Microsoft Security Guidance Training V

Target Audience
This course builds on existing knowledge of server and client security and provides students with the knowledge and skills to apply best practices to securing Exchange Server clients, protecting e-mail and data content, securing services and critical accounts, and securing administrative accounts and remote access using smart cards.

Pre-Requisites
Before attending this course, students must have the following pre-requisites:Hands-on experience with Microsoft Windows 2000 or Microsoft Windows Server 2003.Experience with Active Directory and Group Policy.Basic understanding of Windows authorization and authentication concepts.Working knowledge of Internet protocols including POP3, IMAP4, SMTP, and HTTP.Basic understanding of PKI concepts and technologies.

Purpose
After completing this course, students will be able to list challenges related to message security; compare commonly employed methods used to secure and protect e-mail content; compare commonly employed methods used to secure client access to Exchange Server; configure Outlook 2003 to improve security; understand how to plan for service-account security; explain how to secure administrative accounts; identify common security challenges and benefits of using multifactor authentication; explain how to use smart cards to secure administrator accounts; explain how to use smart card authentication to secure remote access.

Course outline

1. Implementing Messaging Security for Exchange Server Clients
2. Protecting Information with Microsoft Windows Rights Management Services
3. Securing Services and Critical Accounts
4. Implementing Multifactor Authentication Using Smart Cards

Module 1:Implementing Messaging Security for Exchange Server Clients

• It is as important to provide security for the clients of Exchange Server 2003 as it is to secure the server itself. Providing security for the clients of Exchange Server includes ensuring that messages can be read only by the intended recipients. By definition, providing client security covers a range of situations involving any local or remote Exchange Server client connecting directly to your messaging environment to send or receive messages. This session provides information about solutions such as S/MIME and Information Rights Management to protect e-mail content. RPC over HTTP is also discussed as a solution to help secure client connections to Exchange Server 2003 connecting over the Internet. The session concludes with a discussion about how to control access to e-mail attachments and how to manage and secure Outlook Web Access.

• Implementing Message Security.
  
• Configuring Secure Client Access to Exchange Server.
  
• Understanding Additional Outlook 2003 Security Features.
  
• Securing Outlook Web Access.
  

Module 2:Protecting Information with Microsoft Windows Rights Management Services

• Protecting confidential data and intellectual property is a strong priority within many organizations. Many organizations have a need to protect sensitive information such as e-mail, internal documents, and Web content. The goal of implementing a rights management solution is to protect this information and define exactly who can open, read, copy, modify or redistribute the content. This session discusses the various processes that take place during RMS server provisioning, client installation and activation, and the protection and consumption of data. The session also introduces best practices for providing availability and scalability within the RMS environment.

• Introduction to Managing Digital Information.
  
• Understanding Rights Management Services.
  
• Planning Considerations for RMS Deployments.
  
• Administering an RMS Infrastructure.
  

Module 3:Securing Services and Critical Accounts

• Many organizations implement network services or applications that require the use of a service account. Unfortunately, service accounts are often configured to run with the highest possible privileges, often resulting in membership within the domain administrators group. If these service accounts are compromised, an attacker may be able to gain full and unrestricted access to the computer, domain, or entire forest. It is important that you understand how to configure service accounts to only the level of privilege necessary to support the application or network service. The goal of this session is to address the common problem of Windows services that are set to run with the highest possible privileges, describe ways to identify services that can run with lesser privileges, and how to methodically downgrade those privileges. This session also provides information on securing administrative level accounts.

• Securing Administrator Accounts.
  
• Overview of Service Account Security.
  
• Planning Service Account Security.
  
• Implementing Service Account Security.
  

Module 4:Implementing Multifactor Authentication Using Smart Cards

• User name and password combinations have typically been used to provide authentication and authorization to network resources. Even though passwords can provide effective security, many users favor convenience to security, so they choose a password that can easily be compromised. To address this issue, multifactor authentication uses a combination of components to provide secure access to network resources. Deploying a smart card solution is an increasingly popular form of multifactor authentication. The primary focus of this session is to address the challenge of securing critical administrator accounts and remote access logon sessions by implementing multifactor authentication using smart card technology.

• Securing Accounts by Using Multifactor Authentication.
  
• Planning the Implementation of Smart Card Authentication.
  
• Using Smart Cards to Secure Administrative Accounts.
  
• Implementing Smart Cards to Secure Remote Access.