| About This Book xv | |
| CHAPTER 1 Group Policy | 1 |
| About This Chapter | 1 |
| Before You Begin | 2 |
| Lesson 1: Active Directory and Group Policy | 3 |
| Understanding Active Directory Structures | 3 |
| Practice: Designing an Active Directory Hierarchy | 5 |
| Lesson Review | 7 |
| Lesson Summary | 7 |
| Lesson 2: Configuring Group Policy | 8 |
| Understanding Group Policy | 8 |
| Managing Group Policy | 13 |
| Practice: Managing Group Policy | 16 |
| Lesson Review | 26 |
| Lesson Summary | 26 |
| Lesson 3: Configuring Client Computer Security Policy | 27 |
| Using Client-Side Group Policy Configuration | 27 |
| Configuring Group Policy by Type of Worker | 28 |
| Configuring Internet Explorer Using Group Policy | 29 |
| Practice: Configuring Group Policy for Clients | 31 |
| Lesson Review | 43 |
| Lesson Summary | 44 |
| Lesson 4: Troubleshooting Group Policy Application | 45 |
| Understanding Typical Group Policy Application Problems | 45 |
| Understanding Windows NT 4 Domain Migration Issues | 47 |
| Anticipating Problems Relating to Windows NT 4 Trust Relationships | 48 |
| Practice: Troubleshooting the Application of Group Policy | 48 |
| Lesson Review | 51 |
| Lesson Summary | 51 |
| Lesson 5: Security Limitations | 52 |
| Understanding the Role of Group Policy in Network Security | 52 |
| Practice: Circumventing the Security Limitations of Group Policy | 53 |
| Lesson Review | 55 |
| Lesson Summary | 55 |
| CHAPTER 2 User Accounts and Security Groups | 57 |
| About This Chapter | 57 |
| Before You Begin | 58 |
| Lesson 1: Creating Local User Accounts and Security Groups | 59 |
| Managing User Accounts | 59 |
| Managing Security Groups | 62 |
| Authenticating a User on a Local Computer | 64 |
| Practice: Creating User Accounts and Security Groups | 69 |
| Lesson Review | 72 |
| Lesson Summary | 73 |
| Lesson 2: Working with Active Directory Domain Accounts and Security Groups | 74 |
| Working with Domains | 74 |
| Authenticating Domain User Accounts | 75 |
| Using Domain Security Groups Effectively | 81 |
| Practice: Creating User Accounts and Security Groups | 85 |
| Lesson Review | 89 |
| Lesson Summary | 90 |
| CHAPTER 3 Restricting Accounts, Users, and Groups | 91 |
| About This Chapter | 91 |
| Before You Begin | 92 |
| Lesson 1: Understanding Account Policies | 93 |
| Applying Account Policies | 93 |
| What Are the Account Policy Settings? | 94 |
| Practice: Configuring Account Policies | 100 |
| Lesson Review | 103 |
| Lesson Summary | 103 |
| Lesson 2: Managing User Rights | 104 |
| Assigning User Rights | 104 |
| Practice: Modifying User Rights | 105 |
| Lesson Review | 108 |
| Lesson Summary | 108 |
| Lesson 3: Controlling Access Through Restricted Groups | 109 |
| Applying Restricted Group Settings | 109 |
| Practice: Creating a Restricted Group | 110 |
| Lesson Review | 112 |
| Lesson Summary | 112 |
| Lesson 4: Administering Security Templates | 113 |
| Understanding the Purpose of Security Templates | 114 |
| Why Use Predefined Security Templates? | 115 |
| Managing Security Templates | 116 |
| Practice: Managing Security Templates | 118 |
| Lesson Review | 129 |
| Lesson Summary | 130 |
| CHAPTER 4 Account-Based Security | 131 |
| About This Chapter | 131 |
| Before You Begin | 132 |
| Lesson 1: Managing File System Permissions | 133 |
| Managing Permissions-Based Security | 133 |
| Establishing Permissions Best Practices | 140 |
| Troubleshooting Permissions Problems | 142 |
| Practice: Securing Files and Folders | 144 |
| Lesson Review | 151 |
| Lesson Summary | 151 |
| Lesson 2: Implementing Share Service Security | 153 |
| Understanding Share Security | 153 |
| Managing Shares and Share Security | 155 |
| Share Security Best Practices | 156 |
| Practice: Applying Shares and Share Permissions | 156 |
| Lesson Review | 160 |
| Lesson Summary | 160 |
| Lesson 3: Using Audit Policies | 161 |
| Which Security Mechanisms Are Used in Auditing? | 161 |
| Managing Auditing | 163 |
| Practice: Enabling Auditing | 165 |
| Lesson Review | 170 |
| Lesson Summary | 171 |
| Lesson 4: Including Registry Security | 172 |
| Why Use Registry Security? | 172 |
| Editing the Registry | 173 |
| Practice: Exploring the Registry | 174 |
| Lesson Review | 176 |
| Lesson Summary | 176 |
| CHAPTER 5 Certificate Authorities | 177 |
| About This Chapter | 177 |
| Before You Begin | 177 |
| Lesson 1: Understanding Certificates | 178 |
| How Encryption Works | 178 |
| Verifying Identities with Digital Signatures | 180 |
| Combining Encryption and Certificates | 181 |
| Lesson Review | 187 |
| Lesson Summary | 188 |
| Lesson 2: Installing Windows 2000 Certificate Services | 189 |
| Installing Certificate Authorities | 189 |
| Best Practices | 194 |
| Practice: Establishing a CA Hierarchy | 195 |
| Lesson Review | 201 |
| Lesson Summary | 201 |
| Lesson 3: Maintaining Certificate Authorities | 202 |
| Revoking Certificates | 202 |
| Issuing Certificates | 203 |
| Backing Up and Restoring CAs | 203 |
| Practice: Managing CAs | 206 |
| Lesson Review | 211 |
| Lesson Summary | 211 |
| CHAPTER 6 Managing a Public Key Infrastructure | 213 |
| About This Chapter | 213 |
| Before You Begin | 213 |
| Lesson 1: Working with Computer Certificates | 214 |
| Understanding the Purpose of Computer Certificates | 214 |
| Identifying How a Certificate Is Used | 214 |
| Using Certificate Templates | 215 |
| Deploying Computer Certificates | 216 |
| Practice: Using Two Methods to Deploy Computer Certificates | 218 |
| Lesson Review | 223 |
| Lesson Summary | 223 |
| Lesson 2: Deploying User Certificates | 224 |
| Deploying Certificates to Users | 224 |
| Moving Certificates | 227 |
| Practice: Deploying and Moving Certificates | 229 |
| Lesson Review | 235 |
| Lesson Summary | 236 |
| Lesson 3: Using Smart Card Certificates | 237 |
| Using Smart Cards | 237 |
| Issuing Smart Cards | 239 |
| Modifying the Smart Card Removal Behavior Policy | 241 |
| Troubleshooting Smart Card Enrollment | 243 |
| Practice: Deploying a Smart Card | 244 |
| Lesson Review | 251 |
| Lesson Summary | 252 |
| Lesson 4: Deploying S/MIME Certificates | 253 |
| How S/MIME Certificates Are Used | 253 |
| Troubleshooting S/MIME Deployment | 254 |
| Practice: Sending Digitally Signed Email | 254 |
| Lesson Review | 258 |
| Lesson Summary | 258 |
| CHAPTER 7 Increasing Authentication Security | 259 |
| About This Chapter | 259 |
| Before You Begin | 259 |
| Lesson 1: Supporting Earlier Versions of Windows Clients | 260 |
| Authentication Basics | 260 |
| Windows 2000 Network Authentication | 261 |
| Creating a Secure Environment | 263 |
| Practice: Enabling a Secure Mixed-Client Environment | 264 |
| Lesson Review | 268 |
| Lesson Summary | 268 |
| Lesson 2: Supporting Macintosh Clients | 269 |
| Supporting Macintosh Computers Securely | 269 |
| Practice: Enabling Macintosh Clients to Access Windows 2000 Servers | 270 |
| Lesson Review | 277 |
| Lesson Summary | 278 |
| Lesson 3: Trust Relationships | 279 |
| Understanding Trust Relationships | 279 |
| Managing External Trust Relationships | 280 |
| Practice: Creating an External Trust Relationship | 280 |
| Lesson Review | 284 |
| Lesson Summary | 285 |
| CHAPTER 8 IP Security | 287 |
| About This Chapter | 287 |
| Before You Begin | 288 |
| Lesson 1: Configuring IPSec Within a Domain | 289 |
| Understanding the IPSec Basics | 289 |
| IPSec in Windows 2000 | 291 |
| Distributing IKE Secret Keys | 292 |
| IPSec Within a Private Network | 292 |
| Determining IP Security Method by Server Role | 292 |
| Practice: Enabling IPSec Between Domain Members | 294 |
| Lesson Review | 301 |
| Lesson Summary | 302 |
| Lesson 2: Configuring IPSec Between Untrusted Networks | 303 |
| Providing a Secret Key | 303 |
| What Are the IPSec Exceptions? | 305 |
| Practice: Creating a Simple Encrypted Tunnel Between Domains | 305 |
| Lesson Review | 319 |
| Lesson Summary | 319 |
| Lesson 3: Configuring IPSec on Internet Servers | 320 |
| Using Certificates to Distribute IPSec Secret Keys | 320 |
| Practice: Using Certificates to Exchange IKE Secret Keys | 321 |
| Lesson Review | 329 |
| Lesson Summary | 329 |
| Lesson 4: Troubleshooting IPSec Configuration | 330 |
| Why IPSec Might Fail | 330 |
| Practice: Troubleshooting IPSec Communications | 333 |
| Lesson Review | 336 |
| Lesson Summary | 336 |
| CHAPTER 9 Remote Access and VPN | 339 |
| About This Chapter | 339 |
| Before You Begin | 340 |
| Lesson 1: Securing RRAS Servers | 341 |
| Understanding RRAS Security | 341 |
| Configuring a New RRAS Server | 344 |
| Managing RRAS Security Options | 345 |
| Practice: Securing RRAS Servers | 346 |
| Lesson Review | 350 |
| Lesson Summary | 351 |
| Lesson 2: Managing RRAS Authentication | 352 |
| Configuring Windows RRAS Authentication | 352 |
| Using RADIUS and IAS | 353 |
| Configuring RADIUS Authentication | 355 |
| Practice: Configuring RRAS Authentication and an IAS Server | 355 |
| Lesson Review | 363 |
| Lesson Summary | 364 |
| Lesson 3: Securing Remote Clients | 365 |
| Managing Remote Access Policy | 365 |
| Using the Connection Manager Administration Kit | 368 |
| Using Connection Manager | 370 |
| Practice: Securing Remote Clients | 371 |
| Lesson Review | 380 |
| Lesson Summary | 380 |
| Lesson 4: Securing Communications Using a VPN | 381 |
| Understanding Virtual Private Networks | 381 |
| Configuring VPN Protocols | 382 |
| Practice: Configuring and Troubleshooting VPN Protocols | 383 |
| Lesson Review | 395 |
| Lesson Summary | 396 |
| CHAPTER 10 Wireless Security | 397 |
| About This Chapter | 397 |
| Before You Begin | 398 |
| Lesson 1: Setting Up a Wireless Network | 399 |
| Understanding Wireless Technology | 399 |
| Practice: Connecting a WAP and Client to the Network | 402 |
| Lesson Review | 408 |
| Lesson Summary | 408 |
| Lesson 2: Securing Wireless Networks | 409 |
| Understanding Wired Equivalent Privacy | 409 |
| Practice: Establishing WEP Encryption | 411 |
| Lesson Review | 416 |
| Lesson Summary | 417 |
| Lesson 3: Configuring Clients for Wireless Security | 418 |
| Ensuring Secure Access | 418 |
| Practice: Configuring Your Network for 802.1x Authentication | 422 |
| Lesson Review | 436 |
| Lesson Summary | 436 |
| CHAPTER 11 Public Application Server Security | 437 |
| About This Chapter | 437 |
| Before You Begin | 438 |
| Lesson 1: Providing Internet Security | 439 |
| Understanding the Requirements for Internet Security | 439 |
| What Is the Threat? | 440 |
| Securing Public Services | 442 |
| Establishing Firewall Security | 443 |
| What Are the Types of Firewall? | 446 |
| Using ISA Server | 448 |
| Practice: Configuring a Firewall | 449 |
| Lesson Review | 455 |
| Lesson Summary | 456 |
| Lesson 2: Configuring Microsoft SQL Server for Internet Security | 457 |
| Protecting Public Database Servers | 457 |
| Practice: Establishing SQL Server Security for the Internet | 459 |
| Lesson Review | 467 |
| Lesson Summary | 467 |
| Lesson 3: Securing Microsoft Exchange Server for the Internet | 468 |
| Exploiting Open Relays | 469 |
| Properly Protecting an Exchange Server | 469 |
| Securing Credentials with SSL | 470 |
| Practice: Securing Microsoft Exchange for the Internet | 471 |
| Lesson Review | 482 |
| Lesson Summary | 483 |
| CHAPTER 12 Web Service Security | 485 |
| About This Chapter | 485 |
| Before You Begin | 486 |
| Lesson 1: Securing Public Web Servers | 487 |
| Understanding Internet Information Services | 487 |
| Implementing IIS Security | 488 |
| Practice: Configuring IIS Security | 491 |
| Lesson Review | 494 |
| Lesson Summary | 494 |
| Lesson 2: Web Authentication | 495 |
| Understanding Web Authentication | 495 |
| Configuring Web Authentication | 498 |
| Practice: Selecting Authentication Methods | 499 |
| Lesson Review | 503 |
| Lesson Summary | 504 |
| Lesson 3: Using Secure Sockets Layer | 505 |
| Understanding SSL | 505 |
| Obtaining and Installing SSL Certificates | 505 |
| Managing Server Certificates | 507 |
| Authenticating Clients | 508 |
| Practice: Using SSL | 510 |
| Lesson Review | 527 |
| Lesson Summary | 528 |
| CHAPTER 13 Intrusion Detection and Event Monitoring | 529 |
| About This Chapter | 529 |
| Before You Begin | 529 |
| Lesson 1: Establishing Intrusion Detection for Public Servers | 530 |
| Common Network Intrusions | 530 |
| Detecting Network Intrusions | 531 |
| Using a Decoy Server | 533 |
| Performing Event Analysis and Preserving Evidence | 538 |
| Practice: Detecting Intruders | 538 |
| Lesson Review | 544 |
| Lesson Summary | 544 |
| Lesson 2: Event Monitoring in the Private Network | 545 |
| Establishing Intrusion Detection in Private Networks | 545 |
| Preserving the Evidence | 548 |
| Searching Audit Logs with EventComb | 549 |
| Practice: Managing Event Logs | 550 |
| Lesson Review | 554 |
| Lesson Summary | 554 |
| CHAPTER 14 Software Maintenance | 555 |
| About This Chapter | 555 |
| Before You Begin | 555 |
| Lesson 1: Working with Service Packs and Hotfixes | 556 |
| Understanding Service Packs and Hotfixes | 556 |
| Managing Service Packs and Hotfixes | 557 |
| Slipstreaming Service Packs and Hotfixes | 559 |
| Working with Remote Installation Services | 560 |
| Practice: Managing Service Packs and Hotfixes | 561 |
| Lesson Review | 571 |
| Lesson Summary | 572 |
| Lesson 2: Automating Updates with Microsoft Software Update Services | 573 |
| Using Windows Update | 573 |
| Using Automatic Updates | 575 |
| Installing and Configuring Software Update Services | 576 |
| Practice: Using Software Update Services | 578 |
| Lesson Review | 590 |
| Lesson Summary | 591 |
| Lesson 3: Deploying Updates in the Enterprise | 592 |
| Using Group Policy to Deploy Software | 592 |
| Installing Multiple Hotfixes | 593 |
| Using Tools for Security Management | 594 |
| Practice: Deploying Multiple Hotfixes in the Enterprise | 596 |
| Lesson Review | 599 |
| Lesson Summary | 599 |
| APPENDIX Questions and Answers | 601 |
| GLOSSARY | 625 |
| INDEX | 635 |
