Windows 2000 Security Design MCSE 70-220

This series provides a detailed look at network security, and is intended as preparation for the MCSE 70-220 Exam: Designing Security for a Microsoft Windows 2000 Network. Topics include analyzing business and technical requirements, planning a strategy, and designing and implementing security using the templates, objects, and services provided in Windows 2000. Students taking this course should be advanced Windows administrators, with MCSE certifications 70-210, 70-215, 70-216, and 70-217 or equivalent experience.

Syllabus

ANALYZING BUSINESS REQUIREMENTS

Shows users how to identify business considerations that will affect the structure and implementation of proposed network security designs.

• Business Models
• Organization and Management
• Company Strategies
• Physical and Information Security Models
• Risk Analysis
• End User Requirements

ANALYZING TECHNICAL REQUIREMENTS

Shows users how to evaluate an existing IT infrastructure in preparation for developing a security design.

• Network Connectivity and Topology
• Network Bandwidth and Performance
• Data and Systems Access
• Roles and Responsibilities
• Analyzing the Existing Security Design

ESTABLISHING A SECURITY BASELINE

Introduces users to the security provided by Active Directory and shows users how to implement security for domain controllers, servers, and workstations using security templates provided by Windows 2000.

• Active Directory
• Domain Controllers
• Servers, Desktop Computers, and Kiosks
• Policies and Templates

PLANNING SECURITY FOR SYSTEM RESOURCES

Shows users how to plan and implement security for system resources including printers, files, shares, registry keys, Internet access, and dial-in access.

• File and Folder Security
• Default Settings for Files and Folders
• Registry Keys
• Security for Other Resources

DESIGNING A SECURITY GROUP STRATEGY

Shows users how to plan membership in security groups and how to use group structure to assign permissions.

• Understanding Groups in Windows 2000
• Default Groups and Users
• Managing Security Groups
• Delegation of Authority

DESIGNING SECURITY POLICY INHERITANCE

Shows users how to design the placement and inheritance of security policies for sites, domains, and organizational units.

• Understanding Group Policies
• Implementing Group Policies
• Group Policy Inheritance
• Group Policies in Mixed Mode
• Designing Group Policy Strategies

PROTECTING RESOURCES WITH AUDITING AND ENCRYPTION

Shows users how to design and implement an audit policy and how to design a strategy for using the Encrypting File System (EFS).

• Designing an Audit Policy
• Implementing an Audit Policy
• Using the Encrypting File System (EFS)
• File Recovery and Management with EFS
• Designing an EFS Strategy

USING NATIVE WINDOWS 2000 AUTHENTICATION

Explains the Kerberos authentication model and shows users how to implement security with Kerberos in Windows 2000 networks and mixed networks.

• Kerberos Authentication
• Kerberos Tickets
• Kerberos Client/Server Exchange
• Kerberos and Interoperability

USING ALTERNATE AUTHENTICATION STRATEGIES

Explains authentication models other than Kerberos that are available under Windows 2000 and shows users how to implement security with these methods in Windows 2000 networks and in mixed networks.

• NTLM and Digest Authentication
• Certificate-Based Authentication and SSL
• Smart Cards
• RADIUS
• Authentication and Interoperability

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Explains strategies and procedures for using Certificate Services in Windows 2000 networks and in mixed networks.

• Understanding Certificate Services
• Installing Certificate Services
• Configuring Certificate Services
• Managing Certificates
• Interoperability and Third-Party PKI

DESIGNING SECURITY FOR NETWORK SERVICES

Explains strategies for securing Windows 2000 network services, including Domain Name Service, Remote Installation Services, and the Simple Network Management Protocol.

• Understanding DNS
• The Dynamic Update Process
• DNS Security
• RIS Security
• SNMP Security

DESIGNING SECURITY FOR ACCESS BETWEEN NETWORKS

Explains how to provide secure access from a private network to the Internet, how to provide partners and other external users with secure access to private networks, and how to provide secure access between multiple local or wide area networks (LANs or WANs).

• Secure Access to Public Networks
• Secure Access for External and Remote Users
• Secure Access between Private Networks
• Secure Access across Public Networks

DESIGNING SECURITY FOR COMMUNICATIONS CHANNELS

Explains how to use SMB signing and the IPSec protocol to secure traffic within private networks and across public networks and how to enable and enforce the use of SMB signing and IPSec through Windows 2000 Group Policy.

• SMB Signing
• IPSec Architecture
• IPSec Negotiation and Encryption
• IPSec Management
• IPSec Policies

Qualifications

Qualification: Printable Transcript

On completion of this course you may print a transcript off as evidence of your progression throughout the course.

Requirements for Entry

There is no experience or previous qualifications required for enrolment on this course. It is available to all students, of all academic backgrounds.

Study Options

If you do not have Internet access, or would prefer to study this course via the traditional paper/postal based study method, you can find more information on the course by clicking on the link below.

Study Hours

This is only an approximate figure and is dependant upon how much time you can dedicate to your studies and how well you grasp the learning concepts in the course material. Furthermore, at the end of each lesson there is a question paper that needs to be completed and returned to your tutor. You should allow at least 1 - 2 hours of study to complete each question paper.

The approximate amount of time required to complete the course is: 40 hrs.