Windows Server 2003 Security MCSE 70-298 - Online Course

This series explains how to analyze requirements and design a secure Windows Server 2003 network in a medium to large environment. Specific aspects presented are public key infrastructure, Internet Information Services (IIS), IP Security (IPSec), wireless LAN, VPN, Active Directory, Encrypted File System (EFS), and backup and recovery processes.

This series is for anyone preparing for the Designing Security for a Microsoft Windows Server 2003 Network MCSE 70-298 certification exam or for anyone who wants to learn more about designing security for a Windows Server 2003 network. This online course contains 11 lessons and 1 practice exams and should take approximately 33 hours to complete.

Lesson 1: Designing a Secure Network Framework (2.0) hours

Designing a Secure Network Framework teaches you how to analyze existing security policies and procedures, analyze requirements for securing different types of data, predict threats to a network from internal and external sources, design a process for incident response and recovery, and identify capabilities of existing infrastructures including interoperability constraints. This course explains how to design a secure Windows Server 2003 network framework by analyzing business requirements, and both internal and external threats. It also details how to create an incident response plan and examines interoperability issues. Topics include Analyzing existing security Policies and procedures, Determining requirements for securing data, Analyzing current security practices, Predicting network threats, Recognizing external threats, Implementing risk analysis, Responding to security incidents, and Analyzing technical constraints.

Lesson 2: Defining a Baseline Security Template (3.0) hours

Defining a Baseline Security Template teaches you how to design, create, and deploy a security template, configure security for down-level clients, analyze results of security settings, and deploy security using scripts. This course explains what you need in order to apply consistent security settings across a network. It also details how to deploy security templates efficiently throughout a network, focusing on the use of Group Policy Objects (GPO) and scripting techniques. Topics include Administrative security tools overview, Working with predefined security templates, Adding security templates snap-ins, Reapplying default security settings, Configuring security templates, Configuring security for down-level clients, Deploying security templates, Reviewing the result of security policy settings, Using security configuration and analysis to review security settings, and Using the secedit.exe command-line tool.

Lesson 3: Designing Role-Based Server Security (2.0) hours

Designing Role-Based Server Security teaches you how to knowledge of common server roles and best security practices, modify baseline security templates according to role, configure security for Domain Controllers, Internet Information Services, Application, Mail, Infrastructure, File, Print, and Member, Terminal, Remote Access, and Streaming Media servers, and apply security across an enterprise. This course explains how to modify baseline security templates based on functions of an individual or group of servers. This course specifically addresses security configurations for Domain Controllers, Internet Information Services (IIS) Servers, POP3 Mail Servers, and other infrastructure servers. Topics include Common server roles, Adding or changing server roles, Configuring security for domain controllers, Securing the Internet Information Server (IIS), Configuring security for POP3 mail servers, Securing network infrastructure servers, Securing remote access servers, Securing file, print, terminal, and streaming media servers, and Modifying baseline security templates according to role.

Lesson 4: Securing a Public Key Infrastructure and Network Management Processes (4.0) hours

Securing a Public Key Infrastructure and Network Management Processes teaches you how to design a public key infrastructure (PKI) that uses Certificate Services, design a logical authentication strategy, design security for network management, and design a security update infrastructure. This course explains the deployment of public key infrastructures (PKI), the certificate authorities that establish and verify identities of organizations, and the implementation of PKI in the Windows Server 2003 environment. This course also covers security administration and the related tasks and tools needed to secure a Microsoft operating system. Topics include PKI basics, Designing a certification authority implementation, Designing a logical authentication strategy, Designing security for CA servers, Designing certificate distribution, Requesting, approving, and revoking certificates, Renewing and auditing certificates, Managing the risks of network administration, Securing MMC, Remote Assistance, and Telnet, Securing Terminal Services and Remote Desktop, Designing security for EMS, Designing a Security Update infrastructure, Trust relationship basics, Designing forest and domain trust models, and Designing security for interoperability.

Lesson 5: Designing Network Infrastructure Security (3.0) hours

Designing Network Infrastructure Security teaches you how to design network infrastructure security, design an IPSec policy, design IP filtering, specify the required protocols for a firewall configuration, and secure a DNS implementation. This course examines how to protect data as it is transmitted through a network infrastructure by use of IP Security (IPSec). This course also explains how to secure the Domain Naming System (DNS) service, another area of an enterprise network subject to security vulnerabilities. Topics include Network infrastructure security basics, Assessing risk for network services, IPSec overview, Phase I security association, Phase II security association, IPSec policies overview, IPSec rules, How IPSec policy is applied, IPSec driver modes and best practices, Designing IPSec policies, Designing IP filtering and configuring a firewall, and Securing DNS.

Lesson 6: Securing Data Transmissions and Wireless Networks (2.0) hours

Securing Data Transmissions and Wireless Networks teaches you how to design security for data transmission, use segmented networks, design security for wireless networks, design public and private wireless LANs, design 802.11x authentication for wireless networks, and design user authentication for Internet Information Services (IIS). This course explains how to secure wireless network traffic including the technologies available and the challenges they present. This course also discusses common vulnerabilities in a wireless network and how to design a secure wireless LAN. Topics include SSL/TLS,SMIME and SMB, Configuring IIS to use SSL, Securing switches and segments, Wireless network types and threats, Wireless history, PKI and RADIUS/IAS overview, WLAN network infrastructure, Creating a wireless network policy, Designing authentication for wireless networks, and Designing and testing wireless access infrastructure.

Lesson 7: Securing Internet Information Services (2.0) hours

Securing Internet Information Services teaches you how to design user authentication for Internet Information Services (IIS) and a Web site, design security for IIS, design security for Web sites, design a monitoring strategy for IIS, design an IIS baseline based on business requirements, and design a content management strategy for updating an IIS server. This course explains how to create a secure IIS deployment for an enterprise network with a focus on user authentication. It also examines common vulnerabilities of Web servers, along with how to secure Web server software with options offered in Windows Server 2003. Topics include Designing user authentication for IIS, Designing certificate authentication, Configuring anonymous and basic authentication, Configuring digest and integrated Windows authentication, Designing RADIUS authentication, Securing IIS installations, Hardening IIS, New security features in IIS 6.0, Designing a monitoring strategy for IIS, Configuring IIS logging and monitoring Event Log activities, and Enabling security auditing and health detection.

Lesson 8: Securing VPNs, Extranets, and Network Clients (4.0) hours

Securing VPNs, Extranets, and Network Clients teaches you how to design security for communication between networks, design security for communication with external organizations, design a client authentication strategy, design a security strategy for client remote access, and design a strategy for securing client computers. This course discusses the use of Windows Server 2003 as a VPN and provides details on the use of two common, standards-based routing protocols: Routing Information Protocol (RIP) and Open Shortest Path First (OSPF). This course also explains how to secure client workstations and remote access services for end users. Topics include Using Windows Server 2003 as a router, Building routing tables, Designing demand dial routing between internal networks, Designing VPN connectivity, PPTP, L2TP, Using remote access policies, Designing an extranet infrastructure, Hardening client operating systems, Securing laptop computers, Analyzing authentication requirements, Choosing authentication protocols, Choosing a remote access method, Designing remote access policies, Creating a remote access policy, and Using Internet Authentication service.

Lesson 9: Securing Active Directory (3.0) hours

Securing Active Directory teaches you how to design an access control strategy for directory services, establish account and password requirements for security, analyze auditing requirements, create a delegation strategy, design the appropriate group strategy for accessing resources, and design a permission structure for directory service objects. This course explains how to secure Active Directory user accounts and use auditing to identify any security incidents to the Active Directory database. This course also discusses best practices in assigning user permissions to network resources and data. Topics include Designing an access control strategy for directory services, Analyzing risks to directory services, Establishing account security policies, Using restricted groups, Creating a Kerberos policy, Establishing password security, Creating an account lockout policy, Creating an auditing policy, Auditing logon events and object access, Analyzing auditing data, Creating a delegation strategy, and Designing the appropriate group strategy for accessing resources.

Lesson 10: Designing an Access Control Strategy for Files and Folders (3.0) hours

Designing an Access Control Strategy for Files and Folders teaches you how to design an access control strategy for files and folders, analyze auditing requirements, design an access control strategy for the registry, and design a permission structure for registry objects. This course examines common risks such as data corruption and security breaches that can affect a network's file shares. This course also explains how to design a permission structure for files and folders, as well as best practices for securing the Windows Registry. Topics include Analyzing risks to data, Reviewing access control and access control lists, Access to resources, Working with security groups, Defining a security group retirement policy, Delegating security group maintenance, Analyzing auditing requirements, Designing an access control strategy for the registry, Setting registry access permissions via group policy, and Designing a permission structure for registry objects.

Lesson 11: Designing an Encrypted File System and Securing Backup/Restore Processes (3.0) hours

Designing an Encrypted File System and Securing Backup/Restore Processes teaches you how to design a strategy for the encryption and decryption of files and folders, design security for a backup and recovery strategy, implement Encrypted File System (EFS), and configure a file recovery agent. This course explains how to encrypt files using the Encrypted File System (EFS). The course also discusses how to design a secure backup and recovery strategy for network resources, including securing the backup process. Topics include Encrypted File System, Encrypting files and folders, Certificate storage, enrollment, and renewal, Creating a strategy for the encryption and decryption of files and folders, Configuring file recovery agents, Backing up keys, Disabling EFS, Backup and restore process security basics, Designing a secure backup process, Designing a secure recovery process, Securing EMS, Securing the Recovery Console, and Configuring startup and recovery options.

1 Practice Exam

This course provides five practice exams for the Microsoft 70-298 certification exam.