.9: The New Hash Rule dialog box
- Figure 9.10: Administrative templates
- Figure 9.11: The Explain tab for the Remove File Menu From Windows Explorer Properties dialog box
- Figure 9.12: The Do Not Allow Windows Messenger To Be Run Properties dialog box
- Figure 9.13: Software Update Services administrative website
- Figure 9.14: The Default Web Site Properties dialog box
- Figure 9.15: The Synchronize Server page
- Figure 9.16: SUSAdmin Approve Updates page
- Figure 9.17: The Configure Automatic Updates Properties dialog box
- Figure 9.18: Specify Intranet Microsoft Update Service Location
- Figure 9.19: The Automatic Updates tab
- Figure 9.20: MBSA manual scan interface
- Figure 9.21: MBSA security report
Chapter 10: Designing Secure Network Management Infrastructure
- Figure 10.1: The MMC console
- Figure 10.2: Enabling Remote Desktop for Administration
- Figure 10.3: Warning about users without a password
- Figure 10.4: Setting the encryption level for the RDP protocol
- Figure 10.5: The Remote tab of the System Properties dialog box
- Figure 10.6: The Remote Assistance Settings dialog box
- Figure 10.7: Telnet to a Windows Server 2003 machine
- Figure 10.8: Special Administration Console
- Figure 10.9: Direct serial connection
- Figure 10.10: Remote EMS through a modem
- Figure 10.11: Using a terminal concentrator
- Figure 10.12: Intelligent UPS setup