Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Target Audience
This course is for a system administrator or system engineer who has the foundation implementation skills and knowledge for the deployment of secure Microsoft Windows Server 2003 based solutions. It is not intended to provide design skills, but will cover planning skills at a level sufficient to enable decision making for the implementation process.

Pre-Requisites
Before attending this course, students must have the following pre-requisites:· Completed Course 2810 or have equivalent knowledge.· Experience implementing a Windows 2000 or Windows Server 2003 Active Directory environment. Experience with organizational resources such as Web, FTP and Exchange servers, (not expected to have detailed knowledge) shared resources and network services such as DHCP, DNS and WINS also helpful.

Purpose
After completing this course, students will gain the skills to plan and configure an authorization and authentication strategy in a multi-forest organization; install, configure, and manage a certification authority (CA); configure, deploy, and manage certificates; plan, implement, and troubleshoot smart card certificates; plan, implement, and troubleshoot Encrypting File System (EFS); plan, configure, and deploy a secure member server baseline; plan, configure, and implement secure baselines for server roles; plan, configure, implement, and deploy a secure client computer baseline; plan and implement Software Update Services; plan, implement, and troubleshoot data transmission security; plan and implement security for wireless networks; plan and implement perimeter security with Internet Security and Acceleration Server (ISA) 2000; secure remote access.

Course outline

1. Planning and Configuring an Authorization and Authentication Strategy
2. Installing, Configuring, and Managing Certification Authorities
3. Configuring, Deploying, and Managing Certificates
4. Planning, Implementing, and Troubleshooting Smart Card Certificates
5. Planning, Implementing, and Troubleshooting Encrypting File System
6. Planning, Configuring, and Deploying a Secure Member Server Baseline
7. Planning, Configuring, and Implementing Secure Baselines for Server Roles
8. Planning, Configuring, Implementing, and Deploying a Secure Client Computer Baseline
9. Planning and Implementing Software Update Services
10. Planning, Deploying, and Troubleshooting Data Transmission Security
11. Planning and Implementing Security for Wireless Networks
12. Planning and Implementing Perimeter Security with Internet Security and Acceleration Server 2000
13. Securing Remote Access

Module 1:Planning and Configuring an Authorization and Authentication Strategy

• Groups and Basic Group Strategy in Windows Server 2003
• Creating Trusts in Windows Server 2003
• Planning, Implementing, and Maintaining an Authorization Strategy Using Groups
• Components of an Authentication Model
• Planning and Implementing an Authentication Strategy
• Lab: Planning and Configuring an Authentication and Authorization Strategy

• Determine the necessary group structure for a multi-domain or multi-forest environment.
  
• Create trusts in a Microsoft Windows Server 2003 environment.
  
• Plan, implement, and maintain an authorization strategy in a multi-forest organization.
  
• Describe the components, tools, and protocols that support authentication.
  
• Plan and implement an authentication strategy in a multi-forest organization.
  
• Describe supplemental authentication strategies.
  

Module 2:Installing, Configuring, and Managing Certification Authorities

• Introduction to PKI and Certification Authorities
• Installing a Certification Authority
• Managing a Certification Authority
• Backing Up and Restoring a Certification Authority
• Lab: Installing and Configuring a Certification Authority

• Describe PKI.
  
• Describe the applications and components that are used in a PKI.
  
• Install a certification authority (CA).
  
• Create and publish Certificate Revocation Lists and Authority Information Access (AIA) distribution points.
  
• Back up and restore a certification authority.
  

Module 3:Configuring, Deploying, and Managing Certificates

• Configuring Certificate Templates
• Deploying and Revoking User and Computer Certificates
• Managing Certificates
• Lab: Deploying and Managing Certificates

• Configure certificate templates in a Microsoft Windows Server 2003 PKI environment.
  
• Deploy, enroll, and revoke certificates in a Microsoft Windows Server 2003 PKI environment.
  
• Describe the applications and components that are used in a PKI.
  
• Export, import, and archive certificates and keys in a Windows Server 2003 PKI environment.
  

Module 4:Planning, Implementing, and Troubleshooting Smart Card Certificates

• Introduction to Multifactor Authentication
• Planning and Implementing a Smart Card Infrastructure
• Managing and Troubleshooting a Smart Card Infrastructure
• Lab: Implementing Smart Cards

• Understand the concepts of and applications for multifactor authentication.
  
• Plan, implement, manage, and troubleshoot a smart card infrastructure.
  

Module 5:Planning, Implementing, and Troubleshooting Encrypting File System

• Introduction to EFS
• Implementing EFS in a Standalone Microsoft Windows XP Environment
• Planning and Implementing EFS in a Domain Environment with a PKI
• Implementing EFS File Sharing
• Troubleshooting EFS
• Lab: Planning, Implementing, and Troubleshooting Encrypting File System

• Describe EFS and how it works.
  
• Describe the applications and components that are used in a public key infrastructure (PKI).
  
• Implement EFS in a standalone Microsoft Windows XP environment.
  
• Plan and implement EFS in a domain environment that has a PKI.
  

Module 6:Planning, Configuring, and Deploying a Secure Member Server Baseline

• Overview of a Member Server Baseline
• Planning a Secure Member Server Baseline
• Configuring Additional Security Settings
• Deploying Security Templates
• Lab: Planning, Configuring, and Deploying a Member Server Baseline

• Describe the importance of security baselines and member server baselines.
  
• Plan a secure member server baseline.
  
• Configure additional security settings.
  
• Deploy security templates.
  

Module 7:Planning, Configuring, and Implementing Secure Baselines for Server Roles

• Planning and Configuring a Secure Baseline for Domain Controllers
• Planning and Configuring a Secure Baseline for DNS Servers
• Planning and Configuring a Secure Baseline for Infrastructure Servers
• Planning a Secure Baseline for File and Print Servers
• Planning and Configuring a Secure Baseline for IIS Servers
• Lab: Planning, Configuring, and Implementing Secure Baselines for Server Roles

• Plan and configure a secure baseline for domain controllers.
  
• Plan and configure a secure baseline for Domain Name System (DNS) servers.
  
• Plan and configure a secure baseline for infrastructure servers.
  
• Plan a secure baseline for file and print servers.
  
• Plan and configure a secure baseline for Internet Information Services (IIS) servers.
  

Module 8:Planning, Configuring, Implementing, and Deploying a Secure Client Computer Baseline

• Planning and Implementing a Secure Client Computer Baseline
• Configuring and Deploying a Client Computer Baseline
• Planning and Implementing a Software Restriction Policy
• Implementing Security for Mobile Clients
• Lab: Planning, Implementing, Configuring, and Deploying a Secure Client Computer Baseline

• Plan a secure client computer baseline.
  
• Configure and deploy a client computer baseline.
  
• Plan and implement a software restriction policy on client computers.
  
• Implement security on mobile computers.
  

Module 9:Planning and Implementing Software Update Services

• Introduction to Software Update Services and Update Management
• Planning an Update Management Strategy
• Implementing an SUS Infrastructure
• Lab: Installing, Configuring, and Maintaining an Update Management Infrastructure

• Describe the need for update management and the tools that they can use to implement update management strategies.
  
• Plan an update management strategy.
  
• Implement a Software Update Services (SUS) infrastructure.
  

Module 10:Planning, Deploying, and Troubleshooting Data Transmission Security

• Secure Data Transmission Methods
• Introducing IPSec
• Planning Data Transmission Security
• Implementing Secure Data Transmission Methods
• Troubleshooting IPSec Communications
• Lab: Planning, Deploying, and Troubleshooting Data Transmission Security

• Describe the various methods for securing data transmission.
  
• Plan for data transmission security.
  
• Implement secure data transmission methods.
  
• Troubleshoot data transmission errors.
  

Module 11:Planning and Implementing Security for Wireless Networks

• Introduction to Securing Wireless Networks
• Implementing 802.1x Authentication
• Planning a Secure WLAN Strategy
• Implementing a Secure WLAN
• Troubleshooting Wireless Networks
• Lab: Planning and Implementing Security for Wireless Networks

• Describe the components and features of a secure wireless LAN (WLAN) and a wireless infrastructure.
  
• Plan a secure WLAN infrastructure.
  
• Implement a secure WLAN infrastructure.
  
• Troubleshoot WLAN errors and components.
  

Module 12:Planning and Implementing Perimeter Security with Internet Security and Acceleration Server 2000

• Introduction to Internet Security and Acceleration Server 2000
• Installing ISA Server 2000
• Securing a Perimeter Network with ISA Server 2000
• Publishing Servers on a Perimeter Network
• Securing ISA Server Computers
• Lab: Implementing Perimeter Network Security Using ISA Server 2000

• Describe the benefits, modes, and versions of ISA Server.
  
• Install ISA Server 2000.
  
• Secure a screened subnet with ISA Server 2000.
  

Module 13:Securing Remote Access

• Introduction to Remote Access Technologies and Vulnerabilities
• Planning a Remote Access Strategy
• Deploying Network Access Quarantine Control Components
• Lab: Implementing a Secure VPN Solution

• Describe the various remote access technologies used for remote access and the threats associated with remote access.
  
• Plan a remote access strategy.
  
• Implement and configure a virtual private network (VPN) server.
  
• Deploy Network Access Quarantine Control components.
  

Module 14: