|
MCSA/MCSE Self Paced Training Kit: Implementing & Maintaining Security in a Windows 2000 Network Infrastructure
Learn how to implement security services for a Windows 2000 network - and prepare for the Microsoft Certified Professional (MCP) Exam - with this official Microsoft study guide. Work at your own pace through the lessons and hands-on exercises. And use the testing tool on CD to measure what you know and where to focus your studies - before taking the
actual exam. As you develop the real-world expertise needed to help manage network security, you're also preparing for MCP Exam 70-214 - an elective for MCSA or MCSE certification. BUILD THE SKILLS TO: * Help secure client computers with file system permissions, Group Policy, and other baseline security measures * Configure IPSec and SSL to help protect communication channels for both private and public servers * Manage user and network authentication, certificates, and public key encryption * Implement security measures for RAS, VPNs, and wireless networks * Help protect Microsoft Internet Information Services, Microsoft Exchange Server, and Microsoft SQL Server from unauthorized access * Maintain software integrity with service packs, security updates, and hot fixes * Monitor events, detect network intrusions, and implement prevention and recovery measures YOUR KIT INCLUDES: * Comprehensive self-paced study guide that maps to MCP exam goals and objectives * Learn-by-doing exercises for skills you can apply to the job * Lesson summaries and review questions, including a complete Q&A summary * Testing tool that generates realistic practice exams with automated scoring and explanations for both correct and incorrect answers * 120-day evaluation version of Windows 2000 Server * Fully searchable eBook version of the study guide
FEATURES:
* Official Microsoft study guide helps you build the skills and expertise for managing security in a Windows 2000 infrastructure.
* Provides in-depth preparation for MCP Exam 70-214, a core credit for the new security specialization for MCSE certification.
* Kit delivers self-paced training that maps to MCP exam goals and objectives, a testing tool that generates timed practice exams with automated scoring, electronic version of the study guide, and the Microsoft Encyclopedia of Networking, Second Edition eBook on two CD-ROMs.
CONTENTS:
Book xv
CHAPTER 1 Group Policy 1
About This Chapter 1
Before You Begin 2
Lesson 1: Active Directory and Group Policy 3
Understanding Active Directory Structures 3
Practice: Designing an Active Directory Hierarchy 5
Lesson Review 7
Lesson Summary 7
Lesson 2: Configuring Group Policy 8
Understanding Group Policy 8
Managing Group Policy 13
Practice: Managing Group Policy 16
Lesson Review 26
Lesson Summary 26
Lesson 3: Configuring Client Computer Security Policy 27
Using Client-Side Group Policy Configuration 27
Configuring Group Policy by Type of Worker 28
Configuring Internet Explorer Using Group Policy 29
Practice: Configuring Group Policy for Clients 31
Lesson Review 43
Lesson Summary 44
Lesson 4: Troubleshooting Group Policy Application 45
Understanding Typical Group Policy Application Problems 45
Understanding Windows NT 4 Domain Migration Issues 47
Anticipating Problems Relating to Windows NT 4 Trust Relationships 48
Practice: Troubleshooting the Application of Group Policy 48
Lesson Review 51
Lesson Summary 51
Lesson 5: Security Limitations 52
Understanding the Role of Group Policy in Network Security 52
Practice: Circumventing the Security Limitations of Group Policy 53
Lesson Review 55
Lesson Summary 55
CHAPTER 2 User Accounts and Security Groups 57
About This Chapter 57
Before You Begin 58
Lesson 1: Creating Local User Accounts and Security Groups 59
Managing User Accounts 59
Managing Security Groups 62
Authenticating a User on a Local Computer 64
Practice: Creating User Accounts and Security Groups 69
Lesson Review 72
Lesson Summary 73
Lesson 2: Working with Active Directory Domain Accounts and Security Groups 74
Working with Domains 74
Authenticating Domain User Accounts 75
Using Domain Security Groups Effectively 81
Practice: Creating User Accounts and Security Groups 85
Lesson Review 89
Lesson Summary 90
CHAPTER 3 Restricting Accounts, Users, and Groups 91
About This Chapter 91
Before You Begin 92
Lesson 1: Understanding Account Policies 93
Applying Account Policies 93
What Are the Account Policy Settings? 94
Practice: Configuring Account Policies 100
Lesson Review 103
Lesson Summary 103
Lesson 2: Managing User Rights 104
Assigning User Rights 104
Practice: Modifying User Rights 105
Lesson Review 108
Lesson Summary 108
Lesson 3: Controlling Access Through Restricted Groups 109
Applying Restricted Group Settings 109
Practice: Creating a Restricted Group 110
Lesson Review 112
Lesson Summary 112
Lesson 4: Administering Security Templates 113
Understanding the Purpose of Security Templates 114
Why Use Predefined Security Templates? 115
Managing Security Templates 116
Practice: Managing Security Templates 118
Lesson Review 129
Lesson Summary 130
CHAPTER 4 Account-Based Security 131
About This Chapter 131
Before You Begin 132
Lesson 1: Managing File System Permissions 133
Managing Permissions-Based Security 133
Establishing Permissions Best Practices 140
Troubleshooting Permissions Problems 142
Practice: Securing Files and Folders 144
Lesson Review 151
Lesson Summary 151
Lesson 2: Implementing Share Service Security 153
Understanding Share Security 153
Managing Shares and Share Security 155
Share Security Best Practices 156
Practice: Applying Shares and Share Permissions 156
Lesson Review 160
Lesson Summary 160
Lesson 3: Using Audit Policies 161
Which Security Mechanisms Are Used in Auditing? 161
Managing Auditing 163
Practice: Enabling Auditing 165
Lesson Review 170
Lesson Summary 171
Lesson 4: Including Registry Security 172
Why Use Registry Security? 172
Editing the Registry 173
Practice: Exploring the Registry 174
Lesson Review 176
Lesson Summary 176
CHAPTER 5 Certificate Authorities 177
About This Chapter 177
Before You Begin 177
Lesson 1: Understanding Certificates 178
How Encryption Works 178
Verifying Identities with Digital Signatures 180
Combining Encryption and Certificates 181
Lesson Review 187
Lesson Summary 188
Lesson 2: Installing Windows 2000 Certificate Services 189
Installing Certificate Authorities 189
Best Practices 194
Practice: Establishing a CA Hierarchy 195
Lesson Review 201
Lesson Summary 201
Lesson 3: Maintaining Certificate Authorities 202
Revoking Certificates 202
Issuing Certificates 203
Backing Up and Restoring CAs 203
Practice: Managing CAs 206
Lesson Review 211
Lesson Summary 211
CHAPTER 6 Managing a Public Key Infrastructure 213
About This Chapter 213
Before You Begin 213
Lesson 1: Working with Computer Certificates 214
Understanding the Purpose of Computer Certificates 214
Identifying How a Certificate Is Used 214
Using Certificate Templates 215
Deploying Computer Certificates 216
Practice: Using Two Methods to Deploy Computer Certificates 218
Lesson Review 223
Lesson Summary 223
Lesson 2: Deploying User Certificates 224
Deploying Certificates to Users 224
Moving Certificates 227
Practice: Deploying and Moving Certificates 229
Lesson Review 235
Lesson Summary 236
Lesson 3: Using Smart Card Certificates 237
Using Smart Cards 237
Issuing Smart Cards 239
Modifying the Smart Card Removal Behavior Policy 241
Troubleshooting Smart Card Enrollment 243
Practice: Deploying a Smart Card 244
Lesson Review 251
Lesson Summary 252
Lesson 4: Deploying S/MIME Certificates 253
How S/MIME Certificates Are Used 253
Troubleshooting S/MIME Deployment 254
Practice: Sending Digitally Signed Email 254
Lesson Review 258
Lesson Summary 258
CHAPTER 7 Increasing Authentication Security 259
About This Chapter 259
Before You Begin 259
Lesson 1: Supporting Earlier Versions of Windows Clients 260
Authentication Basics 260
Windows 2000 Network Authentication 261
Creating a Secure Environment 263
Practice: Enabling a Secure Mixed-Client Environment 264
Lesson Review 268
Lesson Summary 268
Lesson 2: Supporting Macintosh Clients 269
Supporting Macintosh Computers Securely 269
Practice: Enabling Macintosh Clients to Access Windows 2000 Servers 270
Lesson Review 277
Lesson Summary 278
Lesson 3: Trust Relationships 279
Understanding Trust Relationships 279
Managing External Trust Relationships 280
Practice: Creating an External Trust Relationship 280
Lesson Review 284
Lesson Summary 285
CHAPTER 8 IP Security 287
About This Chapter 287
Before You Begin 288
Lesson 1: Configuring IPSec Within a Domain 289
Understanding the IPSec Basics 289
IPSec in Windows 2000 291
Distributing IKE Secret Keys 292
IPSec Within a Private Network 292
Determining IP Security Method by Server Role 292
Practice: Enabling IPSec Between Domain Members 294
Lesson Review 301
Lesson Summary 302
Lesson 2: Configuring IPSec Between Untrusted Networks 303
Providing a Secret Key 303
What Are the IPSec Exceptions? 305
Practice: Creating a Simple Encrypted Tunnel Between Domains 305
Lesson Review 319
Lesson Summary 319
Lesson 3: Configuring IPSec on Internet Servers 320
Using Certificates to Distribute IPSec Secret Keys 320
Practice: Using Certificates to Exchange IKE Secret Keys 321
Lesson Review 329
Lesson Summary 329
Lesson 4: Troubleshooting IPSec Configuration 330
Why IPSec Might Fail 330
Practice: Troubleshooting IPSec Communications 333
Lesson Review 336
Lesson Summary 336
CHAPTER 9 Remote Access and VPN 339
About This Chapter 339
Before You Begin 340
Lesson 1: Securing RRAS Servers 341
Understanding RRAS Security 341
Configuring a New RRAS Server 344
Managing RRAS Security Options 345
Practice: Securing RRAS Servers 346
Lesson Review 350
Lesson Summary 351
Lesson 2: Managing RRAS Authentication 352
Configuring Windows RRAS Authentication 352
Using RADIUS and IAS 353
Configuring RADIUS Authentication 355
Practice: Configuring RRAS Authentication and an IAS Server 355
Lesson Review 363
Lesson Summary 364
Lesson 3: Securing Remote Clients 365
Managing Remote Access Policy 365
Using the Connection Manager Administration Kit 368
Using Connection Manager 370
Practice: Securing Remote Clients 371
Lesson Review 380
Lesson Summary 380
Lesson 4: Securing Communications Using a VPN 381
Understanding Virtual Private Networks 381
Configuring VPN Protocols 382
Practice: Configuring and Troubleshooting VPN Protocols 383
Lesson Review 395
Lesson Summary 396
CHAPTER 10 Wireless Security 397
About This Chapter 397
Before You Begin 398
Lesson 1: Setting Up a Wireless Network 399
Understanding Wireless Technology 399
Practice: Connecting a WAP and Client to the Network 402
Lesson Review 408
Lesson Summary 408
Lesson 2: Securing Wireless Networks 409
Understanding Wired Equivalent Privacy 409
Practice: Establishing WEP Encryption 411
Lesson Review 416
Lesson Summary 417
Lesson 3: Configuring Clients for Wireless Security 418
Ensuring Secure Access 418
Practice: Configuring Your Network for 802.1x Authentication 422
Lesson Review 436
Lesson Summary 436
CHAPTER 11 Public Application Server Security 437
About This Chapter 437
Before You Begin 438
Lesson 1: Providing Internet Security 439
Understanding the Requirements for Internet Security 439
What Is the Threat? 440
Securing Public Services 442
Establishing Firewall Security 443
What Are the Types of Firewall? 446
Using ISA Server 448
Practice: Configuring a Firewall 449
Lesson Review 455
Lesson Summary 456
Lesson 2: Configuring Microsoft SQL Server for Internet Security 457
Protecting Public Database Servers 457
Practice: Establishing SQL Server Security for the Internet 459
Lesson Review 467
Lesson Summary 467
Lesson 3: Securing Microsoft Exchange Server for the Internet 468
Exploiting Open Relays 469
Properly Protecting an Exchange Server 469
Securing Credentials with SSL 470
Practice: Securing Microsoft Exchange for the Internet 471
Lesson Review 482
Lesson Summary 483
CHAPTER 12 Web Service Security 485
About This Chapter 485
Before You Begin 486
Lesson 1: Securing Public Web Servers 487
Understanding Internet Information Services 487
Implementing IIS Security 488
Practice: Configuring IIS Security 491
Lesson Review 494
Lesson Summary 494
Lesson 2: Web Authentication 495
Understanding Web Authentication 495
Configuring Web Authentication 498
Practice: Selecting Authentication Methods 499
Lesson Review 503
Lesson Summary 504
Lesson 3: Using Secure Sockets Layer 505
Understanding SSL 505
Obtaining and Installing SSL Certificates 505
Managing Server Certificates 507
Authenticating Clients 508
Practice: Using SSL 510
Lesson Review 527
Lesson Summary 528
CHAPTER 13 Intrusion Detection and Event Monitoring 529
About This Chapter 529
Before You Begin 529
Lesson 1: Establishing Intrusion Detection for Public Servers 530
Common Network Intrusions 530
Detecting Network Intrusions 531
Using a Decoy Server 533
Performing Event Analysis and Preserving Evidence 538
Practice: Detecting Intruders 538
Lesson Review 544
Lesson Summary 544
Lesson 2: Event Monitoring in the Private Network 545
Establishing Intrusion Detection in Private Networks 545
Preserving the Evidence 548
Searching Audit Logs with EventComb 549
Practice: Managing Event Logs 550
Lesson Review 554
Lesson Summary 554
CHAPTER 14 Software Maintenance 555
About This Chapter 555
Before You Begin 555
Lesson 1: Working with Service Packs and Hotfixes 556
Understanding Service Packs and Hotfixes 556
Managing Service Packs and Hotfixes 557
Slipstreaming Service Packs and Hotfixes 559
Working with Remote Installation Services 560
Practice: Managing Service Packs and Hotfixes 561
Lesson Review 571
Lesson Summary 572
Lesson 2: Automating Updates with Microsoft Software Update Services 573
Using Windows Update 573
Using Automatic Updates 575
Installing and Configuring Software Update Services 576
Practice: Using Software Update Services 578
Lesson Review 590
Lesson Summary 591
Lesson 3: Deploying Updates in the Enterprise 592
Using Group Policy to Deploy Software 592
Installing Multiple Hotfixes 593
Using Tools for Security Management 594
Practice: Deploying Multiple Hotfixes in the Enterprise 596
Lesson Review 599
Lesson Summary 599
APPENDIX Questions and Answers 601
GLOSSARY 625
INDEX 635
|
