Windows Server 2003 Security MCSE 70-298 

Summary:

This training explains how to analyse requirements and design a secure Windows Server 2003 network in a medium to large environment.

Specific aspects presented are public key infrastructure, Internet Information Services (IIS), IP Security (IPSec), wireless LAN, VPN, Active Directory, Encrypted File System (EFS), and backup and recovery processes.

Learning Segment 1 : Designing a Secure Network Framework  

Summary:

This learning segment explains how to design a secure Windows Server 2003 network framework by analysing business requirements, and both internal and external threats.

It also details how to create an incident response plan and examines interoperability issues.  

Objectives:

• Analyse existing security policies and procedures
• Analyse requirements for securing different types of data
• Predict threats to a network from internal and external sources
• Design a process for incident response and recovery
• Identify capabilities of existing infrastructures including interoperability constraints  

Topics:

• Analysing existing security Policies and procedures
• Determining requirements for securing data
• Analysing current security practices
• Predicting network threats
• Recognising external threats
• Implementing risk analysis
• Responding to security incidents
• Analysing technical constraints    

 Learning Segment 2 : Defining a Baseline Security Template    

Summary:

This learning segment explains what you need in order to apply consistent security settings across a network. It also details how to deploy security templates efficiently throughout a network, focusing on the use of Group Policy Objects (GPO) and scripting techniques.  

Objectives:

• Design, create, and deploy a security template
• Configure security for down-level clients
• Analyse results of security settings
• Deploy security using scripts  

Topics:

• Administrative security tools overview
• Working with predefined security templates
• Adding security templates snap-ins
• Reapplying default security settings
• Configuring security templates
• Configuring security for down-level clients
• Deploying security templates
• Reviewing the result of security policy settings
• Using security configuration and analysis to review security settings
• Using the secedit.exe command-line tool    

Learning Segment 3 : Designing Role-Based Server Security    

Summary:

This learning segment explains how to modify baseline security templates based on functions of an individual or group of servers.

This learning segment specifically addresses security configurations for Domain Controllers, Internet Information Services (IIS) Servers, POP3 Mail Servers, and other infrastructure servers.  

Objectives:

• Knowledge of common server roles and best security practices
• Modify baseline security templates according to role
• Configure security for Domain Controllers, Internet Information Services, Application, Mail, Infrastructure, File, Print, and Member, Terminal, Remote Access, and Streaming Media servers
• Apply security across an enterprise  

Topics:

• Common server roles
• Adding or changing server roles
• Configuring security for domain controllers
• Securing the Internet Information Server (IIS)
• Configuring security for POP3 mail servers
• Securing network infrastructure servers
• Securing remote access servers
• Securing file, print, terminal, and streaming media servers
• Modifying baseline security templates according to role    

Learning Segment 4 : Securing a Public Key Infrastructure and Network Management Processes    

Summary:

This learning segment explains the deployment of public key infrastructures (PKI), the certificate authorities that establish and verify identities of organizations, and the implementation of PKI in the Windows Server 2003 environment. This learning segment also covers security administration and the related tasks and tools needed to secure a Microsoft operating system.  

Objectives:

• Design a public key infrastructure (PKI) that uses Certificate Services
• Design a logical authentication strategy
• Design security for network management
• Design a security update infrastructure  

Topics:

• PKI basics
• Designing a certification authority implementation
• Designing a logical authentication strategy
• Designing security for CA servers
• Designing certificate distribution
• Requesting, approving, and revoking certificates
• Renewing and auditing certificates
• Managing the risks of network administration
• Securing MMC, Remote Assistance, and Telnet
• Securing Terminal Services and Remote
• DesktopDesigning security for EMS
• Designing a Security Update infrastructure
• Trust relationship basics
• Designing forest and domain trust models
• Designing security for interoperability    

Learning Segment 5 : Designing Network Infrastructure Security    

Summary:

This learning segment examines how to protect data as it is transmitted through a network infrastructure by use of IP Security (IPSec). This learning segment also explains how to secure the Domain Naming System (DNS) service, another area of an enterprise network subject to security vulnerabilities.  

Objectives:

• Design network infrastructure security
• Design an ISec policy
• Design IP filtering
• Specify the required protocols for a firewall configuration
• Secure a DNS implementation  

Topics:

• Network infrastructure security basics
• Assessing risk for network services
• IPSec overview
• Phase I security association
• Phase II security association
• IPSec policies overview
• IPSec rulesHow IPSec policy is applied
• IPSec driver modes and best practices
• Designing IPSec policies
• Designing IP filtering and configuring a firewall
• Securing DNS    

Learning Segment 6 : Securing Data Transmissions and Wireless Networks    

Summary:

This learning segment explains how to secure wireless network traffic including the technologies available and the challenges they present. This learning segment also discusses common vulnerabilities in a wireless network and how to design a secure wireless LAN.  

Objectives:

• Design security for data transmission
• Use segmented networks
• Design security for wireless networks
• Design public and private wireless LANsDesign 802.11x authentication for wireless networks
• Design user authentication for Internet Information Services (IIS)  

Topics:

• SSL/TLS,SMIME and SMBConfiguring IIS to use SSL
• Securing switches and segments
• Wireless network types and threats
• Wireless historyPKI and RADIUS/IAS overviewWLAN network infrastructure
• Creating a wireless network policy
• Designing authentication for wireless networks
• Designing and testing wireless access infrastructure    

 Learning Segment 7 : Securing Internet Information Services    

Summary:

This learning segment explains how to create a secure IIS deployment for an enterprise network with a focus on user authentication. It also examines common vulnerabilities of Web servers, along with how to secure Web server software with options offered in Windows Server 2003.  

Objectives:

• Design user authentication for Internet Information Services (IIS) and a Web site
• Design security for IIS
• Design security for Web sites
• Design a monitoring strategy for IIS
• Design an IIS baseline based on business requirements
• Design a content management strategy for updating an IIS server  

Topics:

• Designing user authentication for IIS
• Designing certificate authentication
• Configuring anonymous and basic authentication
• Configuring digest and integrated Windows authentication
• Designing RADIUS authentication
• Securing IIS installations
• Hardening IIS
• New security features in IIS 6.0
• Designing a monitoring strategy for IIS
• Configuring IIS logging and monitoring Event Log activities
• Enabling security auditing and health detection    

Learning Segment 8 : Securing VPNs, Extranets, and Network Clients    

Summary:

This learning segment discusses the use of Windows Server 2003 as a VPN and provides details on the use of two common, standards-based routing protocols: Routing Information Protocol (RIP) and Open Shortest Path First (OSPF). This learning segment also explains how to secure client workstations and remote access services for end users.  

Objectives:

• Design security for communication between networks
• Design security for communication with external organizations
• Design a client authentication strategy
• Design a security strategy for client remote access
• Design a strategy for securing client computers  

Topics:

• Using Windows Server 2003 as a router
• Building routing tables
• Designing demand dial routing between internal networks
• Designing VPN connectivity
• PPTPL2TPUsing remote access policies
• Designing an extranet infrastructure
• Hardening client operating systems
• Securing laptop computers
• Analyzing authentication requirements
• Choosing authentication protocols
• Choosing a remote access method
• Designing remote access policies
• Creating a remote access policy
• Using Internet Authentication service    

 Learning Segment 9 : Securing Active Directory    

Summary:

This learning segment explains how to secure Active Directory user accounts and use auditing to identify any security incidents to the Active Directory database. This learning segment also discusses best practices in assigning user permissions to network resources and data.  

Objectives:

• Design an access control strategy for directory services
• Establish account and password requirements for security
• Analyze auditing requirements
• Create a delegation strategy
• Design the appropriate group strategy for accessing resources
• Design a permission structure for directory service objects  

Topics:

• Designing an access control strategy for directory services
• Analyzing risks to directory services
• Establishing account security policies
• Using restricted groups
• Creating a Kerberos policy
• Establishing password security
• Creating an account lockout policy
• Creating an auditing policy
• Auditing logon events and object access
• Analyzing auditing data
• Creating a delegation strategy
• Designing the appropriate group strategy for accessing resources

Learning Segment 10 : Designing an Access Control Strategy for Files and Folders    

Summary:

This learning segment examines common risks such as data corruption and security breaches that can affect a network's file shares. This learning segment also explains how to design a permission structure for files and folders, as well as best practices for securing the Windows Registry.  

Objectives:

• Design an access control strategy for files and folders
• Analyze auditing requirements
• Design an access control strategy for the registry
• Design a permission structure for registry objects  

Topics:

• Analyzing risks to data
• Reviewing access control and access control lists
• Access to resources
• Working with security groups
• Defining a security group retirement policy
• Delegating security group maintenance
• Analyzing auditing requirements
• Designing an access control strategy for the registry
• Setting registry access permissions via group policy
• Designing a permission structure for registry objects    

Learning Segment 11 : Designing an Encrypted File System and Securing Backup/Restore Processes    

Summary:

This learning segment explains how to encrypt files using the Encrypted File System (EFS). The learning segment also discusses how to design a secure backup and recovery strategy for network resources, including securing the backup process.  

Objectives:

• Design a strategy for the encryption and decryption of files and folders
• Design security for a backup and recovery strategy
• Implement Encrypted File System (EFS)
• Configure a file recovery agent  

Topics:

• Encrypted File SystemEncrypting files and folders
• Certificate storage, enrollment, and renewal
• Creating a strategy for the encryption and decryption of files and folders
• Configuring file recovery agents
• Backing up keys
• Disabling EFS
• Backup and restore process security basics
• Designing a secure backup process
• Designing a secure recovery process
• Securing EMSSecuring the Recovery Console
• Configuring startup and recovery options    

Learning Segment 12 : Practice Exam    

Summary:

This learning segment provides five practice exams for the Microsoft 70-298 certification exam.  

Objectives:

• Practice for the Designing Security for a Microsoft Windows Server 2003 Network MCSE 70-298 exam.  

Topics:

• Practice Exam 1
• Practice Exam 2
• Practice Exam 3
• Practice Exam 4
• Practice Exam 5

Features:

• A Course Topics list contains active hyperlinks, permitting quick access to specific topics.
• Find-A-Word allows learners to look up an unfamiliar term in the Glossary, on the Web, or in a dictionary. In addition, it lets them find other occurrences of the term in the same course.
• Search text enables learners to rapidly search all text within a course to easily retrieve information required.
• Courses challenge the learner with a variety of question formats, including multi-step simulations, true/false, multiple choice, and fill-in-the-blank.
• A skill assessment generates a customized learning path based on the results of a pre-test.
• A glossary provides a reference for definitions of unfamiliar terms.
• Bookmarking tracks the learner's progress in a course.   

Technical Requirements:

P500+ Processor, 128MB of RAM; Windows 2000, 2003, XP, Minimum screen resolution 800x600, Internet Explorer 5.5 or higher; Windows Media Player 9.0 or higher; Flash 8.0 or higher; 56K minimum connection; broadband (256 kpbs or higher) connection recommended; Cookies enabled; Sound card with speakers or headphones strongly recommended.