MCSE 70-298: Designing Security for a Windows Server 2003 Network

MCSE 70-298:
Designing Security for a Windows Server 2003 Network

Topic-Level Outline

Days: 3

Prerequisites: A+ certification, Network+ certification or equivalent experience

Unit 1 : Designing a secure network framework

Topic A: 0 Analyzing business requirements

A-1: Exploring security settings

A-2: Researching options for an Acceptable Use Policy

A-3: Researching privacy regulations

A-4: Discussing requirements for securing data

A-5: Using a Resultant Set of Policy

A-6: Recognizing internal security threats

Topic B: 0 Designing a security framework

B-1: Identifying network threats

B-2: Scanning for viruses

B-3: Using the System File Checker

B-4: Discussing risk analysis

B-5: Identifying data security requirements

B-6: Responding to security incidents

B-7: Recovering network services after an attack

Topic C: 0 Analyzing technical constraints

C-1: Recognizing the capabilities of the existing infrastructure

C-2: Analyzing interoperability constraints

Unit 2 : Securing servers based on roles

Topic A: 0 Defining a baseline security template

A-1: Creating a security console

A-2: Using the Microsoft Baseline Security Analyzer

A-3: Discussing predefined security templates

A-4: Resetting NTFS permissions

A-5: Discussing security template settings

A-6: Creating a new security template

A-7: Using a restricted groups policy

A-8: Copying an existing template

A-9: Discussing security for down-level clients

Topic B: 0 Deploying security templates

B-1: Importing a security template into a Group Policy

B-2: Reviewing the result of security policy settings

B-3: Analyzing security configuration

B-4: Forcing the application of a Group Policy

B-5: Combining multiple security templates

Topic C: 0 Designing security for servers that have specific roles

C-1: Using Syskey

C-2: Discussing domain controller security

C-3: Securing the Internet Information Server (IIS) role

C-4: Discussing POP3 mail server security

C-5: Discussing remote access policies

C-6: Modifying baseline security templates according to a role

C-7: Applying security across the enterprise

Unit 3 : Designing a secure public key infrastructure

Topic A: 0 Designing a public key infrastructure

A-1: Understanding PKI concepts

A-2: Understanding the PKI architecture

A-3: Designing a Certification Authority implementation

A-4: Understanding trust hierarchies

A-5: Discussing CA server security

Topic B: 0 Designing certificate distribution

B-1: Installing certificate services

B-2: Using the Certificate Request Wizard

B-3: Viewing certificate details

B-4: Backing up certificate services

B-5: Revoking a certificate

B-6: Publishing a certificate revocation list

B-7: Restoring certificate services

B-8: Using certificate templates

B-9: Configuring auto-enrollment

B-10: Renewing certificates

B-11: Installing a stand-alone CA

B-12: Using Certificate Services Web pages

Unit 4 : Securing network management

Topic A: 0 Designing security for network management

A-1: Using Runas

A-2: Creating a taskpad

A-3: Delegating authority

A-4: Restricting MMCs

A-5: Understanding Terminal Services

A-6: Configuring Remote Desktop for Administration

A-7: Configuring a Remote Assistance Group Policy

A-8: Requesting Remote Assistance

A-9: Configuring Telnet

A-10: Designing security for Emergency Management Services

Topic B: 0 Designing a security update infrastructure

B-1: Installing Software Update Service

B-2: Installing software with Group Policy

B-3: Configuring automatic updates

Topic C: 0 Designing domain and forest trust relationships

C-1: Discussing trust relationships

C-2: Discussing different types of trusts

C-3: Raising domain and forest functionality

Unit 5 : Securing network services and protocols

Topic A: 0 Designing network infrastructure security

A-1: Discussing network infrastructure planning

A-2: Balancing security and usability

A-3: Identifying common types of attacks

A-4: Discussing risk assessment for network services

A-5: Enabling an IPSec policy

A-6: Understanding Phase I security associations

A-7: Verifying a security association

Topic B: 0 IPSec policies overview

B-1: Viewing a predefined IPSec policy

B-2: Creating an IPSec rule

B-3: Creating a filter action

B-4: Understanding how to apply an IPSec policy

B-5: Understanding IPSec driver modes

B-6: Identifying the best practices for implementing IPSec

B-7: Creating an IPSec policy

B-8: Disabling an IPSec policy

B-9: Distributing an IPSec policy through Group Policy

B-10: Discussing how to design IP filtering

B-11: Understanding DNS namespaces

B-12: Understanding the DNS Server Service

B-13: Securing dynamic DNS updates

Topic C: 0 Designing security for data transmission

C-1: Discussing SSL/TLS

C-2: Disabling SMB signing

C-3: Understanding port authentication for switches

Topic D: 0 Designing security for wireless networks

D-1: Discussing wireless networks

D-2: Identifying threats to wireless networks

D-3: Configuring wireless network settings

D-4: Understanding DHCP and DNS configuration

D-5: Identifying mechanisms for securing a wireless network

D-6: Using user and computer-based authentication

D-7: Understanding how to design and test a wireless access infrastructure

Unit 6 : Securing Internet Information Services

Topic A: 0 Designing user authentication for IIS

A-1: Installing IIS

A-2: Modifying the anonymous account

A-3: Designing RADIUS authentication

Topic B: 0 Designing security for IIS

B-1: Enabling ASP scripts

B-2: Configuring basic authentication

B-3: Enabling ICF

B-4: Installing FTP

B-5: Installing the SMTP service

B-6: Enabling SSL

B-7: Enabling certificate mapping

B-8: Configuring IIS logging

B-9: Configuring health detection

B-10: Identifying a security incident

Unit 7 : Securing VPN and extranet communications

Topic A: 0 Designing security for communication between networks

A-1: Installing a modem on Windows Server 2003

A-2: Using the route command

A-3: Configuring a dial-up server

A-4: Discussing demand-dial routing

Topic B: 0 Designing VPN connectivity

B-1: Configuring a VPN server

B-2: Configuring demand-dial routing

B-3: Configuring RIP for a demand-dial connection

B-4: Allowing remote access

B-5: Controlling remote access by group

B-6: Configuring authentication for L2TP VPN connections

B-7: Configuring an L2TP connection on a client computer

Unit 8 : Securing Active Directory

Topic A: 0 Designing an access control strategy for directory services

A-1: Using NTFS permissions

A-2: Using share permissions

A-3: Analyzing risks to directory services

A-4: Implementing user backup and restore rights

A-5: Discussing Kerberos policies

A-6: Setting up password security

A-7: Using an account lockout policy

A-8: Auditing account logons

A-9: Auditing file access

A-10: Discussing delegation strategies

Topic B: 0 Designing group strategies for accessing resources

B-1: Configuring groups

B-2: Discussing domain and forest functional levels

B-3: Renaming the administrator account

Unit 9 : Securing network resources

Topic A: 0 Designing a file and folder access control strategy

A-1: Configuring NTFS inheritance

A-2: Discussing access control

A-3: Finding effective permissions

A-4: Creating a distribution group

A-5: Discussing security groups

A-6: Discussing mechanisms for controlling access to resources

A-7: Selecting the appropriate type of resource group

A-8: Delegating group management

A-9: Auditing system events

A-10: Viewing and setting registry permissions

Topic B: 0 Designing for the Encrypted File System

B-1: Understanding EFS

B-2: Discussing EFS best practices

B-3: Using EFS to encrypt files

B-4: Understanding certificate storage

B-5: Discussing EFS file management

B-6: Configuring an EFS recovery agent

B-7: Using a recovery agent

B-8: Recovering and printing encrypted files

B-9: Discussing certificate backups

B-10: Discussing third-party encryption options

Topic C: 0 Designing security for a backup and restore strategy

C-1: Securing the backup and restore process

C-2: Designing a secure backup process

C-3: Discussing Automated System Recovery backup sets

C-4: Securing Emergency Management Services

C-5: Discussing Emergency Management Services

C-6: Using the Recovery Console

Unit 10 : Securing network clients

Topic A: 0 Securing client computers

A-1: Hardening client operating systems

A-2: Enabling patch management

A-3: Installing the Group Policy Management Console

A-4: Securing laptop computers

A-5: Restricting operating system features

A-6: Modifying inheritance of Group Policy settings

A-7: Creating a mandatory profile

Topic B: 0 Designing a client authentication strategy

B-1: Analyzing authentication requirements

B-2: Securing user accounts

B-3: Selecting authentication protocols

Topic C: 0 Designing a secure remote access plan

C-1: Choosing a remote access method

C-2: Restricting RAS by time of day

C-3: Evaluating multiple remote access policies

C-4: Installing Internet Authentication Service

C-5: Configuring RRAS as a RADIUS client

C-6: Configuring IAS as a RADIUS proxy

C-7: Discussing network access quarantine control