Day 1
Module 1: Assessing Security Risks
Topics
Identifying Risks to Data
Identifying Risks to Services
Identifying
Potential Threats
Introducing Common Security Standards
Planning Network
Security
Skills
Students will be able to:
|
Describe the potential risks to different types of stored data. |
|
Describe the potential risks from a denial of service. |
|
Describe potential threats against network security. |
|
Describe common industry standards for measuring network
security. |
|
Discuss methodologies to help protect a Windows 2000
network. |
Module 2: Introducing Windows 2000 Security
Topics
Introducing Security Features in Active Directory
Authenticating User
Accounts
Securing Access to Resources
Introducing Encryption
Technologies
Encrypting Stored and Transmitted Data
Introducing Public Key
Infrastructure Technology
Skills
Students will be able to:
|
Describe how security features in Active Directory provide a framework for
designing a security-enhanced Windows 2000 network. |
|
Describe the authentication methods that Windows 2000 provides for user and
computer accounts. |
|
Identify the methods that can be used to help protect resource access in
Windows 2000 networks. |
|
Identify the encryption technologies that Windows 2000
supports. |
|
Describe how encryption technologies are used to help protect stored and
transmitted data in a Windows 2000 network. |
|
Describe how a Public Key Infrastructure (PKI) can be used to create a
security-enhanced network. |
Unit 1: Providing Security-Enhanced Access to Local Network
Users
Module 3: Planning Administrative Access
Topics
Determining the Appropriate Administrative Model
Designing Administrative
Group Strategies
Planning Local Administrative Access
Planning Remote
Administrative Access
Lab
Planning Security-Enhanced Administrative Access
Skills
Students will be able to:
|
Select an administrative model for an organization. |
|
Plan memberships in Windows 2000 administrative groups. |
|
Plan security-enhanced local administrative access to the
network. |
|
Plan security-enhanced remote administrative access to the
network. |
Day 2
Module 4: Planning User Accounts
Topics
Designing Account Policies and Group Policy
Planning Account Creation and
Location
Planning Delegation of Authority
Auditing User Account
Actions
Lab
Planning a Security-based OU Structure
Skills
Students will be able to:
|
Design an account policy and Group Policy strategy for user
accounts. |
|
Plan for the creation and location of user accounts within the domain and
organizational unit (OU) structure. |
|
Plan delegation of authority to user accounts. |
|
Design an audit strategy that will track changes made to objects in Active
Directory. |
Module 5: Securing Windows 2000-Based Computers
Topics
Planning Physical Security for Windows 2000-based Computers
Evaluating
Security Requirements
Designing Security Configuration
Templates
Evaluating Security Configuration
Deploying Security
Configuration Templates
Labs
Analyzing a Security Template
Designing Customized Security
Templates
Skills
Students will be able to:
|
Plan physical measures to help protect Windows 2000-based
computers. |
|
Evaluate the security requirements for Windows 2000-based computers with
respect to their roles in the network. |
|
Design security configuration templates to enforce security
settings. |
|
Evaluate the existing security configuration of a Windows 2000-based
computer. |
|
Determine how to deploy security templates in a Windows 2000
network. |
Module 6: Securing File and Print Resources
Topics
Examining Windows 2000 File System Security
Protecting Resources Using
DACLs
Encrypting Data Using EFS
Auditing Resource Access
Helping
Protect Backup and Restore Procedures
Helping Protecting Data from
Viruses
Labs
Managing EFS Recovery Keys
Planning Data Security
Skills
Students will be able to:
|
Describe the security provided in the file systems supported by Windows
2000. |
|
Design a security strategy to help protect data such as files, folders, print
resources, and the registry by using discretionary access control lists
(DACLs). |
|
Design a strategy for the protection and recovery of file resources encrypted
with Encrypting File System (EFS). |
|
Design an audit strategy to monitor file and print resource
access. |
|
Design a security-enhanced backup and restore procedure that allows for
disaster recovery. |
|
Plan for virus protection in a network security
design. |
Day 3
Module 7: Securing Communication Channels
Topics
Assessing Network Data Visibility Risks
Designing Application-Layer
Security
Designing IP-Layer Security
Deploying Network Traffic
Encryption
Lab
Planning Transmission Security
Skills
Students will be able to:
|
Assess potential risks to transmitted data on the network wire in the local
area network (LAN). |
|
Design a strategy to help provide authentication and data privacy by applying
security at the application layer. |
|
Design a strategy to help provide authentication and data privacy by applying
security at the Internet Protocol (IP) layer. |
|
Design an Internet Protocol Security (IPSec) strategy for encrypting private
network data transmissions. |
Module 8: Providing Security-Enhanced Access to Non-Microsoft
Clients
Topics
Providing Security-Enhanced Network Access to UNIX Clients
Providing
Security-Enhanced Network Access to NetWare Clients
Providing
Security-Enhanced Access to Macintosh Clients
Helping to Protect Network
Services in a Heterogeneous Network
Monitoring for Security Breaches
Lab
Securing Telnet Transmissions
Skills
Students will be able to:
|
Identify the risks associated with allowing UNIX clients access to a Windows
2000 network. |
|
Identify the risks associated with allowing NetWare clients access to a
Windows 2000 network. |
|
Identify the risks associated with allowing Macintosh clients access to a
Windows 2000 network. |
|
Help protect common network services that are operating in a heterogeneous
network. |
|
Monitor a heterogeneous network for security breaches and identify the risks
of unauthorized network monitoring. |
Unit 2: Providing Security-Enhanced Access to Remote Users and
Offices
Module 9: Providing Security-Enhanced Access to Remote Users
Topics
Identifying the Risks of Providing Remote Access
Designing Security for
Dial-Up Connections
Designing Security for VPN Connections
Centralizing
Remote Access Security Settings
Lab
Using RADIUS Authentication
Skills
Students will be able to:
|
Identify the risks associated with providing network access to remote
users. |
|
Design a security-enhanced network for remote users who access the network by
using dial-up connections. |
|
Design a security-enhanced network for remote users who access the network by
using VPN connections. |
|
Design a security-enhanced network for remote users by centralizing the
security configuration of remote access servers. |
Day 4
Module 10: Providing Security-Enhanced Access to Remote Offices
Topics
Defining Private and Public Networks
Helping Protect Connections Using
Routers
Helping Protect VPN Connections Between Remote Offices
Identifying
Security Requirements
Labs
Planning Security-Enhanced Connections for Remote Offices
Skills
Students will be able to:
|
Describe the difference between a private network and a public
network. |
|
Plan a security-enhanced connection between two remote networks by using
routers. |
|
Plan a security-enhanced connection between two remote networks by using a
VPN. |
|
Identify the security requirements that must be considered while planning
security-enhanced connections between remote
offices. |
Unit 3: Providing Security-Enhanced Access Between Private and Public
Networks
Module 11: Providing Security-Enhanced Network Access to Internet
Users
Topics
Identifying Potential Risks from the Internet
Using Firewalls to Help
Protect Network Resources
Using Screened Subnets to Help Protect Network
Resources
Helping to Protect Public Access to a Screened Subnet
Lab
Designing a Screened Subnet
Skills
Students will be able to:
|
Analyze the potential threats that are introduced when a private network is
connected to the Internet. |
|
Design a firewall strategy to help protect private network
resources. |
|
Design a security-enhanced method for exposing private network resources to
the Internet. |
|
Plan to help protect public access to a screened
subnet. |
Module 12: Providing Security-Enhanced Internet Access to Network
Users
Topics
Helping Protect Internal Network Resources
Planning Internet Usage
Policies
Managing Internet Access Through Proxy Server
Configuration
Managing Internet Access Through Client-Side
Configuration
Lab
Securing the Internal Network When Accessing the Internet
Skills
Students will be able to:
|
Design a strategy to help protect private network resources from the public
network. |
|
Plan which users, computers, and protocols are allowed access to the
Internet. |
|
Design the Microsoft Proxy Server settings for maintaining security when
local network users access the Internet. |
|
Design the client-side requirements for maintaining security when local
network users access the Internet. |
Day 5
Unit 4: Providing Security-Enhanced Access to Partners
Module 13: Extending the Network to Partner Organizations
Topics
Providing Access to Partner Organizations
Securing Applications Used by
Partners
Securing Connections Used by Remote Partners
Structuring Active
Directory to Manage Partner Accounts
Authenticating Partners from Trusted
Domains
Lab
Planning Partner Connectivity
Skills
Students will be able to:
|
Describe the connection methods that can be used to provide access to partner
organizations. |
|
Describe the ways to provide security-enhanced access to data, applications,
and communications shared with trusted partners. |
|
Design a security-enhanced framework that allows partners to use tunnel
connections, dial-up connections, and Terminal Services to access the private
network. |
|
Design an Active Directory directory service structure for
partners. |
|
Design a framework for authenticating partners from trusted
domains. |
Module 14: Designing a Public Key Infrastructure
Topics
Introducing a Public Key Infrastructure
Using Certificates
Examining
the Certificate Life Cycle
Choosing a Certification Authority
Planning a
Certification Authority Hierarchy
Mapping Certificates to User
Accounts
Managing CA Maintenance Strategies
Lab
Using Certificate-based Authentication
Skills
Students will be able to:
|
Describe the basic components of a PKI. |
|
Define how certificates can be used in a PKI to certify applications and
services. |
|
Define the basic functions of certificates within a certificate life
cycle. |
|
Choose between public and private certification authorities
(CAs). |
|
Plan a hierarchy for organizing CAs in a network. |
|
Use certificate mapping to apply user permissions to users who are not
included in your organization's Active Directory directory
service. |
|
Plan recovery and maintenance strategies for
CAs. |
Module 15: Developing a Security Plan
Topics
Designing a Security Plan
Defining Security Requirements
Maintaining
the Security Plan
Lab
Developing a Security Plan
Skills
Students will be able to:
|
Design a security plan that will meet the security requirements of an
organization. |
|
Define the security requirements for local and remote networks, public and
private networks, and trusted business partners. |
|
Develop strategies to maintain the network security plan. |
|
