M2823
Implementing and Administering Security in a Microsoft Windows Server 2003 Network
Price :
Specification :
Microsoft Certified Systems Administrator
(MCSA): Windows Server 2003 M2823 70-299
Course Title: Implementing and Administering Security in a
Microsoft Windows Server 2003 Network
Course Code: M2823
Version: B
Level: 200
Duration: 5 Days
Course Overview
The Implementing and Administering Security in a Microsoft Windows Server 2003 Network M2823 instructor-led training course has been designed to address the MCSA and MCSE skills path for IT Pro security practitioners, specifically addressing the training needs of those preparing for the 70-299 certification exam. The primary product focus is on Microsoft Windows Server 2003 based infrastructure solutions but will include some client focused content where appropriate. This learning product is to provide functional skills in planning and implementing infrastructure security. This course is part of the Security Portfolio and will act as the primary entry point for IT Professionals at the implementation level. Course M2810 will provide candidates with an entry point to broaden their awareness of security issues and are encouraged to enhance their security design skills by attending course M2830.Target Audience
Candidates who should consider attending the M2823 Microsoft training course are system administrators or system engineers who have the foundation implementation skills and knowledge for the deployment of secure Microsoft Windows Server 2003 based solutions. This course is not intended to provide design skills, but will cover planning skills at a level sufficient to enable decision making for the implementation process.Course Objectives
On successfully completing the M2823 course candidates will be able to:- Plan and configure an authorisation and authentication strategy
- Install, configure, and manage certification authorities
- Configure, deploy, and manage certificates
- Plan, implement, and troubleshoot smart card certificates
- Plan, implement, and troubleshoot Encrypting File System (EFS)
- Plan, configure, and deploy a secure member server baseline
- Plan, configure, and implement secure baselines for server roles
- Plan, configure, implement, and deploy client computer baselines
- Plan and implement software updates
- Plan, deploy, and troubleshoot data transmission security
- Plan and implement security for wireless networks
- Plan and implement perimeter security with Internet Security and Acceleration (ISA) Server 2004
- Secure remote access
Course Prerequisites
Candidates attending the M2823 Microsoft training course should have previously attended and completed course M2810 or possess the equivalent skills and knowledge.Candidates are also required to have prior experience implementing a Windows 2000 or Windows Server 2003 Active Directory environment, experience with organisational resources such as Web, FTP and Exchange servers, (not expected to have detailed knowledge) shared resources and network services such as DHCP, DNS and WINS would be advantageous.
Testing and Certification
The M2823 Microsoft training course is the recommended preparation for the 70-299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network exam.Course Content
Module 1: Planning and Configuring an Authentication and Authorisation StrategyIn this module candidates will learn how to evaluate the infrastructure of an organisation and create and document an authorisation and authentication plan that allows the appropriate level of access to various security principals. The module also describes trust relationships, domain and forest functional levels, and basic security principles.
Lessons:
- Components of an Authentication Model
- Planning and Implementing an Authentication Strategy
- Groups and Basic Group Strategy in Windows Server 2003
- Creating Trusts in Windows Server 2003
- Planning, Implementing, and Maintaining an Authorisation Strategy Using Groups
- Planning and Implementing a Resource Authorisation Strategy
- Planning and Implementing a Cross-Forest Authentication Strategy
- Planning and Implementing an Authentication Policy
- Describe the components, tools, and protocols that support authentication
- Plan and implement an authentication strategy in a multi-forest organisation
- Determine the necessary group structure for a multi-domain or multi-forest environment.
- Create trusts in a Windows Server 2003 environment
- Plan, implement, and maintain an authorisation strategy in a multi-forest organisation
Module 2: Installing, Configuring, and Managing Certification Authorities
In this module candidates will learn the fundamentals of the systems that make secure communication possible. The module describes methods, such as a public key infrastructure (PKI), that will enable candidates to securely communicate on networks.
Lessons:
- Overview of a PKI
- Introduction to Certification Authorities
- Installing a Certification Authority
- Managing a Certification Authority
- Backing Up and Restoring a Certification Authority
- Installing an Enterprise Subordinate Certification Authority
- Backing up a Certification Authority
- Describe a PKI
- Describe the applications and components that are used in a PKI
- Install a certification authority
- Create and publish Certificate Revocation Lists (CRLs) and Authority Information Access (AIA) distribution points
- Back-up and restore a certification authority
Module 3: Configuring, Deploying, and Managing Certificates
In this module candidates will learn how to ensure that the certificates are issued to the correct security principals and for the intended purpose. The module describes, for example, how to make the deployment of certificates an easy and straightforward task for end users.
Lessons:
- Overview of Digital Certificates
- Deploying and Revoking User and Computer Certificates
- Configuring Certificate Templates
- Managing Certificates
- Configuring Multipurpose Certificate Templates
- Configuring Certificate Auto-enrolment
- Updating a Certificate Template
- Implementing a Key Archiving Strategy
- Configure certificate templates in a Microsoft Windows Server 2003 PKI environment
- Deploy, enrol, and revoke certificates in a Windows Server 2003 PKI environment
- Describe the applications and components that are used in a PKI
- Export, import, and archive certificates and keys in a Windows Server 2003 PKI environment
Module 4: Planning, Implementing, and Troubleshooting Smart Card Certificates
In this module candidates will learn how to deploy, manage, and configure certificates and certificate templates in a public key infrastructure (PKI) environment.
Lessons:
- Introduction to Multifactor Authentication
- Planning and Implementing a Smart Card Infrastructure
- Managing and Troubleshooting a Smart Card Infrastructure
- Configuring a Smart Card Enrolment Station
- Simulation: Enrolling Users for Smart Cards
- Describe the concepts of and applications for multifactor authentication
- Plan and implement a smart card infrastructure
- Manage and troubleshoot a smart card infrastructure
Module 5: Planning, Implementing, and Troubleshooting Encrypting File System
In this module candidates will learn how to plan, implement, and troubleshoot Encrypting File System (EFS).
Lessons:
- Introduction to EFS
- Implementing EFS in a Standalone Microsoft Windows XP Environment
- Planning and Implementing EFS in a Domain Environment
- Implementing EFS File Sharing
- Troubleshooting EFS
- Implementing Certificates to Support EFS
- Configuring Group Policy to Support EFS
- Describe EFS and how it works
- Implement EFS in a standalone Microsoft Windows XP environment
- Plan and implement EFS in a domain environment that has a PKI
- Implement EFS file sharing
- Troubleshoot EFS problems
Module 6: Planning, Configuring, and Deploying a Secure Member Server Baseline
In this module candidates will learn how to create secure baselines for servers.
Lessons:
- Overview of a Member Server Baseline
- Planning a Secure Member Server Baseline
- Configuring Additional Security Settings
- Deploying Security Templates
- Securing Servers by Using the Security Configuration Wizard
- Planning a Secure Member Server Baseline
- Describe the components that make up a secure member server baseline
- Plan a secure member server baseline
- Configure additional security settings
- Deploy security templates
- Secure servers by using the Security Configuration Wizard (SCW)
Module 7: Planning, Configuring, and Implementing Secure Baselines for Server Roles
In this module candidates will learn how to create secure baselines for various server roles.
Lessons:
- Planning and Configuring a Secure Baseline for Domain Controllers
- Planning and Configuring a Secure Baseline for DNS Servers
- Planning and Configuring a Secure Baseline for Infrastructure Servers
- Planning a Secure Baseline for File and Print Servers
- Planning and Configuring a Secure Baseline for IIS Servers
- Plan and configure a secure baseline for domain controllers
- Plan and configure a secure baseline for Domain Name System (DNS) servers
- Plan and configure a secure baseline for infrastructure servers
- Plan a secure baseline for file and print servers
- Plan and configure a secure baseline for Internet Information Services (IIS) servers
Module 8: Planning, Configuring, Implementing, and Deploying a Secure Client Computer Baseline
In this module candidates will learn how to create secure baselines for client computers.
Lessons:
- Planning and Implementing a Secure Client Computer Baseline
- Securing Applications on Client Computers
- Planning and Implementing a Software Restriction Policy
- Implementing Security for Mobile Clients
- Planning Security Templates for Client Computers
- Implementing Security Templates for Client Computers
- Plan a secure client computer baseline
- Secure applications on client computers
- Plan and implement a software restriction policy on client computers
- Implement security on mobile computers
Module 9: Planning and Implementing Software Updates
In this module candidates will learn how to plan and implement update management strategies on computers.
Lessons:
- Introduction to Software Update Management
- Implementing Microsoft Baseline Security Analyser
- Installing Windows Server Update Services
- Managing a WSUS Infrastructure
- Configure MBSA Integration with WSUS Server
- Describe the need for update management and the tools that can be used to implement update management strategies
- Implement MBSA
- Install WSUS
- Manage a WSUS infrastructure
Module 10: Planning, Deploying, and Troubleshooting Data Transmission Security
In this module candidates will learn the information needed to plan and troubleshoot data transmission security.
Lessons:
- Secure Data Transmission Methods
- Introducing IPSec
- Planning and Implementing Data Transmission Security Using IPSec
- Troubleshooting IPSec Communications
- Planning IPSec Security
- Implementing IPSec Security
- Describe various methods for securing data transmission
- Describe the purpose and function of IPSec
- Plan and implement data transmission security using IPSec
- Troubleshoot IPSec communication
Module 11: Planning and Implementing Security for Wireless Networks
In this module candidates will learn how to plan and implement security for wireless networks.
Lessons:
- Introduction to Securing Wireless Networks
- Implementing 802.1x Authentication
- Planning a Secure WLAN Strategy
- Implementing a Secure WLAN
- Troubleshooting Wireless Networks
- Configuring Active Directory for Wireless Networks
- Configuring Certificate Templates and Certificate Auto-enrolment
- Configuring Remote Access Policies for Wireless Devices
- Configuring Group Policy for Wireless Networks
- Describe the components and features of a secure wireless LAN (WLAN) and a wireless infrastructure.
- Plan a secure WLAN infrastructure
- Implement a secure WLAN infrastructure
- Troubleshoot WLAN errors and components
Module 12: Planning and Implementing Perimeter Security with Internet Security and Acceleration Server 2004
In this module candidates will learn how to manage the security, performance, and manageability of various networks within an organisation connecting to each other as well as corporate networks connecting to the internet.
Lessons:
- Introduction to Internet Security and Acceleration Server 2004
- Installing and Managing ISA Server 2004
- Securing a Perimeter Network by Using ISA Server 2004
- Publishing Servers on a Perimeter Network
- Planning a Perimeter Network
- Implementing a Perimeter Network
- Securing an ISA Server 2000 Computer
- Describe the ISA Server 2004 features
- Install and manage ISA Server 2004
- Configure a perimeter network by using ISA Server 2004
- Publish servers on a perimeter network by using ISA Server 2004
Module 13: Securing Remote Access
In this module candidates will learn how an effective network access security design ensures confirmation of the identity of the clients attempting to access an organisation`s network resources and protection of specific resources from inappropriate access by users.
Lessons:
- Introduction to Remote Access Technologies and Vulnerabilities
- Planning a Remote Access Strategy
- Deploying Network Access Quarantine Control Components
- Configuring a VPN Connection
- Configuring the VPN Server for Remote Access Quarantine
- Configuring a Connection Manager Service Profile
- Describe the various remote access technologies used for remote access and the threats associated with remote access
- Plan a remote access strategy
- Implement and configure a virtual private network (VPN) server
- Deploy Network Access Quarantine Control components
$coverfor
PLEASE NOTE: Every effort has been made to ensure the accuracy of all information contained herein. IT Help and Support Centre Ltd makes no warranty expressed or implied with respect to accuracy of this information, including price, product editorials or product specifications. IT Help and Support Centre Ltd or its suppliers shall not be liable for incidental, consequential or special damages arising from, or as a result of, any electronic transmission or the accuracy of the information contained herin, even if IT Help and Support Centre Ltd has been advised of the possibility of such damages. Product and manufacturer names are used only for the purpose of identification.
