 |
 |
Course 2150—Five
days—Instructor-led
Preliminary Course Syllabus
Designing a Secure Microsoft Windows 2000 Network
Table of Contents
Introduction
At Course Completion
Microsoft Certified Professional Exams
Prerequisites
Course Materials and Software
Course Outline
This provides students with the knowledge and skills necessary to design a
security framework for small, medium, and enterprise networks using
Microsoft® Windows® 2000 technologies. This course contains four units
that describe security in specific areas of the network:
- Unit 1, Providing Secure Access to Local Network Users
- Unit 2, Providing Secure Access to Remote Users and Remote
Offices
- Unit 3, Providing Secure Access Between Private and Public
Networks
- Unit 4, Providing Secure Access to Partners
Return to top
At the end of the course, students will be able to:
- Identify the security risks associated with managing resource access
and data flow on the network.
- Describe how key technologies within Windows 2000 are used to secure
a network and its resources.
- Plan a Windows 2000 administrative structure so that permissions are
granted only to appropriate users.
- Plan an Active Directory™ directory service structure that
facilitates secure and verifiable user account creation and
administration.
- Define minimum security requirements for Windows 2000-based domain
controllers, application servers, file and print servers, and
workstations.
- Design a strategy for securing local storage of data and providing
secure network access to file and print resources.
- Design end-to-end security for the transmission of data between
hosts on the network.
- Design a strategy for securing access for non-Microsoft clients
within a Windows 2000-based network.
- Design a strategy for securing local resources accessed by remote
users using dial-in or Virtual Private Network (VPN) technologies.
- Design a strategy for securing local resources accessed by remote
offices within a wide area network (WAN) environment.
- Protect private network resources from public network users.
- Design a strategy for securing private network user access to public
networks.
- Design a strategy for authenticating trusted users over public
networks.
- Design a strategy for securing data and application access for the
private network when accessed by trusted partners.
- Plan for an e-commerce implementation between your organization and
external business partners that facilitates business communication.
- Design a structured methodology for securing a Windows 2000 network.
Return to top
This course will help the student prepare for the following Microsoft
Certified Professional exam:
Return to top
This course requires that students meet the following prerequisites:
The course materials, lectures, and lab exercises are in English. To
benefit fully from the instruction, students need an understanding of the
English language and completion of the prerequisites.
Return to top
The course materials are yours to keep.
You will be provided with the following software for use in the
classroom:
- Windows 2000 Advanced Server
- Network Monitor 2.0
- Microsoft Proxy Server 2.0
Return to top
Day 1
Module 1: Assessing Security Risks
Topics
What is at Risk?
What are the Potential Threats to the Network?
Describing Common Security Standards
Planning Enterprise Security
Lab
Introducing Northwind Traders
Skills
Students will be able to:
- Determine what is at risk if security is compromised on a network.
- Determine common threats against network security.
- Review common standards against which security is measured.
- Discuss a methodology for securing enterprise networks.
Module 2: Introducing the Windows 2000 Security Model
Topics
The role of Directory Services in the Security Framework
Identifying Authentication Methods Available Within Windows 2000 Networks
Controlling Access to Resources on Windows 2000 Networks
Introducing Encryption Technology
Encrypting Stored and Transmitted Data in Windows 2000 Networks
Introducing Public Key Infrastructure Technology
Labs
Assessing Security in Given Scenarios
What Type of Authentication Is Available in Given Scenarios?
Skills
Students will be able to:
- Analyze the role of Windows 2000 Active Directory in the Windows
2000 security framework.
- Describe the authentication protocols used by Windows 2000.
- Describe how objects and resources are secured in Windows 2000.
- Examine common methods of encrypting and validating data.
- Describe how Windows 2000 supports the encryption of both stored
data and transmitted data.
- Describe how a public key infrastructure can be used to implement
certificate-based identification and authentication.
- Plan security for local resources and access on a local network.
Unit 1: Providing Secure Access to Local Network Users
Module 3: Planning Administrative Access
Topics
Defining the Administrative Structure
Assigning Administrative Roles
Providing Administrative Access
Labs
Planning an Administration Structure
Secondary Logon and Remote Administration
Skills
Students will be able to:
- Define the network administrative roles that exist in an
organization.
- Plan memberships in the Windows 2000 administrative groups.
- Plan secure administrative access to the network.
Module 4: Planning User Accounts
Topics
Designing a Domain and Organizational Unit Structure
Planning Account Creation and Location
Planning Delegation of Authority
Designing an Audit Policy for Tracking Account Changes
Labs
Planning a Security-based OU Structure
Group Policy Security Settings
Skills
Students will be able to:
- Design a Windows 2000 domain and organizational unit (OU) structure
that will support your account and group policy configuration.
- Plan for the creation of accounts within the OU structure using both
batch methodology and the Active Directory Users and Computers
console.
- Plan a delegation of authority strategy for OUs.
- Design an audit strategy that will track changes made to the Active
Directory contents.
Day 2
Module 5: Securing Windows 2000-Based Computers
Topics
Evaluating the Security Requirements of Windows 2000-Based Systems
Securing Physical Access to Windows 2000-Based Systems
Designing Security Configuration Policies
Analysis of Security Configuration
Labs
Planning a Security Baseline Template
Evaluating a Baseline Template
Skills
Students will be able to:
- Evaluate the security requirements for Windows 2000-based systems
with respect to their role in the enterprise network.
- Plan physical and hardware configuration measures to secure Windows
2000-based systems.
- Design security configuration templates that can be used to enforce
security settings.
- Plan the use of security baseline templates to evaluate the current
security configuration of a Windows 2000-based system.
Module 6: Securing File and Print Resources
Topics
Comparing the Security of Windows 2000 File Systems
Protecting Data Using Access Control Lists
Encrypting Data Using EFS
Auditing Resource Access
Securing Backup and Restore Procedures
Protecting Data From Viruses
Labs
Planning Data Security
Managing EFS Recovery
Skills
Students will be able to:
- Describe the security provided in the file systems supported by
Windows 2000.
- Design a security strategy for protecting the registry, files
resources, and print resources by using Access Control Lists.
- Design a strategy for the protection and recovery of file resources
using EFS.
- Design an auditing strategy to determine file and print resource
access.
- Design a secure backup and restore procedure that allows for
disaster recovery.
- Plan for virus protection in your network security design.
Day 3
Module 7: Securing Communication Channels on the Local Network
Topics
Demonstration: Investigating Web Access
Assessing Network Data Visibility Risks
Evaluating Network Authentication Methods
Protecting Network Data Transmission from Packet-Level Impersonation
Encrypting Network Data Transmissions with Internet Protocol Security (IPSec)
Labs
Planning Network Data Transmission Security
Evaluating Transport Security using IPSec Policies
Skills
Students will be able to:
- Assess potential risks to data risks to data when it is transported
between clients on the Local Area Network.
- Compare and contrast the network authentication methods that can be
used by Windows 2000 clients and down-level clients.
- Design a strategy for protecting data transmissions on the private
network from packet-level impersonation.
- Design an IPSec strategy for encrypting private network data
transmissions.
Module 8: Providing Secure Access to Non-Microsoft Clients
Topics
Demonstration: Investigating a TelNet Connection
Providing Secure Access to IP-Based Clients
Providing Secure Access to NetWare Clients
Providing Secure Access to Macintosh Clients
Labs
Planning Non-Microsoft Client Access to Shared Resources
Investigating IP Protocol Risks
Skills
Students will be able to:
- Describe the inherent risks and the management strategy involved
when deploying standard IP client/server sockets-based applications.
- Describe the additional security measures that must be taken when
integrating NetWare clients on your network.
- Describe the additional security measures that must be taken when
integrating Macintosh clients on your network.
Unit 2: Providing Secure Access to Remote Users and Offices
Module 9: Providing Secure Access to Remote Users
Topics
Planning Remote Access Security
Authentication and Accounting Providers
Planning Server-side Security for Remote Connectivity
Planning Client-side Security for Remote Connectivity
Labs
Planning Secure Remote Access
Analyzing Remote Data Transmissions
Skills
Students will be able to:
- Compare and contrast the common methods that may be used by remote
users to connect to the private network.
- Compare and contrast the server configuration options available to
allow secure remote connectivity to your network by individual users.
- Compare and contrast the client configuration options available to
allow secure connectivity to a remote private network.
- Create a distributed authentication framework for remote clients.
Day 4
Module 10: Providing Secure Access to Remote Offices
Topics
Comparing Private and Public Networks
Securing WAN Links Over a Private Network
Securing WAN Links Over a Public Network
Labs
Planning Secure Connections for a New Remote Office
Investigating Tunneling Filters
Skills
Students will be able to:
- Introduce how public and private networks interact and describe the
common physical technologies that are used to provide connectivity.
- Plan secure WAN links to branch offices using dedicated network
connections.
- Plan secure WAN links to branch offices using tunneling technologies
over public networks.
Unit 3: Providing Secure Access Between Private and Public Networks
Module 11: Maintaining Security When Allowing Public Access to Your
Private Network
Topics
Potential Risks
Protecting Networks using Firewalls
Demonstration: Port Mapping Example
Protecting Resources Exposed on the Internet
Planning Placement of Servers in a Firewall Configuration
Labs
Planning an ISP Using Windows 2000
Validate a Demilitarized Zone Configuration
Planning Common Packet Filtering
Skills
Students will be able to:
- Analyze the common threats that are introduced when your private
network is connected to a public network.
- Design a firewall strategy for protecting your private network.
- Design a secure method for exposing private network resources to the
public network.
- Plan secure placement of servers when working with interconnected
private and public networks.
Module 12: Maintaining Security When Accessing Public Networks from
Your Network
Topics
Analyzing Threats Introduced by an Internet Connection
Protecting Internet Network Addressing Schemes
Using Server-Side Configuration to Control Content Accessed by Network
Users
Using Client-Side Configuration to Control Content Accessed by Network
Users
Labs
Planning a Deployment Plan for the Client Systems
Using NetStat to View What Is Being Used by the Clients
Configuring Proxy Server to Only Allow Specific Protocol Usage
Skills
Students will be able to:
- Analyze the various threats that are introduced to the network when
users are allowed to access the Internet.
- Design a strategy for protecting the private network IP addressing
scheme from the public network.
- Design the server side requirements for maintaining security when
authenticated users access public networks.
- Design the client-side requirements for maintaining security when
authenticated users access public networks.
- Plan security when trusted individuals and organizations access
private network data and resources over a public network.
Day 5
Unit 4: Providing Secure Access to Partners
Module 13: Authenticating Trusted Partners
Topics
Authenticating Partners Using Windows 2000 User Accounts
Authenticating Partners Using Trusted Domains
Authenticating Partners Using Internet Technologies
Planning Certificate-Based Authentication
Labs
Planning Authentication Methods for Partner Organizations
Investigating the Effects of Certificate Revocation
Skills
Students will be able to:
- Design a secure framework for partner access using Windows 2000 user
accounts.
- Design a secure framework for trusted partners to access the private
network by using trust relationships.
- Compare and contrast the methods available for authenticating
clients by using Internet technologies.
- Design a certificate-based authentication framework for a Windows
2000 network.
Module 14: Providing Secure Resource Access to Trusted Partners
Topics
Providing Secure Access Using Resource Permissions
Securing Access for Remote Partners
Providing Secure Partner Access to Data Using Terminal Services
Providing Secure Partner Access to Data Using Web Technologies
Providing Secure Partner Access to Data Using Messaging
Labs
Selecting Access Methods for Partners
Configuring a Certificate Authority Hierarchy
Skills
Students will be able to:
- Design secure resource access for trusted partners by using access
control lists.
- Plan which resources will be exposed to trusted partners and where
those resources will be placed on the network.
- Design secure resource access to trusted partners by using terminal
services.
- Design secure access to resources using Web technologies.
- Design secure resource sharing using a messaging solution.
Module 15: Providing Business to Business and E-Commerce Security
Topics
Planning for Business-to-Business Applications
Planning for Secure Business Communication Between Partners
Labs
Planning an E-Commerce Site
Planning a Personalization and Membership Server
Skills
Students will be able to:
- Describe the various technologies commonly used when implementing
secure business-to-business applications.
- Plan knowledge management and business communications between
business partners.
Module 16: Title
Topics
Developing a Security Team
Defining the Scope of Security
Analyzing the Current Network Configuration
Designing a Security Baseline for Your Network
Developing and Implementing a Project Plan
Maintaining Security
Maintaining Awareness of Current Security Issues
Skills
Students will be able to:
- Plan the composition of a security team that will develop your
organization's security plan.
- Determine the security needs for your network based on your local
network, remote networks, public networks and associations with
trusted partners.
- Analyze the current security configuration of your network.
- Design the security baseline for your network based on your
organization's security goals.
- Design a security plan rollout.
- Design a strategy to maintain your network's current level of
security as the security landscape changes.
Return to top
|
|
