Implementing and Administering Security in a Microsoft Windows 2000 Network Course 2820 Five days Instructor-led Published: February 17, 2004 Introduction This five-day instructor-led course provides students with the knowledge and skills required to implement and administer security services on Windows 2000. Audience Attendees will be current information technology (IT) professionals close to completion of the MCSA, partial or completed MCSE certifications, or equivalent experience. The students will be in an environment where they are responsible for aspects of security management and deployment associated with their internal network infrastructure and services available from the Internet. This course is intended for IT professionals who need to design, plan, implement, and support a Microsoft Windows 2000 network infrastructure or who plan to take the related Microsoft Certified Professional exam 70-214, Implementing and Administering Security in a Microsoft Windows 2000 Network. At Course Completion After completing this course, students will be able to: Implement Group Policy. Administer account based security. Install and maintain certificate authorities. Manage a public key infrastructure (PKI). Secure early versions of Windows clients. Configure and troubleshoot IPSec. Secure remote access and VPNs. Configure wireless security. Secure public application servers. Secure Web services. Monitor events and intruder detection. Create and work with user accounts and security groups. Implement account policies and security templates. Maintain software, service pack, and hotfix deployments. Prerequisites Before attending this course, students must have:
Familiarity with Windows 2000 core technologies, such as those described in the following Microsoft Official Curriculum (MOC) course: Course 2152: Implementing Microsoft Windows 2000 Professional and Server Familiarity with Windows 2000 networking technologies, such as those described in the following MOC course: Course 2153: Implementing a Microsoft Windows 2000 Network Infrastructure Familiarity with Windows 2000 directory services technologies, such as those described in the following MOC course: Course 2154: Implementing and Administering Microsoft Windows 2000 Directory Services Familiarity with fundamental network security technologies, such as those described in the following MOC course: Course 2810: Fundamentals of Network Security, or equivalent knowledge Microsoft Certified Professional Exams This course will help the student prepare for the following Microsoft Certified Professional exam: Exam 70-214: Implementing and Administering Security in a Microsoft Windows 2000 Network Course Materials The student kit includes a comprehensive workbook and other necessary materials for this class. Course Outline Module 1: Implementing Group Policy The information in this module explains in detail what Group Policy is and how it works. Group Policy is used to configure user's desktop environments and to deploy applications. Although Group Policy is primarily a centralized configuration tool rather than a security mechanism, administrators need to be familiar with the security implications of Group Policy configuration. Introducing Active Directory and Group Policy Configuring and Managing Group Policy Configuring Client Computer Security Policy Troubleshooting Group Policy Application Lab: Implementing Group Policies in Active Directory Describe and create Active Directory structures. Describe and manage Group Policy. Configure client computer security policies. Troubleshoot Group Policy application. Describe the security limitations of Group Policy. Module 2: Creating User Accounts and Security Groups
The information in this module explains how to use local user accounts and security groups to secure access to resources on local computers and how to use domain accounts and security groups to secure access to resources in the domain. Creating and Managing Local User Accounts and Security Groups Creating and Managing Active Directory Domain Accounts and Security Groups Lab: Creating OUs, Users, and Security Groups in Active Directory Create and manage user accounts and security groups on local computers. Create and manage user accounts and security groups in a domain. Module 3: Restricting Accounts, Users, and Groups This module builds on the security features introduced in Module 2, "User Accounts and Security Groups." It explains the restrictions applied to users when they log on by the use of account policies configured in Group Policy. It also describes how to manage user rights, how to restrict users to specific security group membership, and how to use security templates to establish a level of security across the network. It discusses what you need to know to manage and deploy security templates and provides information about troubleshooting common problems with them. Introducing Account Policies Managing User Rights Using Restricted Groups Administering Security Templates Lab: Using Security Templates to Restrict Users and Groups Configure and apply account policies. Manage user rights. Control access using restricted groups. Administer security templates. Module 4: Configuring Account Based Security The information in this module explains the use of a user's account credentials and how the permissions secure various types of resources in Windows 2000. Managing NTFS File System Permissions Implementing Share Security Implementing Audit Policies Securing the Registry Lab: Using Security Templates to Configure Account Based Security Manage file system permissions. Implement share service security. Using audit policies. Secure the registry.
Module 5: Managing Certificate Authorities The information in this module explains the installation and maintenance of certificate authorities and Microsoft Certificate Services. Introducing Certificates Implementing Windows 2000 Certificate Services Maintaining Certificate Authorities Lab: Implementing a PKI Describe Certificates. Install Windows 2000 Certificate Services. Maintain Certificate Authorities. Module 6: Managing a Public Key Infrastructure The information in this module explains the installation and maintenance of certificate authorities and Microsoft Certificate Services. Deploying Computer Certificates Deploying User Certificates Deploying Smart Card Certificates Deploying S/MIME Certificates Lab: Deploying S/MIME Certificates in Windows 2000 Work with computer certificates. Deploy user certificates. Use Smartcard certificates. Deploy S/MIME certificates. Module 7: Increasing Authentication Security The information in this module explains how to keep a network as secure as possible while still allowing access to the network resources for clients that run earlier versions of Microsoft Windows and third-party operating systems. The module goes on to explain how to keep authentication secure when transiting between domains within the same organization. Supporting Earlier Versions of Windows Clients Supporting Macintosh Clients Configuring Trust Relationships Support earlier versions of Windows clients. Support Macintosh computers. Describe and configure Trust Relationships. Module 8: Implementing IP Security The information in this module introduces IPSec and the use of authentication and encryption methods that are compatible with IP networks. It goes on to explain the appropriate tools and techniques for troubleshooting IPSec.
Configuring IPSec Within a Domain Configuring IPSec Between Untrusted Networks Configuring IPSec on Internet Servers Troubleshooting IPSec Configuration Lab: Implementing IP Security in a Windows 2000 Network Configure IPSec within a domain. Troubleshoot IPSec configuration. Configure IPSec between untrusted networks. Configure IPSec on Internet servers. Module 9: Securing Remote Access and VPN The information in this module introduces the Routing and Remote Access service which is the Windows 2000 component that manages both routing between networks and remote access to networks. Securing RRAS Servers Managing RRAS Authentication Securing Remote Clients Securing Communications Using a VPN Lab: Implementing and Securing a Server Running RRAS Secure RRAS servers. Manage RRAS authentication. Secure remote clients. Secure communications using a VPN. Module 10: Configuring Clients for Wireless Security The information in this module introduces the security implications of running a wireless network. The lesson explains that security standards for wireless protocols are still evolving and introduces both the existing Wired Equivalent Privacy (WEP) protocol and the newer 802.1X port authentication protocol. Setting Up a Wireless Network Securing Wireless Networks Configuring Clients for Wireless Security Set up a wireless network. Secure a wireless network. Configure clients for wireless security. Module 11: Securing Public Application Servers The information in this module explains the types of attacks that can be expected and the methods for defending against them when running servers that provide public services. A secure
Internet services infrastructure must be built by using firewalls, properly securing e-mail servers, and protecting the database servers that frequently provide back-end data for Web servers. Securing Public Services Providing Internet Security Configuring Microsoft SQL Server for Internet Security Securing Microsoft Exchange Server for the Internet Lab: Designing an External Firewall Configuration Provide Internet Security. Configure Microsoft SQL Server for Internet Security. Secure Microsoft Exchange Server. Module 12: Implementing Web Service Security The information in this module explains how to configure Internet Information Services (IIS) security features correctly to make Web servers as secure as possible. Configuring Public Web Servers Configuring Web Authentication Using Secure Sockets Layer to Encrypt Communications Lab: Implementing Web Service Security Secure public Web servers. Describe Web authentication. Use Secure Sockets Layer. Module 13: Detecting Intrusions and Monitoring Events The information in this module explains how to configure IIS security features correctly to make Web servers as secure as possible. Establishing Intrusion Detection for Public Servers Event Monitoring in the Private Network Establish intrusion detection for public servers. Monitor events in the private network. Module 14: Maintaining Software The information in this module explains the various tools that can be used update client and server computers. Installing and Managing Service Packs and Hotfixes Automating Updates with Microsoft Software Update Services Deploying Updates Throughout the Network Lab: Maintaining Software
Work with Service Packs and Hotfixes. Deploy updates in the enterprise. Automate updates with Microsoft Software Update Services.