Washtenaw Community College Comprehensive Report CNT 251 Designing Windows Server Security Effective Term: Fall 2012 Course Cover Division: Business and Computer Technologies Department: Computer Instruction Discipline: Computer Networking Technology Course Number: 251 Org Number: 13400 Full Course Title: Designing Windows Server Security Transcript Title: Design Windows Server Security Is Consultation with other department(s) required: No Publish in the Following: College Catalog, Time Schedule, Web Page Reason for Submission: Three Year Review / Assessment Report Change Information: Consultation with all departments affected by this course is required. Course description Pre-requisite, co-requisite, or enrollment restrictions Outcomes/Assessment Objectives/Evaluation Rationale: This three year review also reflects changes to the course based on Microsoft's updated Operating System, Server 2008R2, and the shift of ISA Server (Now Forefront Threat Gateway Server) - a Software firewall to this course from CNT224. Proposed Start Semester: Fall 2012 Course Description: In this course students will learn and use the various tools and features provided by Windows Server necessary to secure Windows Server Local and Network resources. Emphasis is placed on security features and components not covered in the other Windows Server classes such as Bitlocker, IPSec, Security Templates, WSUS, SMTP and POP3 security, Certificate Server, Kerberos and NTLM Authentication, and covers in detail, most features of Forefront Threat Gateway Server, Microsoft's Software Firewall. Students with equivalent experience may contact the instructor for permission to waive the prerequisite. Course Credit Hours Variable hours: No Credits: 4 Lecture Hours: Instructor: 60 Student: 60 Lab: Instructor: 0 Student: 0 Clinical: Instructor: 0 Student: 0 Total Contact Hours: Instructor: 60 Student: 60 Repeatable for Credit: NO Grading Methods: Letter Grades Audit Are lectures, labs, or clinicals offered as separate sections?: NO (same sections) College-Level Reading and Writing College-level Reading & Writing College-Level Math No Level Required
Requisites Prerequisite CNT 211 minimum grade "C" or Prerequisite CNT 223 minimum grade "C" or Prerequisite CNT 224 minimum grade "C" General Education Request Course Transfer Proposed For: Eastern Michigan University Student Learning Outcomes methods of application, and define the various methods of IPSEC implementation. Course section(s)/other population: All Course Sections addresses both the Outcomes and Objectives listed in the Syllabus. The test will be the Assessment test. 70% or greater of the number of students taking the the Assessment Test. Outcome Success: Average of all Student scores for each particular Outcome s part of the test is equal to or exceeds 70% 2. Define the architecture of Windows Server Update Services (WSUS), identify the methods of implementation, and distinguish the various methods of security associated with implementing a complete Windows Mail System. Course section(s)/other population: All course sections addresses both the Outcomes and Objectives listed in the Syllabus. The test will be
the assessment Test. Outcome Success: average of all sudent scores for each particular Outcome s part of the test is equal to or exceeds 70%. 3. Identify all aspects of Public Key, Symmetrical Key, Hashing, and Digital Signature Security methods and distinguish all components of a Windows Certificate Server implementation including installation and client methods for Certification generation and retrieval. Course section(s)/other population: All course sections addresses both the Outcomes and Objectives listed in the syllabus. The test will be the assessment Test. Outcome Success: Average of all student scores for each particular Outcome s part of the test is equal to or exceeds 70% 4. Distinguish among the different types of Windows Challenge/Response Authentication Protocols, including NTLM and Kerberos, identifying the types of encryption and password hashes with each, and identify the server and client components and methods of implementation for BitLocker Drive Security. Course section(s)/other population: All course sections addresses both the Outcomes and Objectives listed in the syllabus. The test will be the assessment Test. Outcome Success: Average of all student scores for each particular Outcome s part of the test is equal to or exceeds 70%. 5. Distinguish among the various components of Forefront Threat Management Gateway (FTMG) Server, including the installation, system policies, firewall policies, Web publishing, and virtual networking.
Course section(s)/other population: All course sections addresses both the Outcomes and Objectives listed in the syllabus. The test will be the assessment Test. Outcome Success: Average of all student scores for each particular Outcome s part of the test is equal to or exceeds 70%. Course Objectives 1. Distinguish the differences between the various types of Windows Security Templates and identify the differences in methods of creation and application, including importing and exporting. 2. Define the various uses of the Security Configuration and Analysis Tool, distinguishing between its features for both comparing and applying Security Templates. 3. Identify the differences between IPSEC filters and filter actions, including the protocols used with the filters, and identify the various configurations used with the Tunnel Settings, Authentication Types and Connection Methods. 4. Identify the components for installation and filter creation with the Windows networking monitor tool, including the setup of an actual filter capture using the ICMP protocol, and determine the proper settings for an accurate display of the data. 5. Identify the methods of creation for an IPSEC filter rule and an overall filter policy, including the appropriate methods for application of a completed rule/policy within the contraints of the overall Windows Security Settings Group Policy management tool. 6. Demonstrate an understanding of the methods of Security associated with the implementation of the SMTP (Simple Mail Transport Protocol), and application of these methods in a real-life transfer of e-mail between SMTP servers. 7. Distinguish the main characteristics of the POP3 mail retrieval protocol, including authentication used with it as well as advanced aspects such as digital signing and encryption. 8. Identify the various parts of setting up and installing a complete Mail System within a Windows Server, including incorporating SMTP for sending and POP3 for retrieving e-mail, and adding in the DNS (Domain Name Services) server component for identifying e-mail domains.
9. Define the installation procedures associated with the installation of a WSUS (Windows Server Update Services) server, including the extensive prepartion and initial configuration of updates, and identify the steps in the approval and deployment process associated with large numbers of updates. 10. Distinguish the procedures required for Automatic Client updates, including group and local policy configurations, and all testing and troubleshooting associated with Client connection problems. 11. Define the basic concepts associated with the public key infrastructure, symmetrical key configuration, digital signing, and hashing, and contrast the differences in each associated with their respective benefits and liabilities. 12. Identify the process associated with importing and exporting of Public and Private Keys and distinguish the differences in this process when performing it on a certificate server as opposed to a client workstation. 13. Distinguish the various types of Certificate Server authorities and their associated installation, plus identify both the certificate generation as well as the approval process associated with obtaining and issuing of certificates, and define the methods of certificate retrieval for client workstations as well as server (Web Server) installations. 14. Identify the procedures and tools for working with certificates (i.e. the certificates and certificate authority snap-in MMCs), the methods for backing up a certificate server as well as the process for revoking certificates already issued, and distinguish the various default locations for certificate storage, both for computer (Web Server, etc.) certificates as well as user certificates. 15. Define the procedure for creation of an encryption Data Recovery Agent, including the exporting/importing of the necessary keys for this to work on a client workstation and define the use of the cipher tool for cleaning up deleted material on hard disks, plus identify the use of the SYSKEY tool in all three of its configurations. 16. Identify the differences between the two Challenge Response Protocols - NTLMv2 and Kerberos that are used with Windows Server implementations and define the various steps (encryption, hashing, etc.) that are used as part of each process. 17. Identify the steps in a basic Active Directory Domain Controller implementation including the installation of the Domain Services Role, and the use of DCPROMO to create a Domain Controller, plus distinguish the steps for its initial configuration including the installation of DNS Services. 18. Define the steps necessary to inspect the various parts of both a Kerberos Ticket Granting ticket and a Kerberos Service ticket, including the necessary software tool installation and setup, plus identify the differences between server and client machine ticket configurations. 19. Identify the steps in the Bitlocker implementation for a Secure Windows Disk installation, including the partition split into boot and system volumes, the keys generated for initial access as well as recovery, and the test steps required during the boot process for access. 20. Distinguish the differences in the implementation of Bitlocker for its use on removable drives compared with fixed hard disks and the methods of access using newer Vista/Windows 7 machines compared with access using Windows XP, and identify the steps used in testing the use of removable drives on machines other than the one on which it was created.
21. Identify the steps for the installation of Forefront Threat Management Gateway Server on Windows Server 2008, including the necessary preparation procedures, and the initial configuration after installation. 22. Define and contrast basic system policies with created firewall policies used with FTMG server, and identify the procedures for implementation of multiple types of firewall rules, distinguishing their proper order for application, and methods of testing to insure proper application, either allowing traffic through, or blocking it. 23. Identify the various steps associated with Web Server Publishing within FTMG Server, including the setup of the internal Web Server, the special configuration associated with both the outside communication with clients as well as inside communication with the Web Server, and in particular, identify the three types of possible authentication techniques used for implementing initial security. 24. Identify the three types of Internal Clients used with FTMG Server and distinguish their differences, plus define the various steps required to implement Internet Web Site caching on the FTMG Server, including setting up special disk space, configuring the Web Site downloads, and defining the procedures for scheduling in order to cache the most recent and most relevant information. 25. Identify the procedures for implementing VPN traffic through the FTMG Server to the internal network, including quarantining of remote clients, separate rules associated only with VPNs, and the use of routing rather than network address translation for VPN transmissions. New Resources for Course Student should have a USB Flash Drive for lecture notes, lab project questions/answers, ete. Course Textbooks/Resources Textbooks Liu, Dale; Wisselink, Remco. Securing Windows Server 2008, 1st ed. Burlington, MA 01893: Syngress, 2008, ISBN: 978-1-59749-2. Manuals Reichert, William. CNT251 Securing Server 2K8 Lab Projects, XanEdu Publishing, 12-31- 2011 Periodicals Software Equipment/Facilities Level III classroom Computer workstations/lab Data projector/computer Reviewer Action Date Faculty Preparer: William Reichert Faculty Preparer Feb 29, 2012 Department Chair/Area Director: Clem. Hasselbach Recommend Approval Mar 04, 2012 Dean: Rosemary Wilson Recommend Approval Apr 02, 2012 Vice President for Instruction: Stuart Blacklaw Approve Apr 21, 2012