Applying Microsoft Security Guidance III

Target Audience
This hands-on lab allows students to apply information that can help in implementing and managing security in a network based on Microsoft Windows and that includes Microsoft Exchange Server, Microsoft Internet Security and Acceleration (ISA) Server 2004, Microsoft Windows Rights Management Services (RMS), or Certificate Services.

Pre-Requisites
Before attending this course, students must have the following pre-requisites:Hands-on experience with Windows 2000 or Windows Server 2003.Experience with Active Directory and Group Policy.Basic understanding of Windows authorization and authentication concepts.Working knowledge of Internet protocols, including POP3, IMAP4, SMTP, and HTTP.Basic understanding of public key infrastructure (PKI) concepts and technologies.

Purpose
After completing this course, students will be able to use S/MIME and the Outlook Security Template; increase security for Outlook 2003 by using remote procedure call (RPC) over HTTP(S); install Rights Management Services (RMS); activate the RMS client component; perform administrative tasks using the RMS Administration Toolkit; implement a VPN solution that incorporates L2TP/IPSec and Network Access Quarantine; configure VPN to support L2TP and PPTP remote access connections; configure Certificate provisioning to support L2TP VPN connections; implement VPN Network Quarantine; deploy a Connection Manager profile; configure a stand-alone Root Certification Authority (CA); configure a subordinate Enterprise CA; configure custom certificate templates, and deploy certificates using autoenrollment; use digital certificates.

Course outline

1. Implementing Messaging Security for Exchange Server Clients
2. Protecting Data Using Rights Management Services
3. Improving Remote Access Security
4. Deploying a Windows Public Key Infrastructure

Module 1:Implementing Messaging Security for Exchange Server Clients

• In this lab, you learn various methods to help secure e-mail communication between Exchange Server and desktop clients. You also learn how to improve messaging security using Outlook 2003 attachment options and RPC over HTTP(S), and you learn how to improve security for remote clients using OWA.

• Protecting E-Mail Messages Using S/MIME Signing and Encryption.
  
• Customizing Outlook Security Settings Using the Outlook Security Template.
  
• Securing Remote Outlook 2003 Connections Using RPC Over HTTPS.
  
• Securing Outlook Web Access Connections.
  

Module 2:Protecting Data Using Rights Management Services

• In this lab, you learn how to improve data protection using Rights Management Services (RMS). You learn how to configure Rights Management Services on Windows Server 2003, and you learn best practices for administering rights management servers and clients. You also learn how rights management is supported in Microsoft Office applications.

• Installing and Provisioning Windows Rights Management Services.
  
• Installing and Activating an RMS Client to Protect Microsoft Office Files and E-Mail Messages.
  
• Administering an RMS Deployment.
  
• Sub-Enrolling Additional Licensing Servers.
  

Module 3:Improving Remote Access Security

• In this lab, you learn how to improve security for clients that connect remotely to your network. You learn how to implement VPN connections to encrypt data communications and how to create a "quarantine" zone in which remote clients can be placed while they are inspected for installed security and software updates.

• Configuring Network Services to Support VPN Security.
  
• Configuring VPN Remote Access Policy and Certificate Provisioning.
  
• Implementing VPN Network Quarantine.
  
• Creating the Quarantine Connection Manager Profile.
  

Module 4:Deploying a Windows Public Key Infrastructure

• In this lab, you learn how to implement a Windows Server 2003 PKI to enable security enhancements for messaging and network communications. You also learn how to implement certificates for SSL-enhanced Web sites and how digital certificates can be deployed to enable client authentication and improve e-mail security.

• Creating a Certification Authority Hierarchy.
  
• Implementing a Subordinate Enterprise CA.
  
• Deploying Certificates to Secure E-Mail.
  
• Securing Web Sites Using SSL Encryption.