Chapter and Appendix Overview
This self-paced training course combines notes, hands-on activities and labs, and review questions to teach you how to design security for a Windows 2000 network. It's designed to be completed from beginning to end, but you can choose a customized track and complete only the sections that interest you. (See the next section, "Finding the Best Starting Point for You," for more information.)
The book is divided into the following chapters:
- The "About This Book" section contains a self-paced training overview and introduces the components of this training. Read this section thoroughly to get the greatest educational value from this self-paced training and to plan which lessons you will complete.
- Chapter 1, "Introduction to Microsoft Windows 2000 Security," introduces the concept of planning security for a Windows 2000 network by looking at Windows 2000 security services design. The chapter also looks at business and technical requirements that affect your security design.
- Chapter 2, "Designing Active Directory for Security," introduces the decisions you face when designing Active Directory directory services. The decisions that you must make include determining the number of forests, domains, and organizational units to deploy based on security requirements.
- Chapter 3, "Designing Authentication for a Microsoft Windows 2000 Network," examines the authentication protocols that are used in a Windows 2000 network. The chapter also discusses issues you face when down-level clients are deployed on the network and how to place Windows 2000 servers to optimize the authentication process.
- Chapter 4, "Planning a Microsoft Windows 2000 Administrative Structure," discusses the membership design of Windows 2000 administrative groups. The chapter also helps you to secure administrative access of the network by using secondary logon or by restricting administration to specific workstations.
- Chapter 5, "Designing Group Security," shows you how to design group membership for security. The chapter discusses methodologies that are used to define group memberships and strategies that are used to secure user rights assignments.
- Chapter 6, "Securing File Resources," discusses the security planning for stored data on the network. You secure data by designing share permissions and NT file system (NTFS) permissions to restrict access to only authorized data. In high security scenarios you may also need to use the Encrypting File System (EFS) to provide encryption of the stored data.
- Chapter 7, "Designing Group Policy," explores the design issues related to Group Policy deployment. The issues include planning for inheritance and troubleshooting Group Policy application problems.
- Chapter 8, "Securing Microsoft Windows 2000–Based Computers," shows how you can use security templates and deploy them to standardize security configuration of Windows 2000–based computers.
- Chapter 9, "Designing Microsoft Windows 2000 Services Security," discusses the security issues that you must address when Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Remote Installation Services (RIS), Simple Network Management Protocol (SNMP), or Terminal Services are deployed on your network. Each service has specific security issues that must be addressed by your security design.
- Chapter 10, "Planning a Public Key Infrastructure," discusses the planning issues an organization faces when it deploys a Public Key Infrastructure. The topics include designing Certification Authority hierarchies and securing the certificate acquisition process.
- Chapter 11, "Securing Data at the Application Layer," explores the security required to secure transmitted data by using application layer protocols.
- Chapter 12, "Securing Data with Internet Protocol Security (IPSec)" explores the security design required to protect transmitted data by using IPSec. The topics include designing IPSec security associations and common IPSec deployment strategies.
- Chapter 13, "Securing Access for Remote Users and Networks" looks at the security required to allow remote users and offices to connect to the corporate network. The security design must ensure that allowing remote access to the network does not compromise network security.
- Chapter 14, "Securing an Extranet," discusses the security issues you face when data is exposed to a public network such as the Internet. The security design must allow access to resources in the publicly accessible Extranet without compromising the private network's security.
- Chapter 15, "Securing Internet Access," discusses the security issues that you face when private network users require access to a public network such as the Internet. The security design must ensure that the users don't compromise the private network's security when they access the Internet.
- Chapter 16, "Securing Access in a Heterogeneous Network Environment," examines the security issues that you need to address when non-Microsoft, or heterogeneous, clients require access to resources in a Windows 2000 network. The design must include provisions for authentication and authorization to ensure that security is maintained.
- Chapter 17, "Designing a Security Plan," concludes the book by looking at the issues you face when designing a security plan for a project. A security plan must reflect an organization's security policy to ensure that the organization's security goals are met.
- The appendix, "Answers," lists the answers to the questions from the book showing the page number where the questions for that section begin and the suggested answers.
- The glossary lists and defines the terms associated with your study of Windows 2000 security. Although it is not in the printed version of the book, the glossary is included in the online book on the Supplemental Course Materials CD-ROM.
Finding the Best Starting Point for You
Because this book is self-paced, you can skip some lessons and revisit them later. Use the following table to find the best starting point for you:
| If You | Follow This Learning Path |
|---|---|
| Are preparing to take the Microsoft Certified Professional exam 70-220, Designing Security for a Microsoft Windows 2000 Network | Read the "Getting Started" section. Then work through Chapters 1 through 17 in order. |
| Want to review information about specific topics from the exam | Use the "Where to Find Specific Skills in This Book" section that follows this table. |
NOTE
Exam skills are subject to change without prior notice and at the sole discretion of Microsoft.
Where to Find Specific Skills in This Book
The following table provides a list of the skills measured on certification exam 70-220, Designing Security for a Microsoft Windows 2000 Network. The table lists the skill and where in this book you will find the lesson relating to that skill.
Analyzing Business Requirements
| Skill Being Measured | Location in Book |
|---|---|
| Analyze the existing and planned business models. | |
| Analyze the company model and the geographical scope. Models include regional, national, international, subsidiary, and branch offices. | Chapter 2: Lesson 2 |
| Analyze company processes. Processes include information flow, communication flow, service and product life cycles, and decision-making. | Chapter 1: Lesson 2 Chapter 1: Lesson 3 |
| Analyze the existing and planned organizational structures. Considerations include management model; organization; vendor, partner, and company customer relationships; and acquisition plans. | Chapter 1: Lesson 2 |
| Analyze factors that influence company strategies. | |
| Identify company priorities. | Chapter 1: Lesson 2 |
| Identify the projected growth and growth strategy. | Chapter 1:Lesson 2 |
| Identify relevant laws and regulations. | Chapter 12: Lesson 1 |
| Identify the company's tolerance for risk. | Chapter 1: Lesson 2 |
| Identify the total cost of operations. | Chapter 1: Lesson 2 |
| Analyze business and security requirements for the end user. | Chapter 1: Lesson 2 Chapter 2: Lesson 2 Chapter 5: Lesson 1 and Lesson 2 |
| Analyze the structure of IT management. Considerations include type of administration, such as centralized or decentralized; funding model; outsourcing; decision-making process; and change-management process. | Chapter 4: Lesson 1 |
| Analyze the current physical model and information security model. | Chapter 2: Lesson 2 and Lesson 3 |
| Analyze internal and external security risks. | Chapter 1: Lesson 2 |
Analyzing Technical Requirements
| Skill Being Measured | Location in Book |
|---|---|
| Evaluate the company's existing and planned technical environment. | |
| Analyze company size and user and resource distribution. | Chapter 2: Lesson 2 and Lesson 3 |
| Assess the available connectivity between the geographic location of work sites and remote sites. | Chapter 13: Lesson 3 |
| Assess the net available bandwidth. | Chapter 2: Lesson 3 |
| Analyze performance requirements. | Chapter 1: Lesson 3 |
| Analyze the method of accessing data and systems. | Chapter 5: Lesson 1 Chapter 6: Lesson 1 |
| Analyze network roles and responsibilities. Roles include administrative, user, service, resource ownership, and application. | Chapter 4: Lesson 1 and Lesson 2 Chapter 2: Lesson 2 and Lesson 3 |
| Analyze the impact of the security design on the existing and planned technical environment. | |
| Assess existing systems and applications. | Chapter 1: Lesson 3 Chapter 2: Lesson 3 |
| Identify existing and planned upgrades and rollouts. | Chapter 1: Lesson 2 and Lesson 3 Chapter 8: Lesson 1 and Lesson 3 |
| Analyze technical support structure. | Chapter 4: Lesson 1 and Lesson 2 |
| Analyze existing and planned network and systems management. | Chapter 9: Lesson 4 Chapter 4: Lesson 1 and Lesson 2 |
Analyzing Security Requirements
| Skill Being Measured | Location in Book |
|---|---|
| Design a security baseline for a Windows 2000 network that includes domain controllers, operations masters, application servers, file and print servers, RAS servers, desktop computers, portable computers, and kiosks. | Chapter 8: Lesson 1 |
| Identify the required level of security for each resource. Resources include printers, files, shares, Internet access, and dial-in access. | Chapter 6: Lesson 1, Lesson 2, and Lesson 3 Chapter 15: Lesson 2 and Lesson 3 Chapter 13: Lesson 2 |
Designing a Windows 2000 Security Solution
| Skill Being Measured | Location in Book |
|---|---|
| Design an audit policy. | Chapter 2: Lesson 4 |
| Design a delegation of authority strategy. | Chapter 4: Lesson 1 Chapter 2: Lesson 3 |
| Design the placement and inheritance of security policies for sites, domains, and organizational units. | Chapter 7: Lesson 1 and Lesson 2 Chapter 8: Lesson 3 |
| Design an Encrypting File System strategy. | Chapter 6: Lesson 3 |
| Design an authentication strategy. | |
| Select authentication methods. Methods include certificate-based authentication, Kerberos authentication, clear-text passwords, digest authentication, smart cards, NTLM, RADIUS, and SSL. | Chapter 3: Lesson 1, Lesson 2, Lesson 3, and Lesson 4 Chapter 13: Lesson 5 Chapter 10: Lesson 3 |
| Design an authentication strategy for integration with other systems. | Chapter 3: Lesson 2 Chapter 16: Lesson 2 Chapter 10: Lesson 3 |
| Design a security group strategy. | Chapter 4: Lesson 1 Chapter 5: Lesson 1 |
| Design a Public Key Infrastructure. | |
| Design Certificate Authority (CA) hierarchies. | Chapter 10: Lesson 1 |
| Identify certificate server roles. | Chapter 10: Lesson 1 and Lesson 2 |
| Manage certificates. | Chapter 10: Lesson 2 |
| Integrate with third-party CAs. | Chapter 10: Lesson 1 |
| Map certificates. | Chapter 10: Lesson 3 |
| Design Windows 2000 network services security. | |
| Design Windows 2000 DNS security. | Chapter 9: Lesson 1 |
| Design Windows 2000 Remote Installation Services (RIS) security. | Chapter 9: Lesson 3 |
| Design Windows 2000 SNMP security. | Chapter 9: Lesson 4 |
| Design Windows 2000 Terminal Services security. | Chapter 9: Lesson 5 |
Designing a Security Solution for Access Between Networks
| Skill Being Measured | Location in Book |
|---|---|
| Provide secure access to public networks from a private network. | Chapter 15: Lesson 1, Lesson 2, Lesson 3, and Lesson 4 |
| Provide external users with secure access to private network resources. | Chapter 14: Lesson 1, Lesson 2, and Lesson 3 |
| Provide secure access between private networks. | |
| Provide secure access within a LAN. | Chapter 11: Lesson 1 and Lesson 2 Chapter 12: Lesson 1 and Lesson 2 |
| Provide secure access within a WAN. | Chapter 13: Lesson 3 Chapter 12: Lesson 1 and Lesson 2 |
| Provide secure access across a public network. | Chapter 13: Lesson 3 Chapter 12: Lesson 1 and Lesson 2 |
| Design Windows 2000 security for remote access users. | Chapter 13: Lesson 1, Lesson 2, Lesson 4, and Lesson 5 |
Designing Security for Communication Channels
| Skill Being Measured | Location in Book |
|---|---|
| Design an SMB-signing solution. | Chapter 11: Lesson 1 |
| Design an IPSec solution. | Chapter 12: Lesson 1 and Lesson 2 |
| Design an IPSec encryption scheme. | Chapter 12: Lesson 1 |
| Design an IPSec management strategy. | Chapter 12: Lesson 2 |
| Design negotiation policies. | Chapter 12: Lesson 1 |
| Design security policies. | Chapter 12: Lesson 1 and Lesson 2 |
| Design IP filters. | Chapter 12: Lesson 1 |
| Define security levels. | Chapter 12: Lesson 1 |
MCSE Training Kit (Exam 70-220): Designing Microsoft Windows 2000 Network Security: Designing Microsoft(r) Windows(r) 2000 Network Security (IT-Training Kits)
ISBN: 0735611343
EAN: 2147483647
EAN: 2147483647
Year: 2001
Pages: 172
Pages: 172
Authors: Microsoft Corporation