Who should attend

This course is for departmental Information Technology professionals from Computer Science, Engineering, and Business schools who will be responsible for planning, deploying, and administering Windows 2000, ensuring its integration into a UNIX environment.

Prerequisites

n     Operating systems experience in UNIX® and/or Windows® NT®

n     A working knowledge of Windows 2000 Directory Services

n     A working knowledge of clients, servers, local area networks, drivers, protocols, and network operating systems.

What course provides

This course provides departmental Information Technology professionals with the knowledge and skills necessary to design a security framework for university networks by using Microsoft Windows 2000 technologies..

What students learn

At the end of the course, participants will be able to:

n     Identify the security risks associated with managing resource access and data flow on a Windows network.

n     Describe how key technologies within Windows 2000 are used to secure a network and its resources.

n     Plan a Windows 2000 administrative structure so that permissions are granted only to appropriate users.

n     Define minimum security requirements for Windows 2000-based domain controllers, application servers, file and print servers, and workstations.

n     Design a strategy for securing local storage of data and secure network access to file resources.

n     Design end-to-end security for the transmission of data between hosts on the network.

n     Design a strategy for securing access for non-Microsoft clients to a Windows 2000 network.

n     Provide secure connections to remote users.

n     Design a strategy to secure connections between two remote computers.

n     Protect private network resources from public network users.

n     Design a strategy for securing private network user access to public networks.

n     Design a strategy for allowing trusted partners to access data on a private network.

n     Discuss strategies for integrating Windows 2000 systems with UNIX systems running Kerberos version 5.

n     Design a strategy for using certificate-based authentication to secure access to a private network.

n     Use a structured methodology for designing a secure Windows 2000 network.

Delivered by

What students receive

Each student receives a copy of Microsoft Official Curriculum and supplemental materials for post-class reference and review.

Course Outline

Assessing Security Risks

n     Identifying Risks to Data and Services

n     Identifying Potential Threats

n     Common Security Standards

Introducing Windows 2000 Security

n     Security Features in Active Directory

n     Authenticating User Accounts

n     Securing Access to Resources

n     Introduction to Encryption Technologies

n     Encrypting Stored and Transmitted Data

n     Introducing Public Key Infrastructure Technology

Planning Administrative Access

n     Determining the Appropriate Administrative Model

n     Designing Administrative Group Strategies

n     Planning Local Administrative Access

Securing Windows 2000-Based Computers

n     Planning Physical Security

n     Evaluating Security Requirements

n     Designing Security Configuration Templates

n     Evaluating Security Configurations

n     Deploying Security Configuration Templates

Securing File Resources

n     Encrypting Data Using EFS

Securing Communication Channels

n     Assessing Network Data Visibility Risks

n     Designing Application-Layer Security

n     Designing IP-Layer Security

n     Deploying Network Traffic Encryption

Providing Secure Access to Non-Microsoft Clients

n     Providing Secure Network Access to UNIX Clients

n     Providing Secure Network Access to NetWare Clients

n     Providing Secure Access to Macintosh Clients

n     Securing Network Services in a Heterogeneous Network

n     Monitoring for Security Breaches

Providing Secure Access to Remote Users (optional)

n     Identifying the Risks of Providing Remote Access

n     Designing Security for Dial-Up Connections

n     Designing Security for VPN Connections

n     Centralizing Remote Access Security Settings

Providing Secure Access to Remote Offices (optional)

n     Defining Private and Public Networks

n     Securing Connections Using Routers

n     Securing VPN Connections between Remote Offices

n     Identifying Security Requirements

Providing Secure Network Access to Internet Users (optional)

n     Identifying Potential Risks from the Internet

n     Using Firewalls to Protect Network Resources

n     Using Screened Subnets to Protect Network Resources

n     Securing Public Access to a Screened Subnet

Providing Secure Internet Access to Network Users (optional)

n     Protecting Internal Network Resources

n     Planning Internet Usage Policies

n     Managing Internet Access through Proxy Server Configuration

n     Managing Internet Access through Client-side Configuration

Extending the Network to Partner Organizations

n     Providing Access to Partner Organizations

n     Securing Applications Used by Partners

n     Securing Connections Used by Remote Partners

n     Structuring Active Directory to Manage Partner Accounts

n     Authenticating Partners from Trusted Domains

n     Kerberos Terminology

n     Kerberos Interoperability Scenarios

n     UNIX Clients Using a Windows 2000 KDC

n     Windows 2000 Clients Using a UNIX KDC

n     Cross-realm Trusts

Designing a Public Key Infrastructure

n     Introducing a Public Key Infrastructure

n     Using Certificates

n     Examining the Certificate Life Cycle

n     Choosing a Certification Authority

n     Planning a Certification Authority Hierarchy

n     Mapping Certificates to User Accounts

n     Managing CA Maintenance Strategies

Developing a Security Plan

n     Designing a Security Plan

n     Defining Security Requirements

n     Maintaining the Security Plan