Implementing and Administering Security in a Microsoft Windows 2000 Network

Target Audience
Attendees will be current information technology (IT) professionals close to completion of the MCSA, partial or completed MCSE certifications, or equivalent experience. The students will be in an environment where they are responsible for aspects of security management and deployment associated with their internal network infrastructure and services available from the Internet.This course is intended for IT professionals who need to design, plan, implement, and support a Microsoft Windows 2000 network infrastructure or who plan to take the related Microsoft Certified Professional exam 70-214, Implementing and Administering Security in a Microsoft Windows 2000 Network.

Pre-Requisites
Before attending this course, students must have:Familiarity with Windows 2000 core technologies, such as those described in the following Microsoft Official Curriculum (MOC) course:Course 2152: Implementing Microsoft Windows 2000 Professional and ServerFamiliarity with Windows 2000 networking technologies, such as those described in the following MOC course:Course 2153: Implementing a Microsoft Windows 2000 Network InfrastructureFamiliarity with Windows 2000 directory services technologies, such as those described in the following MOC course:Course 2154: Implementing and Administering Microsoft Windows 2000 Directory ServicesFamiliarity with fundamental network security technologies, such as those described in the following MOC course:Course 2810: Fundamentals of Network Security, or equivalent knowledge

Purpose
After completing this course, students will be able to:Implement Group Policy. Create and work with user accounts and security groups. Implement account policies and security templates. Administer account based security. Install and maintain certificate authorities. Manage a public key infrastructure (PKI). Secure early versions of Windows clients. Configure and troubleshoot IPSec. Secure remote access and VPNs. Configure wireless security. Secure public application servers. Secure Web services. Monitor events and intruder detection. Maintain software, service pack, and hotfix deployments.

Course outline

1. Implementing Group Policy
2. Creating User Accounts and Security Groups
3. Restricting Accounts, Users, and Groups
4. Configuring Account Based Security
5. Managing Certificate Authorities
6. Managing a Public Key Infrastructure
7. Increasing Authentication Security
8. Implementing IP Security
9. Securing Remote Access and VPN
10. Configuring Clients for Wireless Security
11. Securing Public Application Servers
12. Implementing Web Service Security
13. Detecting Intrusions and Monitoring Events
14. Maintaining Software

Module 1:Implementing Group Policy

• The information in this module explains in detail what Group Policy is and how it works. Group Policy is used to configure user's desktop environments and to deploy applications. Although Group Policy is primarily a centralized configuration tool rather than a security mechanism, administrators need to be familiar with the security implications of Group Policy configuration.
• Lessons
• Introducing Active Directory® and Group Policy Configuring and Managing Group Policy Configuring Client Computer Security Policy Troubleshooting Group Policy Application
• Lab: Implementing Group Policies in Active Directory
• After completing this module, students will be able to:
• Describe and create Active Directory structures.
• Describe and manage Group Policy.
• Configure client computer security policies.
• Troubleshoot Group Policy application.
• Describe the security limitations of Group Policy.

Module 2:Creating User Accounts and Security Groups

• The information in this module explains how to use local user accounts and security groups to secure access to resources on local computers and how to use domain accounts and security groups to secure access to resources in the domain.
• Lessons
• Creating and Managing Local User Accounts and Security Groups Creating and Managing Active Directory Domain Accounts and Security Groups
• Lab: Creating OUs, Users, and Security Groups in Active Directory
• After completing this module, students will be able to:
• Create and manage user accounts and security groups on local computers.
• Create and manage user accounts and security groups in a domain.

Module 3:Restricting Accounts, Users, and Groups

• This module builds on the security features introduced in Module 2, "User Accounts and Security Groups." It explains the restrictions applied to users when they log on by the use of account policies configured in Group Policy. It also describes how to manage user rights, how to restrict users to specific security group membership, and how to use security templates to establish a level of security across the network. It discusses what you need to know to manage and deploy security templates and provides information about troubleshooting common problems with them.
• Lessons
• Introducing Account Policies Managing User Rights Using Restricted Groups Administering Security Templates
• Lab: Using Security Templates to Restrict Users and Groups
• After completing this module, students will be able to:
• Configure and apply account policies.
• Manage user rights.
• Control access using restricted groups.
• Administer security templates.

Module 4:Configuring Account Based Security

• The information in this module explains the use of a user's account credentials and how the permissions secure various types of resources in Windows 2000.
• Lessons
• Managing NTFS File System Permissions Implementing Share Security Implementing Audit Policies Securing the Registry
• Lab: Using Security Templates to Configure Account Based Security
• After completing this module, students will be able to:
• Manage file system permissions.
• Implement share service security.
• Using audit policies.
• Secure the registry.

Module 5:Managing Certificate Authorities

• The information in this module explains the installation and maintenance of certificate authorities and Microsoft Certificate Services.
• Lessons
• Introducing Certificates Implementing Windows 2000 Certificate Services Maintaining Certificate Authorities
• Lab: Implementing a PKI
• After completing this module, students will be able to:
• Describe Certificates.
• Install Windows 2000 Certificate Services.
• Maintain Certificate Authorities.

Module 6:Managing a Public Key Infrastructure

• The information in this module explains the installation and maintenance of certificate authorities and Microsoft Certificate Services.
• Lessons
• Deploying Computer Certificates Deploying User Certificates Deploying Smart Card Certificates Deploying S/MIME Certificates
• Lab: Deploying S/MIME Certificates in Windows 2000
• After completing this module, students will be able to:
• Work with computer certificates.
• Deploy user certificates.
• Use Smartcard certificates.
• Deploy S/MIME certificates.

Module 7:Increasing Authentication Security

• The information in this module explains how to keep a network as secure as possible while still allowing access to the network resources for clients that run earlier versions of Microsoft Windows and third-party operating systems. The module goes on to explain how to keep authentication secure when transiting between domains within the same organization.
• Lessons
• Supporting Earlier Versions of Windows Clients Supporting Macintosh Clients Configuring Trust Relationships
• After completing this module, students will be able to:
• Support earlier versions of Windows clients.
• Support Macintosh computers.
• Describe and configure Trust Relationships.

Module 8:Implementing IP Security

• The information in this module introduces IPSec and the use of authentication and encryption methods that are compatible with IP networks. It goes on to explain the appropriate tools and techniques for troubleshooting IPSec.
• Lessons
• Configuring IPSec Within a Domain Configuring IPSec Between Untrusted Networks Configuring IPSec on Internet Servers Troubleshooting IPSec Configuration
• Lab: Implementing IP Security in a Windows 2000 Network
• After completing this module, students will be able to:
• Configure IPSec within a domain.
• Configure IPSec between untrusted networks.
• Configure IPSec on Internet servers.
• Troubleshoot IPSec configuration.

Module 9:Securing Remote Access and VPN

• The information in this module introduces the Routing and Remote Access service which is the Windows 2000 component that manages both routing between networks and remote access to networks.
• Lessons
• Securing RRAS Servers Managing RRAS Authentication Securing Remote Clients Securing Communications Using a VPN
• Lab: Implementing and Securing a Server Running RRAS
• After completing this module, students will be able to:
• Secure RRAS servers.
• Manage RRAS authentication.
• Secure remote clients.
• Secure communications using a VPN

Module 10:Configuring Clients for Wireless Security

• The information in this module introduces the security implications of running a wireless network. The lesson explains that security standards for wireless protocols are still evolving and introduces both the existing Wired Equivalent Privacy (WEP) protocol and the newer 802.1X port authentication protocol.
• Lessons
• Setting Up a Wireless Network Securing Wireless Networks Configuring Clients for Wireless Security
• After completing this module, students will be able to:
• Set up a wireless network.
• Secure a wireless network.
• Configure clients for wireless security

Module 11:Securing Public Application Servers

• The information in this module explains the types of attacks that can be expected and the methods for defending against them when running servers that provide public services. A secure Internet services infrastructure must be built by using firewalls, properly securing e-mail servers, and protecting the database servers that frequently provide back-end data for Web servers.
• Lessons
• Securing Public Services Providing Internet Security Configuring Microsoft SQL Server for Internet Security Securing Microsoft Exchange Server for the Internet
• Lab: Designing an External Firewall Configuration
• After completing this module, students will be able to:
• Provide Internet Security.
• Configure Microsoft SQL Server for Internet Security.
• Secure Microsoft Exchange Server.

Module 12:Implementing Web Service Security

• The information in this module explains how to configure Internet Information Services (IIS) security features correctly to make Web servers as secure as possible.
• Lessons
• Configuring Public Web Servers Configuring Web Authentication Using Secure Sockets Layer to Encrypt Communications
• Lab: Implementing Web Service Security
• After completing this module, students will be able to:
• Secure public Web servers.
• Describe Web authentication.
• Use Secure Sockets Layer

Module 13:Detecting Intrusions and Monitoring Events

• The information in this module explains how to configure IIS security features correctly to make Web servers as secure as possible.
• Lessons
• Establishing Intrusion Detection for Public Servers Event Monitoring in the Private Network
• After completing this module, students will be able to:
• Establish intrusion detection for public servers.
• Monitor events in the private network.

Module 14:Maintaining Software

• The information in this module explains the various tools that can be used update client and server computers.
• Lessons
• Installing and Managing Service Packs and Hotfixes Automating Updates with Microsoft Software Update Services Deploying Updates Throughout the Network
• Lab: Maintaining Software
• After completing this module, students will be able to:
• Work with Service Packs and Hotfixes.
• Automate updates with Microsoft Software Update Services.
• Deploy updates in the enterprise.