Introduction

This course provides students with the knowledge and skills necessary to design a security framework for small, medium, and enterprise networks by using Microsoft Windows 2000 technologies. This course contains four units that describe how to help protect specific areas of the network:

• Unit 1, Providing Security-Enhanced Access to Local Network Users
• Unit 2, Providing Security-Enhanced Access to Remote Users and Remote Offices
• Unit 3, Providing Security-Enhanced Access Between Private and Public Networks
• Unit 4, Providing Security-Enhanced Access to Partners

At Course Completion

After completing this course, students will be able to:

• Identify the security risks associated with managing resource access and data flow on the network.
• Describe how key technologies within Windows 2000 are used to help protect a network and its resources.
• Plan a Windows 2000 administrative structure so that permissions are granted only to appropriate users.
• Plan an Active Directory™ directory service structure that facilitates security-enhanced and verifiable user account creation and administration.
• Define minimum security requirements for Windows 2000-based domain controllers, application servers, file and print servers, and workstations.
• Design a strategy for to help protect local storage of data and provide security-enhanced network access to file and print resources.
• Design end-to-end security for the transmission of data between hosts on the network.
• Design a strategy to help provide security-enhanced access for non-Microsoft clients within a Windows 2000-based network.
• Design a strategy to help protect local resources accessed by remote users who use dial-up or virtual private network (VPN) technologies.
• Design a strategy to help protect local resources accessed by remote offices within a wide area network (WAN) environment.
• Help protect private network resources from public network users.
• Design a strategy to help protect private network user access to public networks.
• Design a strategy for authenticating trusted users over public networks.
• Design a strategy to help protect data and application access for the private network when accessed by trusted partners.
• Plan for an e-commerce implementation between your organization and external business partners that facilitates business communication.
• Design a structured methodology for securing a Windows 2000 network.

Prerequisites

• Working knowledge of Windows 2000 Directory Services
• Completion of M2154: Implementing and Administering Windows 2000 Directory Services or equivalent knowledge

Course Outline

• Assessing Security Risks
  - Identifying Risks to Data
  - Identifying Risks to Services
  - Identifying Potential Threats
  - Introducing Common Security Standards
  - Planning Network Security
• Introducing Windows 2000 Security
  - Introducing Security Features in Active Directory
  - Authenticating User Accounts
  - Securing Access to Resources
  - Introducing Encryption Technologies
  - Encrypting Stored and Transmitted Data
  - Introducing Public Key Infrastructure Technology
• Planning Administrative Access
  - Determining the Appropriate Administrative Model
  - Designing Administrative Group Strategies
  - Planning Local Administrative Access
  - Planning Remote Administrative Access
• Planning User Accounts
  - Designing Account Policies and Group Policy
  - Planning Account Creation and Location
  - Planning Delegation of Authority
  - Auditing User Account Actions
• Securing Windows 2000-Based Computers
  - Planning Physical Security for Windows 2000-based Computers
  - Evaluating Security Requirements
  - Designing Security Configuration Templates
  - Evaluating Security Configuration
  - Deploying Security Configuration Templates
• Securing File and Print Resources
  - Examining Windows 2000 File System Security
  - Protecting Resources Using DACLs
  - Encrypting Data Using EFS
  - Auditing Resource Access
  - Helping Protect Backup and Restore Procedures
  - Helping Protecting Data from Viruses
• Securing Communication Channels
  - Assessing Network Data Visibility Risks
  - Designing Application-Layer Security
  - Designing IP-Layer Security
  - Deploying Network Traffic Encryption
• Providing Security-Enhanced Access to Non-Microsoft Clients
  - Providing Security-Enhanced Network Access to UNIX Clients
  - Providing Security-Enhanced Network Access to NetWare Clients
  - Providing Security-Enhanced Access to Macintosh Clients
  - Helping to Protect Network Services in a Heterogeneous Network
  - Monitoring for Security Breaches
• Providing Security-Enhanced Access to Remote Users
  - Identifying the Risks of Providing Remote Access
  - Designing Security for Dial-Up Connections
  - Designing Security for VPN Connections
  - Centralizing Remote Access Security Settings
• Providing Security-Enhanced Access to Remote Offices
  - Defining Private and Public Networks
  - Helping Protect Connections Using Routers
  - Helping Protect VPN Connections Between Remote Offices
  - Identifying Security Requirements
• Providing Security-Enhanced Network Access to Internet Users
  - Identifying Potential Risks from the Internet
  - Using Firewalls to Help Protect Network Resources
  - Using Screened Subnets to Help Protect Network Resources
  - Helping to Protect Public Access to a Screened Subnet
• Providing Security-Enhanced Internet Access to Network Users
  - Helping Protect Internal Network Resources
  - Planning Internet Usage Policies
  - Managing Internet Access Through Proxy Server Configuration
  - Managing Internet Access Through Client-Side Configuration
• Extending the Network to Partner Organizations
  - Providing Access to Partner Organizations
  - Securing Applications Used by Partners
  - Securing Connections Used by Remote Partners
  - Structuring Active Directory to Manage Partner Accounts
  - Authenticating Partners from Trusted Domains
• Designing a Public Key Infrastructure
  - Introducing a Public Key Infrastructure
  - Using Certificates
  - Examining the Certificate Life Cycle
  - Choosing a Certification Authority
  - Planning a Certification Authority Hierarchy
  - Mapping Certificates to User Accounts
  - Managing CA Maintenance Strategies
• Developing a Security Plan
  - Designing a Security Plan
  - Defining Security Requirements
  - Maintaining the Security Plan

Microsoft Certified Professional Exams

Exam 70-220: Designing Security for a Microsoft Windows 2000 Network

Course Materials

The student kit includes a comprehensive workbook and other necessary materials for this class.

Related courses:

• M2151: Microsoft Windows 2000 Network and Operating System Essentials
• M2152 Implementing Microsoft Windows 2000 Professional and Server
• M2153: Implementing a Microsoft Windows 2000 Network Infrastructure
• M2154: Implementing and Administering Microsoft Windows 2000 Directory Services

Microsoft Software Assurance

What is Software Assurance?

Software Assurance (SA) provides an easy way for Microsoft's Volume Licensing customers to stay current with the latest and most innovative Microsoft products. Under the SA program, customers acquire the right to install any new release of products covered in the agreement during the term of their coverage. Companies can acquire tomorrow's technology at today's prices and have the ability to spread payments annually instead of paying up front. Visit www.microsoft.com/licensing to learn more about Microsoft's licensing programs.

What is the SA Enhancement Offering?

The SA Enhancement Offering is designed to increase customer satisfaction by giving customers more value from Software Assurance and a better Microsoft product experience. The Enhancement Offering contains tools, training, and support as well as additional licensing benefits which meet different customer needs across product segments and across customer segments. The many benefits include:

• Training vouchers redeemable
• Employee Purchase Program
• Home Use Program
• Problem Resolution Support
• TechNet Subscription
• Technology & Tools

What is the Software Assurance (SA) Training Voucher Program?

Qualifying organizations that purchase Software Assurance receive training credits from Microsoft. Each training credit is worth the equivalent of one day of training at Networking Technologies™. Customers can redeem these credits for SA Training Vouchers for select Microsoft courses from «Networking Technologies»™.

How to Get Started?

Contact the individual in your organization responsible for software purchases to verify that you purchased volume licensing with Software Assurance. We can help you activate your benefits and administer the training vouchers. To register for a training contact Education Center «Networking Technologies»™ directly via e-mail edu@tex.kiev.ua