w2kserver book hack proofing windowns 2000 server phần 10 docx

374 tcp, udp Legent Corporation376 tcp, udp Amiga Envoy Network Inquiry Proto 377 tcp, udp NEC Corporation 378 tcp, udp NEC Corporation 379 tcp, udp TIA/EIA/IS-99 modem client 380 tcp, u

374 tcp, udp Legent Corporation

376 tcp, udp Amiga Envoy Network Inquiry Proto

377 tcp, udp NEC Corporation

378 tcp, udp NEC Corporation

379 tcp, udp TIA/EIA/IS-99 modem client

380 tcp, udp TIA/EIA/IS-99 modem server

381 tcp, udp Hp performance data collector

382 tcp, udp Hp performance data managed node

383 tcp, udp Hp performance data alarm manager

384 tcp, udp A Remote Network Server System

385 tcp, udp IBM Application

386 tcp, udp ASA Message Router Object Def.

387 tcp, udp Appletalk Update-Based Routing Pro.

391 tcp, udp SynOptics SNMP Relay Port

392 tcp, udp SynOptics Port Broker Port

394 tcp, udp EMBL Nucleic Data Transfer

395 tcp, udp NETscout Control Protocol

396 tcp, udp Novell Netware over IP

397 tcp, udp Multi Protocol Trans Net.

399 tcp, udp ISO Transport Class 2 Non-Control over TCP

400 tcp, udp Workstation Solutions

402 tcp, udp Genie Protocol

405 tcp, udp ncld

406 tcp, udp Interactive Mail Support Protocol

408 tcp, udp Prospero Resource Manager Sys Man.

409 tcp, udp Prospero Resource Manager Node Man.

410 tcp, udp DECLadebug Remote Debug Protocol

411 tcp, udp Remote MT Protocol

412 tcp, udp Trap Convention Port

413 tcp, udp Storage Management Services Protocol

423 tcp, udp IBM Operations Planning and Control Start

424 tcp, udp IBM Operations Planning and Control Track

444 tcp, udp Simple Network Paging Protocol

451 tcp, udp Cray Network Semaphore serve

452 tcp, udp Cray SFS config server

484 tcp, udp Integra Software Management Environment

485 tcp, udp Air Soft Power Burst

492 tcp, udp Transport Independent Convergence for FNA

493 tcp, udp Transport Independent Convergence for FNA

512 udp Some mail system use this port to notify users

of new mail

513 tcp Remote login via telnet (login)

513 udp Used by databases that show who’s logged in

520 udp Local routing process used by a variant of the

Xerox NS RIP

Continued

528 tcp, udp Customer IXChange

533 tcp, udp Emergency broadcasts

564 tcp, udp Plan 9 file service

568 tcp, udp Microsoft shuttle

584 tcp, udp Key Server

585 tcp, udp IMAP4 with SSL (use 993 instead)

586 tcp, udp Password Change

591 tcp, udp HTTP Alternate (FileMaker, Inc.)

597 tcp, udp PTC Name Service

598 tcp, udp SCO Web Server Manager 3

599 tcp, udp Aeolon Core Protocol

600 tcp, udp Sun IPC server

615 tcp, udp Internet Configuration Manager

616 tcp, udp SCO System Administration Server

617 tcp, udp SCO Desktop Administration Server

620 tcp, udp SCO WebServer Manager

659 tcp, udp De-Registered (2001 June 06)

660 tcp, udp MacOS Server Admin

666 tcp, udp Doom Id Software

667 tcp, udp Campaign contribution disclosures

676 tcp, udp VPPS Via

677 tcp, udp Virtual Presence Protocol

678 tcp, udp GNU Generation Foundation NCP

686 tcp, udp Hardware Control Protocol Wismar

707 tcp, udp Borland DSJ

709 tcp, udp Entrust Key Management Service Handler

710 tcp, udp Entrust Administration Service Handler

729 tcp, udp IBM NetView DM/6000 Server/Client

730 tcp, udp IBM NetView DM/6000 send/tcp

731 tcp, udp IBM NetView DM/6000 receive/tcp

747 tcp, udp Fujitsu Device Control

748 tcp, udp Russell Info Sci Calendar Manager

749 tcp, udp Kerberos administration

750 tcp, udp Kerberos version iv

886 tcp, udp ICL coNETion locate server

887 tcp, udp ICL coNETion server info

991 tcp, udp Netnews Administration System

994 tcp, udp Irc protocol over TLS/SSL

1008 udp Maybe used by Sun Solaris

selling, 257

settings, 40 See also Default access

control settings

permissions, 482 See also Read Access

permission; Script Access

permission

restriction

domain name blocking, usage,

495–496

IP address blocking, usage, 495–496

rights, 455 See also Fine-grain access

rights

inheritance, 131–133

security See File Transfer Protocol;

Non-Windows clients;World Wide

Lockout Policy node, 157

management, advantages See Active

ACL See Access Control List

ACLDiag See Access Control List

required policies, 10storage, 303

permissions, assigning See Directory

objectschema, modification, 451Schema snap-in, 406–409security, 109

interaction, 110–134, 144trusts, usage, 126–128usage, 305, 333, 410Users/Computers, 6, 88, 404console, 22

snap-in, 5

Wizard See Network Information

ServiceActive Directory Service Interfaces(ADSI), 427

Active Server Page, 484Active X

controls, 371SDK, 372ActivePerl 5.6 (ActiveState), 403, 432defining, 435

ActiveState See ActivePerl 5.6; Perl

Add/Remove Programs Wizard, 478Administration

delegation, 128–131

tools See Account; Network

Administrative responsibilities,delegation, 111

Administrative support, decrease, 138

653

Admission Control See QoS Admission

Control and Distributed FileSystem

ADSI See Active Directory Service

InterfacesAdvanced mapping, 431

509–510Anonymous account, 508

Apple standard encryption, 464

AppleTalk, 247

protocol, 462

AppleTalk Network Integration Services

(ANIS), 461–462, 464Application name/location, 552

Application security tool

AS See Authentication Service

Asymmetric cryptography, 202Asymmetric encryption, 251At.exe, 473

ATM See Automated teller machine

Attacker, return information, 245Attributes, 113

configuration, 497–510 See also File

Transfer Protocol;World Wide Web

definition See Local Area Network

Manager; NT LAN Managerdelegation, 81, 88–89

forwarding, 64information, encryption, 438limitations, 7–8

mapper See Password authentication

mapper

method, 321 See also External users;

Internal users; Kerberoscombination, 505

plug-in modules, 65process, 138

strategies See Network

support level, selection, 505–509traffic, 432

usage See Anonymous authentication;

Basic authentication; based authentication; Clear-textauthentication; Digest

Certificate-authentication; IntegratedWindows Authentication; NTLAN Manager

Authentication header (AH), 252–256,268

ESP, combination, 271Authentication Service (AS), 72exchange, 73–75

request, 136Authenticators, 68, 76decrypting, 70Authenticode, 371–373Authorization data, 92, 102

interaction See Key distribution

center; ServiceAuthorized user, 257Automated teller machine (ATM) cards,297

Automatic certificate enrollmentconfiguration, group policy usage,363–366

B

/B (switch), 512Back Orifice, 245Back-door access, 258Backup

copy, deleting, 227file, creation, 225

remainders, 16Backward compatibility, 395Baselines, 608

Basic authentication, 505, 507usage, 497–498

BDC See Backup domain controller

Black-hat hacker, 257Browser, 473, 513Only, 608Bufferspace, allocation, 230usage, 582

Built-in local groups, utilization, 10Built-in policies, 267

Bulk data encryption, 322–323

CBC See Cipher block chaining

C/C++, 295CDFS, 420Cerberus, 67Certificate authority (CA), 4, 140, 250,

305, 387, 502 See also Enterprise

Root CA; Enterprise SubordinateCA; Root CA; Self-signed CA;

hierarchiesselection, 346

usage, 329–333

web page, EFS Recovery Agent

certificate request, 348–352Certificate Manager, 339

Certificate Request Wizard, 216

usage See User

Certificate revocation list (CRL), 141,

324, 333publishing, 354–356

Certificate Server

Service See Microsoft Certificate

ServerX.509 v3, 375

enrollment, 343–352, 366–369

configuration See Automatic

certificate enrollmentconfiguration

Cipher utility, 211–212Ciphertext, 252, 319file, 220

Class C subnet mask, 270Clear-text authentication, usage,438–439

Client certificate mapping, usage, 497,501–502

Client for NFS, 403, 429Client Services for NetWare (CSNW),440–441, 444, 460–461

Client to client communication, 246

Clients See Non-IPSec-aware clients;

Non-Kerberos-enabled clients;Telnet;Windows

authentication, 302, 362, 439 See also

Down-level clients; UNIXSSL 3.0, usage, 140

configuration, NTLMv2 usage See

Windows NT 4.0;Windows 9x

enabling See Domain clients interaction See Macintosh; Novell;

UNIXNTLMv2, usage, 400

OS, 513passwords, change, 396

searches See Active Directory services See NetWare

support See Non-Windows 2000

clients/servers

usage See Directory services client

Client/Server (CS) exchange, 73, 76–77

COM+, 526COM components, 295, 296COM objects, 297

COM+ server, 574Comma-separated format (CSV) file,586

Commerce Server, 526Common files, 475Common Internet File System (CIFS),439

Competitors, 257Compromised key attacks, 245–246

Computer See Destination computer;

Local computers; Remotecomputers; Sending computer

access, security risks See NetWare

clocks, synchronization tolerance, 87lockdown ability, 3

required policies See Local computers

Computer-to-computer IP addresses,263

Confidentiality, 247, 251–252CONFIG folder, 565, 566Console client, 574Contactless smart cards, 297–298Containers, 120, 132

Control Wizard, delegation, 129–130Control.guid, 583

Copy command, 209CPU utilization per process, 588Crackers, 106

Cracking, 242Creator owner, 31

Credentials, 513 See also Logon; User

cache, 74, 90submitting, 316

CryptoAPI (CAPI), 109, 139, 141, 294,296

architecture, 338subsystem, 352, 353

usage See Secure MIME

Cryptographic algorithms, 110Cryptographic API, 328Cryptographic keysprotection/trust, 323–328trust/validation, 326–328Cryptographic provider, 223Cryptographic service provider (CSP),

109, 141, 296, 328storage, 338

usage, 352, 366

Cryptographic services, overview See

Internet Protocol SecurityCryptographic technologies, 316Cryptographic-enabled programs, 294

Cryptography See Asymmetric

cryptography; Public key;

Symmetric cryptographyCRYPT_USER_PROTECT, 338

CS See Client/Server CSNW See Client Services for NetWare CSP See Cryptographic service provider CSV See Comma-separated format

encryption See Bulk data encryption

file content, change, 245

sent/received per transaction, 588

stream, usage, 225

type, 400, 554, 556

Data Center Server, 472

Data decryption field (DDF), 228, 230

Data Encryption Standard (DES),

251–252, 254, 255 See also Triple

Data Encryption Standardalgorithm, 201–203, 251, 319

encryption, 114

Data Migration Wizard, running See

Network Information ServiceData recovery field (DRF), 229, 230

DDF See Data decryption field

DEC See Digital Equipment

Default file system, 30–46, 59

Default group membership, 55–56, 59

Default user rights, 46–55, 59

Delegation of authentication See

Dependent services, enumeration, 590

DES See Data Encryption Standard 3DES See Triple Data Encryption

StandardDesktop Workstation, 608Destination computer, 249, 253Destination IP address, 269DESX, 203

encryption key, 226Device driver, 293, 549, 550Device-independent APIs, 294–295

DFS See Domain-based DFS

fault-tolerance client, 395

topology See Standalone DFS

topologyDHCP

servers, 262services, 184Diffie-Hellmanexchanges, 266group, 255Digest authentication, 505usage, 497–500

Digital certificates, 137Digital Equipment Corporation (DEC),67

Digital keys, 297Digital signatures, 247, 250, 319–321,

370–371 See also Public key

Digital signing, 297, 298Digital True64 UNIX, 425Digitally signed content, 371–373Direct registry edits, 150, 168

Directory, 32 See also Subdirectories

browsing, 483creation, 486

synchronization See Two-way

directory synchronizationDirectory Service Access, 526Directory services client (dsclient),usage, 396

Discretionary Access Control List(DACL), 455, 589

Disk drives, data protection (encryption,usage), 2

Disk reads/writesper process, 588per transaction, 587Disk statistics, 588

Distributed File System See QoS

Admission Control and DistributedFile System

Distributed partnerships, 141–142, 146Distributed Password Authentication(DPA), 64, 65, 137

Distributed security See Windows 2000

Distributed services, 107

DLL See Dynamic Link Library

DMZ FTP, 607DMZ Web Server, 607

DNS See Domain Name System

Documentation, 475Domain Admins group, 86Domain clients, enabling, 338–361,387–388

Domain controller (DC), 456, 474, 498

See also Backup domain controller;

Primary domain controllerWindows 2000;Windows NT 4.0organization unit, 398

policy, 397security settings, 25usage, 121

Domain Security Policy, 6Domain-based DFS, 396

Domains, 120 See also Down-level

domains; Root domains;

Subdomainsexporting, 191grouping, 120Kerberos trusts, usage, 122–124name, 434, 562

blocking, usage See Access

transitive trust relationships, 2user manager, location, 5–6Down-level clients, 7, 14authentication, 394–402, 467NTLMv2, usage, 396

support, 397Down-level domains, 108Down-level Windows clients,authentication security, 3

DPA See Distributed Password

Authentication

DRF See Data recovery field

DsAcls, 589running, 591–593

dsclient See Directory services client

Dynamic content, 487Dynamic inheritance, 131–132Dynamic Link Library (DLL), 138, 371,545

file, 406Dynamic ports, 618

E

/E (switch), 208, 209

EAP See Extensible Authentication

Protocol

ElogDmp See Event Log Query

Employees, 257

EMV See Europay MasterCard Visa

Encapsulating security protocol (ESP),

252–256, 268, 280

combination See Authentication

headerEncrypted command, sending, 225

Encrypted control command, sending,

226Encrypted Data Recovery Agents, 215,

218Encrypted Data Recovery Policy

(EDRP), 201Encrypted file

access, 204

assessing, 207–208

copying, 204, 208–209

moving/renaming, 204, 209

Encrypted File System See Microsoft

Encrypted File SystemEncrypted message, 69

EncryptFileSrv, 226–228

calling, 225

Encrypting File System (EFS), 4, 10,

opening, 230Callback function, 229callouts, 223

certificate, interaction See Recovery

agentcomponents, 222–224driver, 222–223file information, 221, 227–229function, explanation, 203–204implementation method, 11Recovery Agent, 216

certificate, request See Certificate

authority

recovery certificate, inclusion See

Recovery agentservices, 223

stored information, constructing, 225usage, 201–204, 233–234

Encryption See Asymmetric encryption;

Authentication; Bulk dataencryption; DES encryption;Public key; Symmetric encryptionalgorithms, 141, 254, 255

definition, 317fundamentals, 201–203level, verification, 402

operations, 298 See also Rivest Shamir

Adlemanprocess, 206, 221, 224–227request, 224

signatures, 370

systems See Replaceable encryption

systemsEnd time, 80End-user licensing agreement (EULA),

411, 412

Enterprise Root CA, 325Enterprise Subordinate CA, 325Environment variables, 552

EPROM See Erasable programmable

ROMErasable programmable ROM(EPROM), 373

ESP See Encapsulating security protocol EULA See End-user licensing

agreementEuropay MasterCard Visa (EMV),291–292

Event Log, 10, 158, 174–176required policies, 11Event Log Query (ElogDmp) tool,usage, 582

Event Viewer, 5Everyone identity, 31Exchange Profile, 563Exchange Recipients, names, 563Exchange Server, 370, 371Executable files, 371Executables, 484Execute permissions, 482Expiration date, 366Export security settings, 164Extensible Authentication Protocol(EAP), 64, 65

Extensions, setting See Group Policy

External trusts, 124External users, authentication, 140methods, 2

F

/f (option), 481-f (switch), 525FAT, 420

access, 402 See also Encrypted file copying See Encrypted file

decryption, 204encryption, 204–207, 210–211products, 200

moving/renaming See Encrypted file

name, restriction, 545

services See NetWare

File and Print services for NetWare(FPNW), 461

File Encryption Key (FEK), 201, 203ciphering, 205

decryption, 230, 231generation, 225

File Migration Utility See Microsoft File

Migration Utility (FMU)

File System, 10, 158–159, 181–182 See

also Default file system

driver, 549, 550required policies, 10security, 181–184, 189–190configuration, 181–184File Transfer Protocol (FTP), 438, 473authentication, setting, 510

data, 509FTPRoot folders, 475request, 497

server, 475secure access, 3services, 472

site See Public FTP site

authentication, configuration, 509setting, 481–494

site permissions, 481configuration, 484setting, 485

necessity, 10

Find Group (Findgrp), usage, 595

Fine-grain access rights, 131

Fingerprints, 247

Floppy Lock (Floplock), usage, 601–602

FMU See Microsoft File Migration

UtilityFolder

Forwarding See Authentication

FPNW See File and Print services for

NetWareFree-text format, 241

installation, 442–445

Gateway to gateway communication,

246GemSAFE smart card, 300

GenerateFEK, calling, 225

Generic Security Service-Application

Program Interface (GSS-API), 67,

Global catalog, 121Global groups, necessity, 10Global System for MobileCommunications (GSM), 292Globally unique identifier (GUID), 296,

297, 583

GPO See Group Policy Object

Graphical identification andauthentication (GINA), 302Graphical user interface (GUI), 92, 421,

431, 547, 591mode, 30

portion, 25tool, 593usage, 125, 129

Group See User membership See Default group

membership

usage See Security

names, mapping, 431Group ID (GID), 423support, 429

Group Management tools, 536usage, 593–595, 614

Group Policy, 50, 526extension setting, security (usage),151–152

integration, 191–193, 196snap-in, 261

support, 396

usage See Automatic certificate

enrollment configurationGroup Policy Editor

security extensions, 164security settings extension, 191–193Group Policy Object (GPO), 51–52,