Course Features |
Designing a Secure Windows® 2000 Network
for a University Computing Environment
4 day course
|
|
Who should attend |
|
This course is for
departmental Information Technology professionals from Computer Science,
Engineering, and Business schools who will be responsible for planning,
deploying, and administering Windows 2000, ensuring its integration into a
UNIX environment. |
|
|
|
Prerequisites |
|
n Operating systems experience in UNIX® and/or Windows® NT® n A working knowledge of Windows 2000 Directory Services n
A working knowledge of clients, servers, local area
networks, drivers, protocols, and network operating systems. |
|
|
|
What course provides |
|
This course provides departmental Information Technology
professionals with the knowledge and skills necessary to design a security
framework for university networks by using Microsoft Windows 2000
technologies.. |
|
|
|
What students learn |
|
At the end of the course, participants will be able to: n Identify the security risks associated with managing resource access and data flow on a Windows network. n Describe how key technologies within Windows 2000 are used to secure a network and its resources. n Plan a Windows 2000 administrative structure so that permissions are granted only to appropriate users. n Define minimum security requirements for Windows 2000-based domain controllers, application servers, file and print servers, and workstations. n Design a strategy for securing local storage of data and secure network access to file resources. n Design end-to-end security for the transmission of data between hosts on the network. n Design a strategy for securing access for non-Microsoft clients to a Windows 2000 network. n Provide secure connections to remote users. n Design a strategy to secure connections between two remote computers. n Protect private network resources from public network users. n Design a strategy for securing private network user access to public networks. n Design a strategy for allowing trusted partners to access data on a private network. n Discuss strategies for integrating Windows 2000 systems with UNIX systems running Kerberos version 5. n Design a strategy for using certificate-based authentication to secure access to a private network. n Use a structured methodology for designing a secure Windows 2000 network.
|
Delivered by |
|
|
What students receive |
|
Each student receives a copy of Microsoft Official Curriculum and supplemental materials for post-class reference and review. |
|
|
|
Designing a Secure Windows®
2000 Network for a University Computing Environment Page 2
Course Outline |
|
|
|
|
|
|
|
Assessing Security Risks n Identifying Risks to Data and Services n Identifying Potential Threats n Common Security Standards Introducing Windows 2000 Security n Security Features in Active Directory n Authenticating User Accounts n Securing Access to Resources n Introduction to Encryption Technologies n Encrypting Stored and Transmitted Data n Introducing Public Key Infrastructure Technology Planning Administrative Access n Determining the Appropriate Administrative Model n Designing Administrative Group Strategies n Planning Local Administrative Access Securing Windows 2000-Based Computers n Planning Physical Security n Evaluating Security Requirements n Designing Security Configuration Templates n Evaluating Security Configurations n Deploying Security Configuration Templates Securing File Resources n Encrypting Data Using EFS Securing Communication Channels n Assessing Network Data Visibility Risks n Designing Application-Layer Security n Designing IP-Layer Security n Deploying Network Traffic Encryption Providing Secure Access to Non-Microsoft Clients n Providing Secure Network Access to UNIX Clients n Providing Secure Network Access to NetWare Clients n Providing Secure Access to Macintosh Clients n Securing Network Services in a Heterogeneous Network n Monitoring for Security Breaches Providing Secure Access to Remote Users (optional) n Identifying the Risks of Providing Remote Access n Designing Security for Dial-Up Connections n Designing Security for VPN Connections n Centralizing Remote Access Security Settings |
|
Providing Secure Access to Remote Offices (optional) n Defining Private and Public Networks n Securing Connections Using Routers n Securing VPN Connections between Remote Offices n Identifying Security Requirements Providing Secure Network Access to Internet Users (optional) n Identifying Potential Risks from the Internet n Using Firewalls to Protect Network Resources n Using Screened Subnets to Protect Network Resources n Securing Public Access to a Screened Subnet Providing Secure Internet Access to Network Users (optional) n Protecting Internal Network Resources n Planning Internet Usage Policies n Managing Internet Access through Proxy Server Configuration n Managing Internet Access through Client-side Configuration Extending the Network to Partner Organizations n Providing Access to Partner Organizations n Securing Applications Used by Partners n Securing Connections Used by Remote Partners n Structuring Active Directory to Manage Partner Accounts n Authenticating Partners from Trusted Domains n Kerberos Terminology n Kerberos Interoperability Scenarios n UNIX Clients Using a Windows 2000 KDC n Windows 2000 Clients Using a UNIX KDC n Cross-realm Trusts Designing a Public Key Infrastructure n Introducing a Public Key Infrastructure n Using Certificates n Examining the Certificate Life Cycle n Choosing a Certification Authority n Planning a Certification Authority Hierarchy n Mapping Certificates to User Accounts n Managing CA Maintenance Strategies Developing a Security Plan n Designing a Security Plan n Defining Security Requirements n Maintaining the Security Plan |
|