Microsoft Security Guidance Training II

Target Audience
Attendees will be current IT professionals with experience using Microsoft Windows 2000 Server or Microsoft Windows Server 2003 and with knowledge of Active Directory concepts. Students will also benefit from experience with Microsoft Exchange Server, Microsoft SQL Server, and Microsoft Internet Security and Acceleration (ISA) Server 2000. The students will be in an environment where they are responsible for aspects of security management and deployment associated with their internal network infrastructure and Internet or intranet services.

Pre-Requisites
Before attending this clinic, students must have the following pre-requisites:Hands-on experience with Windows 2000 or Windows Server 2003 management tools.Experience with Active Directory and Group Policy.AttendedClinic 2801, Microsoft Security Guidance Training I, or have equivalent knowledge.

Purpose
After completing this clinic, students will be able to understand how to implement perimeter defenses; use ISA Server to protect the network perimeter; implement client defenses; use Internet Connection Firewall (ICF) to protect clients; protect wireless networks; protect networks by using IP Security (IPSec); explain the basics of network security and the reasons why your defenses should be layered from the general to the specific for the most secure environment; protect Exchange Server, SQL Server, and Microsoft Small Business Server, and keep data secure and private; identify the important tasks that you can do today to improve your organization's security; understand the importance of client and server security; describe the tasks and tools involved in implementing server security; describe the tasks and tools involved in implementing client security; identify the methods for securing Windows operating systems; list methods available for securing Microsoft Internet Information Services (IIS); list methods available for providing mobile client security; build on existing knowledge of server, client, and network security and learn practical strategies for implementing the best practices for security across your environment; learn real-world strategies for patch management and network security and how to troubleshoot problems with existing security configurations; understand best practices for enhancing security across heterogeneous environments, including legacy and third-party systems.

Course outline

1. Implementing Network and Perimeter Security
2. Implementing Application and Data Security
3. Implementing Advanced Server and Client Security
4. Applied Security Strategies

Module 1:Implementing Network and Perimeter Security

• This session discusses the use of hardware and software firewalls for network and application filtering and how to implement intrusion detection mechanisms. The session also demonstrates how to increase security for wireless network access through the use of encryption and password authentication protocols.

• Introduction
  
• Using Perimeter Defenses
  
• Using Microsoft ISA Server to Protect Perimeters
  
• Using ICF to Protect Clients
  
• Protecting Wireless Networks
  
• Protecting Communications by Using IPSec
  

Module 2:Implementing Application and Data Security

• This session provides security best practices for SQL Server, Exchange Server, and Small Business Server. This session also describes technologies to protect data and restrict access to sensitive information.

• Introduction
  
• Protecting Exchange Server
  
• Protecting SQL Server
  
• Securing Small Business Server
  
• Providing Data Security
  

Module 3:Implementing Advanced Server and Client Security

• This session provides advanced prescriptive guidance to enhance security for Windows-based servers and clients. The session will provide in-depth information on additional techniques for securing servers and demonstrate the technologies and practices that you can use to increase security for local and remote clients.

• Introduction to Advanced Server and Client Security
  
• Implementing Advanced Server Security
  
• Methods for Securing IIS Servers
  
• Implementing Advanced Client Security
  
• Methods for Providing Mobile Client Security
  

Module 4:Applied Security Strategies

• This session describes practical strategies for implementing security best practices across your environment. The session describes real-world strategies for patch management and network security, and how to troubleshoot problems with existing security configurations. The session will also discuss best practices for enhancing security across heterogeneous environments including legacy and third-party systems.

• Introduction
  
• Real-World Patch Management Strategies
  
• Real-World Remote Access Strategies
  
• Troubleshooting Security Configurations
  

Module 5: