299 Notes #2

PsoasmanPsoasman Member Posts: 2,687 ■■■■■■■■■□
Chapter 4:
1. Software restriction policies can be applied to a GPO to restrict the applications that can run on target system. Can restrict applications based on the hash of the executable file, path in file system, a certificate associated with the application, or internet zone in which the app is running.
2. Create security template for the computer roles in organization.
3. Encrypt mobile computers files using EFS.
4. Kiosks require high security.
5. 2 major types of firewalls: 1.) host-based like the ICF, protect a single system and 2.) network firewalls like the ISA server protect the entire network.
6. Perimeter networks are used to provide security.
7. DHCP and DNS servers are vulnerable to DoS attacks, secure them carefully.
8. Security Configuration and analysis is used to check security settings and compare them and apply.
9. MBSA identifies potential security vulnerabilities including missing updates, patches, passwords, account, etc.
10. Mescal is the command line version, used to create .xml files to summarize vulnerabilities.

Chapter 5:
1. MS releases different types of updates, like SPs, patches, hot fixes.
2. Chaining allows multiple updates to be applied with a single reboot.
3. AU clients get updates from MS or SUS server.
4. SMS can deliver updates from SUS to enterprise.
5. GP can deliver updates, not preferred method.
6. Use a lab environment to test updates.
7. Backup systems before installing updates.

Chapter 6:
1. The graphical MBSA console is the most efficient way to scan a computer(s) for the presence of updates. Can scan a range of IP addresses, or all computers in the domain.
2. MBSA stores reports in .xml format in C:\documents and settings\username\security scans folder.
3. Mbsacli and HFNetChk mode used in Command line.
4. Keep computers off network until updates are installed.
5. Can slipstream files into OS disk.
6. AU client can be configured from GPO in AD, local GP, or registry.
7. SUS requires IIS installed on local pc and website to use port 80.
8. Service packs include an installer.

Chapter 7:
1. PK encryption uses 2 keys to encrypt and decrypt messages.
2. To send a private message using PKI, encrypt the message with the recipient’s public key, they use their private key to decrypt.
3. Certs expire at a time specified when the cert is generated, CRLs are used to revoke earlier.
4. Root CAs cannot issue a cert that will expire before its cert does.
5. MS has version 1 and 2 certs.
6. Server 2k3 can issue certs via web enrollment, certificates console, certreq.exe CLI, auto enrollment.
7. Only 2k, 2k3 support auto enrollment.
8. If the user loses the private key, data will be lost, unless you have KRA set up.

Chapter 8:
1. Use IPSec in transport mode to protect communications between 2 IPSec-enabled computers. Use in tunnel mode to protect entire network.
2. Main mode IKE negotiations occur at beginning of session. Quick mode occurs immediately after MM complete and then occur on a regular basis while session is active.
3. Can choose either AH or ESP with IPSec. ESP is encrypted and is compatible with NAT-T.
4. IPSec can be used to provide packet filtering for windows systems. It complements ICF by providing filtering based on source or destination IP address.
5. You should use GPOs to deploy IPSec whenever practical. You should limit access to modify the IPSec policy to limited admins.
6. Use Kerberos authentication when all IPSec peers are members of trusted AD forest. Use PKI for IPSec authentication where no AD. Only use preshared key if you can’t use Kerberos or IPSec.
7. Server 2k3 ipfilters can be dynamic being defined by IPSec based on host’s network configuration. Dynamic filters can be created by using IP addresses of DNS, DHCP, WINS and DG.
8. Configure windows 2k to check CRLs.
Sign In or Register to comment.