Implementing And Administering Security in a Microsoft Windows 2000 Network

Final Course Syllabus

Implementing and Administering Security in a Microsoft Windows 2000 Network

Elements of this syllabus are subject to change.

This five-day instructor-led course provides students with the knowledge and skills required to implement and administer security services on Windows 2000.

Audience

Attendees will be current information technology (IT) professionals close to completion of the MCSA, partial or completed MCSE certifications or equivalent experience. The students will be in an environment where they are responsible for aspects of security management and deployment associated with their internal network infrastructure and services available from the Internet.

This course is intended for IT professionals who need to design, plan, implement and support a Microsoft Windows 2000 network infrastructure or who plan to take the related Microsoft

Certified Professional exam 70-214, Implementing and Administering Security in a Microsoft Windows 2000 Network.

At Course Completion

After completing this course, students will be able to:

§ Implement Group Policy

§ Create and work with user accounts and security groups

§ Implement account policies and security templates

§ Administer account based security

§ Install and maintain certificate authorities

§ Manage a public key infrastructure (PKI)

§ Secure early versions of Windows clients

§ Configure and troubleshoot IPSec

§ Secure remote access and VPNs

§ Configure wireless security

§ Secure public application servers

§ Secure web services

§ Monitor events and intruder detection

§ Maintain software, service pack and hotfix deployments

Prerequisites

Before attending this course, students must have:

§ Familiarity with Windows 2000 core technologies, such as those described in the following Microsoft Official

Curriculum (MOC) course: o

Course 2152: Implementing Microsoft Windows 2000

Professional and Server

§ Familiarity with Windows 2000 networking technologies, such as those described in the following MOC course: o

Course 2153: Implementing a Microsoft Windows 2000

Network Infrastructure

§ Familiarity with Windows 2000 directory services technologies, such as those described in the following MOC course: o 2154: Implementing and Administering Microsoft Windows 2000 Directory

Services

§ Familiarity with fundamental network security technologies, such as those described in the following MOC course: o 2810: Fundamentals of Network Security or equivalent knowledge

Student Materials

The student kit includes a comprehensive workbook and other necessary materials for this class.

Module 1: Implementing Group Policy

The information in this module explains in detail what Group Policy is and how it works. Group Policy is used to configure user's desktop environments and to deploy applications. Although

Group policy is primarily a centralized configuration tool rather than a security mechanism, administrators need to be familiar with the security implications of Group Policy configuration.

Lessons

§ Active Directory and Group Policy

§ Configuring and Managing Group Policy

§ Using Group Policy to Control User Environments

§ Troubleshooting Group Policy Application

§ Security Limitations of Group Policy

Lab: Implementing Group Policies in Active Directory

After completing this module, students will be able to:

§ Describe and create Active Directory structures.

§ Describe and manage Group Policy.

§ Configure client computer security policies.

§ Troubleshoot

Group Policy application.

§ Describe the security limitations of Group Policy.

Module 2: Creating User Accounts and Security Groups

The information in this module explains how to use local user accounts and security groups to secure access to resources on local computers and how to use domain accounts and security groups to secure access to resources in the domain.

Lessons

§ Creating Local User Accounts and Security Groups

§ Working with Active Directory Domain Accounts and Security Groups

Lab: Creating Users and Security Groups in a Domain

After completing this module, students will be able to:

§ Create and manage user accounts and security groups on local computers.

§ Create and manage user accounts and security groups in a domain.

Module 3: Restricting Accounts, Users, and

Groups

This module builds on the security features introduced in Module 2, "User Accounts and Security Groups". It explains the restrictions applied to users when they log on by the use of account policies configured in Group Policy. It also describes how to manage user rights, how to restrict users to specific security group membership, and how to use security templates to establish a level of security across the network. It discusses what you need to know to manage and deploy security templates and provides information about troubleshooting common problems with them.

Lessons

§ Understanding Account Policies

§ Managing User Rights

§ Controlling Access ThroughRestricted Groups

§ Administering Security Templates

Lab:

Using Security Features in Active Directory to Restrict Users and Groups

After completing this module, students will be able to:

§ Configure and apply account policies.

§ Manage user rights.

§ Control access using restricted groups.

§ Administer security templates.

Module 4: Configuring Account Based

Security

The information in this module explains the use of a user's account credentials and how the permissions secure various types of resources in Windows 2000.

Lessons

§ Managing File System Permissions

§ Implementing Share ServiceSecurity

§ Using Audit Policies

§ Including Registry Security

Lab:

Using Security Templates to Configure Account

Based SecurityAfter completing this module, students will be able to:

§ Manage file system permissions.

§ Implement share service security.

§ Using audit policies.

§ Secure the registry.

Module 5: Managing Certificate Authorities

The information in this module explains the installation and maintenance of certificate authorities and Microsoft Certificate Services.

Lessons

§ Understanding Certificates

§ Installing Windows 2000Certificate Services

§ Maintaining Certificate

Authorities

Lab:

Implementing a PKI

After completing this module, students will be able to:

§ Describe Certificates.

§ Install Windows 2000 Certificate Services.

§ Maintain Certificate Authorities.

Module 6: Managing a Public Key Infrastructure

The information in this module explains the installation and maintenance of certificate authorities and Microsoft Certificate Services.

Lessons

§ Working with ComputerCertificates

§ Deploying User Certificates

§ Using Smart Card Certificates

§ Deploying S/MIME Certificates

Lab:

Using S/MIME Certificates in Windows 2000

After completing this module, students will be able to:

§ Work with computer certificates.

§ Deploy user certificates.

§ Use Smartcard certificates.

§ Deploy S/MIME certificates.

Module 7: Increasing Authentication SecurityThe information in this module explains how to keep a network as secure as possible while still allowing access to the network resources for clients that run earlier versions of Microsoft Windows and third-party operating systems. The module goes on to explain how to keep authentication secure when transiting between domains within the same organization.

Lessons

§ Supporting Earlier Versions of Windows Clients

§ Supporting Macintosh Clients

§ Trust Relationships

After completing this module, students will be able to:

§ Support earlier versions of Windows clients.

§ Support Macintosh computers.

§ Describe and configure Trust Relationships.

Module 8: Implementing IP SecurityThe information in this module introduces IPSec and the use of authentication and encryption methods that are compatible with IP networks. It goes on to explain the appropriate tools and techniques for troubleshooting IPSec.

Lessons

§ Configuring IPSec Within aDomain

§ Configuring IPSec BetweenUntrusted Networks

§ Configuring IPSec on InternetServers

§ Troubleshooting IPSec

Configuration

Lab:

Implementing IP

Security in a Windows 2000 Network

After completing this module, students will be able to:

§ Configure IPSec within a domain.

§ Configure IPSec between untrusted networks.

§ Configure IPSec on Internet servers.

§ Troubleshoot IPSec configuration.

Module 9: Securing Remote Access and VPN

The information in this module introduces the Routing and Remote Access service which is the Windows 2000
component that manages both routing between networks and remote access to networks.

Lessons

§ Securing RRAS Servers

§ Managing RRAS Authentication

§ Securing Remote Clients

§ Securing Communications Using a VPN

Lab:

Implementing and Securing a Server Running RRAS

After completing this module, students will be able to:

§ Secure

RRAS servers.

§ Manage

RRAS authentication.

§ Secure remote clients.

§ Secure communications using a VPN.

Module 10: Configuring Clients for Wireless

Security

The information in this module introduces the security implications of running a wireless network. The lesson explains that security standards for wireless protocols are still evolving and introduces both the existing Wired Equivalent Privacy (WEP) protocol and the newer 802.1X port authentication protocol.

Lessons

§ Setting Up a Wireless Network

§ Securing Wireless Networks

§ Configuring Clients forWireless SecurityAfter completing this module, students will be able to:

§ Setup a wireless network.

§ Secure a wireless network.

§ Configure clients for wireless security.

Module 11: Securing Public Application Servers

The information in this module explains the types of attacks that can be expected and the methods for defending against them when running servers that provide public services. A secure

Internet services infrastructure must be built by using firewalls, properly securing e-mail servers, and protecting the database servers that frequently provide back-end data for Web servers.

Lessons

§ Providing Internet Security

§ Configuring Microsoft SQLServer for Internet Security

§ Securing Microsoft Exchange

Server for the Internet

Lab:

Designing an External Firewall Configuration

After completing this module, students will be able to:

§ Provide

Internet Security.

§ Configure

Microsoft SQL Server for Internet Security.

§ Secure

Microsoft Exchange Server.

Module 12: Implementing Web Service SecurityThe information in this module explains how to configure Internet Information Services (IIS) security features correctly to make Web servers as secure as possible.

Lessons

§ Securing Public Web Servers

§ Web Authentication

§ Using Secure Sockets Layer

Lab:

Implementing

Web Service SecurityAfter completing this module, students will be able to:

§ Secure public web servers.

§ Describe web authentication.

§ Use

Secure Sockets Layer.

Module 13: Detecting Intrusions and Monitoring

Events

The information in this module explains how to configure IIS security features correctly to make Web servers as secure as possible.

Lessons

§ Establishing IntrusionDetection for Public Servers

§ Event Monitoring in the

Private Network

After completing this module, students will be able to:

§ Establish intrusion detection for public servers.

§ Monitor events in the private network.

Module 14: Maintaining Software

The information in this module explains the various tools that can be used update client and server computers.

Lessons

§ Working with Service Packs and Hotfixes

§ Automating Updates withMicrosoft Software Update Services

§ Deploying Updates in the Enterprise

Lab:

Maintaining Software

After completing this module, students will be able to:

§ Work with Service Packs and Hotfixes.

§ Automate updates with Microsoft Software Update Services.

§ Deploy updates in the enterprise.