IT Security

 

Implementing and Administering Security in a Microsoft Windows Server 2003 Network (Course Code: 2823)

Course Schedule:

Please call 8622 8900 or email us for further information

Overview:

This five-day instructor-led course addresses issues for IT Pro security practitioners, specifically the training needs of those preparing for the 70-299 certification exam. The primary product focus is on Microsoft Windows Server 2003 based infrastructure solutions but will include some client focused content where appropriate. This learning product is to provide functional skills in planning and implementing infrastructure security.
This course is part of the Security Portfolio and will act as the primary entry point for IT Professionals at the implementation level.

Learning Method:

This course uses a combination of instructor presentation, and student hands-on practical exercises. Each attendee will be provided a comprehensive set of notes and will have the opportunity to apply and test what they have learned in the classroom throughout the course.

Who will benefit from this course?

The course is for a system administrator or system engineer who has the foundation implementation skills and knowledge for the deployment of secure Microsoft Windows Server 2003 based solutions. This course is not intended to provide design skills, but will cover planning skills at a level sufficient to enable decision making for the implementation process.

Pre-requisites:

Before attending this course, students must have:

  • Experience implementing a Windows 2000 or Windows Server 2003 Active Directory environment.
  • Experience with organisational resources such as Web, FTP and Exchange servers,
  • Some knowledge of shared resources and network services such as DHCP, DNS and WINS would also be helpful.

What can you expect to gain from this course?

After completing this course, you will have gained the skills to:

  • Plan and configure an authorisation and authentication strategy.
  • Install, configure, and manage certification authorities.
  • Configure, deploy, and manage certificates.
  • Plan, implement, and troubleshoot smart card certificates.
  • Plan, implement, and troubleshoot Encrypting File System (EFS).
  • Plan, configure, and deploy a secure member server baseline.
  • Plan, configure, and implement secure baselines for server roles.
  • Plan, configure, implement, and deploy client computer baselines.
  • Plan and implement software updates.
  • Plan, deploy, and troubleshoot data transmission security.
  • Plan and implement security for wireless networks.
  • Plan and implement perimeter security with Internet Security and Acceleration (ISA) Server 2004.
  • Secure remote access.

Course Content:

Module 1: Planning and Configuring an Authentication and Authorisation Strategy
  • This module explains how to evaluate the infrastructure of your organisation and create and document an authorisation and authentication plan that allows the appropriate level of access to various security principals. It also describes trust relationships, domain and forest functional levels, and basic security principles.
  • Components of an Authentication Model
  • Planning and Implementing an Authentication Strategy
  • Groups and Basic Group Strategy in Windows Server 2003
  • Creating Trusts in Windows Server 2003
  • Planning, Implementing, and Maintaining an Authorisation Strategy Using Groups
  • Exercise A: Planning and Configuring an Authentication and Authorisation Strategy
  • Planning and Implementing a Resource Authorisation Strategy
  • Planning and Implementing a Cross-Forest Authentication Strategy
  • Planning and Implementing an Authentication Policy
Module 2: Installing, Configuring, and Managing Certification Authorities
  • This module describes the fundamentals of the systems that make secure communication possible. It describes methods, such as a public key infrastructure (PKI), that enable you to securely communicate on networks.
  • Overview of a PKI
  • Introduction to Certification Authorities
  • Installing a Certification Authority
  • Managing a Certification Authority
  • Backing Up and Restoring a Certification Authority
  • Exercise A: Installing and Configuring a Certification Authority
  • Installing an Enterprise Subordinate Certification Authority
  • Backing up a Certification Authority
Module 3:Configuring, Deploying, and Managing Certificates
  • This module explains how to ensure that the certificates are issued to the correct security principals and for the intended purpose. It describes, for example, how to make the deployment of certificates an easy and straightforward task for end users.
  • Overview of Digital Certificates
  • Deploying and Revoking User and Computer Certificates
  • Configuring Certificate Templates
  • Managing Certificates
  • Exercise: Deploying and Managing Certificates
  • Configuring Multipurpose Certificate Templates
  • Configuring Certificate Autoenrolment
  • Updating a Certificate Template
  • Implementing a Key Archiving Strategy
Module 4: Planning, Implementing, and Troubleshooting Smart Card Certificates
  • This module describes how to deploy, manage, and configure certificates and certificate templates in a public key infrastructure (PKI) environment.
  • Introduction to Multifactor Authentication
  • Planning and Implementing a Smart Card Infrastructure
  • Managing and Troubleshooting a Smart Card Infrastructure
  • Exercise: Implementing Smart Cards
  • Configuring a Smart Card Enrolment Station
  • Simulation: Enrolling Users for Smart Cards
Module 5:Planning, Implementing, and Troubleshooting Encrypting File System
  • This module describes how to plan, implement, and troubleshoot Encrypting File System (EFS).
  • Introduction to EFS
  • Implementing EFS in a Standalone Microsoft Windows XP Environment
  • Planning and Implementing EFS in a Domain Environment
  • Implementing EFS File Sharing
  • Troubleshooting EFS
  • Exercise: Planning, Implementing, and Troubleshooting Encrypting File System
  • Implementing Certificates to Support EFS
  • Configuring Group Policy to Support EFS
Module 6:Planning, Configuring, and Deploying a Secure Member Server Baseline
  • The security of a network depends on the security configuration of the servers that make up the network. Any breach of security on a single server can jeopardise the security of all computers in the network, thereby jeopardising the security of the network itself. In this module, students will learn how to create secure baselines for servers.
  • Overview of a Member Server Baseline
  • Planning a Secure Member Server Baseline
  • Configuring Additional Security Settings
  • Deploying Security Templates
  • Securing Servers by Using the Security Configuration Wizard
  • Exercise: Planning a Member Server Baseline
  • Planning a Secure Member Server Baseline
Module 7:Planning, Configuring, and Implementing Secure Baselines for Server Roles
  • In this module, students will learn how to create secure baselines for various server roles.
  • Planning and Configuring a Secure Baseline for Domain Controllers
  • Planning and Configuring a Secure Baseline for DNS Servers
  • Planning and Configuring a Secure Baseline for Infrastructure Servers
  • Planning a Secure Baseline for File and Print Servers
  • Planning and Configuring a Secure Baseline for IIS Servers
Module 8:Planning, Configuring, Implementing, and Deploying a Secure Client Computer Baseline
  • In this module, students will learn how to create secure baselines for client computers.
  • Planning and Implementing a Secure Client Computer Baseline
  • Securing Applications on Client Computers
  • Planning and Implementing a Software Restriction Policy
  • Implementing Security for Mobile Clients
  • Exercise: Planning, Implementing, Configuring, and Deploying a Secure Client Computer Baseline
  • Planning Security Templates for Client Computers
  • Implementing Security Templates for Client Computers
Module 9:Planning and Implementing Software Updates
  • In this module, students will learn how to plan and implement update management strategies on computers.
  • Introduction to Software Update Management
  • Implementing Microsoft Baseline Security Analyser
  • Installing Windows Server Update Services
  • Managing a WSUS Infrastructure
  • Exercise: Planning and Implementing Software Updates
  • Configure MBSA Integration with WSUS Server
Module 10: Planning, Deploying, and Troubleshooting Data Transmission Security
  • This module provides students with the information they need to plan and troubleshoot data transmission security.
  • Secure Data Transmission Methods
  • Introducing IPSec
  • Planning and Implementing Data Transmission Security Using IPSec
  • Troubleshooting IPSec Communications
  • Exercise: Implementing and Troubleshooting Data Transmission Security
  • Planning IPSec Security
  • Implementing IPSec Security
Module 11:Planning and Implementing Security for Wireless Networks
  • A wireless network uses technology that enables two or more devices to communicate through standard network protocols and electromagnetic waves-not network cabling-to carry signals over part or the entire communication path. This module describes how to plan and implement security for wireless networks.
  • Introduction to Securing Wireless Networks
  • Implementing 802.1x Authentication
  • Planning a Secure WLAN Strategy
  • Implementing a Secure WLAN
  • Troubleshooting Wireless Networks
  • Exercise: Planning and Implementing Security for Wireless Networks
  • Configuring Active Directory for Wireless Networks
  • Configuring Certificate Templates and Certificate Autoenrolment
  • Configuring Remote Access Policies for Wireless Devices
  • Configuring Group Policy for Wireless Networks
Module 12: Planning and Implementing Perimeter Security with Internet Security and Acceleration Server 2004
  • Networks in organisations today are commonly interconnected-various networks within an organisation connect to each other, and corporate networks connect to the Internet. Although this presents new business opportunities, it can also cause concerns about security, performance, and manageability.
  • Introduction to Internet Security and Acceleration Server 2004
  • Installing and Managing ISA Server 2004
  • Securing a Perimeter Network by Using ISA Server 2004
  • Publishing Servers on a Perimeter Network
  • Planning a Perimeter Network
  • Implementing a Perimeter Network
  • Securing an ISA Server 2000 Computer
Module 13: Securing Remote Access
  • Remote access enables remote access clients to access corporate networks as if they were directly connected to the corporate network. The remote access clients connect to the network by using dial-up communication links. The security of a network is compromised if unauthorised remote users gain access to intranet-based resources. An effective network access security design ensures confirmation of the identity of the clients attempting to access your organisation's network resources and protection of specific resources from inappropriate access by users.
  • Introduction to Remote Access Technologies and Vulnerabilities
  • Planning a Remote Access Strategy
  • Deploying Network Access Quarantine Control Components
  • Exercise: Implementing a Secure VPN Solution
  • Configuring a VPN Connection
  • Configuring the VPN Server for Remote Access Quarantine
  • Configuring a Connection Manager Service Profile

Related Courses:

Implementing a Microsoft Windows Server 2003 Network Infrastructure: Network Hosts (Course Code: 2276)
Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services (Course Code: 2277)
Managing and Maintaining a Microsoft Windows Server 2003 Environment (Course Code: 2273)