This self-paced training course combines notes, hands-on activities and labs, and review questions to teach you how to design security for a Windows 2000 network. It's designed to be completed from beginning to end, but you can choose a customized track and complete only the sections that interest you. (See the next section, "Finding the Best Starting Point for You," for more information.)
The book is divided into the following chapters:
Because this book is self-paced, you can skip some lessons and revisit them later. Use the following table to find the best starting point for you:
If You | Follow This Learning Path |
---|---|
Are preparing to take the Microsoft Certified Professional exam 70-220, Designing Security for a Microsoft Windows 2000 Network | Read the "Getting Started" section. Then work through Chapters 1 through 17 in order. |
Want to review information about specific topics from the exam | Use the "Where to Find Specific Skills in This Book" section that follows this table. |
NOTE
Exam skills are subject to change without prior notice and at the sole discretion of Microsoft.
The following table provides a list of the skills measured on certification exam 70-220, Designing Security for a Microsoft Windows 2000 Network. The table lists the skill and where in this book you will find the lesson relating to that skill.
Skill Being Measured | Location in Book |
---|---|
Analyze the existing and planned business models. | |
Analyze the company model and the geographical scope. Models include regional, national, international, subsidiary, and branch offices. | Chapter 2: Lesson 2 |
Analyze company processes. Processes include information flow, communication flow, service and product life cycles, and decision-making. | Chapter 1: Lesson 2 Chapter 1: Lesson 3 |
Analyze the existing and planned organizational structures. Considerations include management model; organization; vendor, partner, and company customer relationships; and acquisition plans. | Chapter 1: Lesson 2 |
Analyze factors that influence company strategies. | |
Identify company priorities. | Chapter 1: Lesson 2 |
Identify the projected growth and growth strategy. | Chapter 1:Lesson 2 |
Identify relevant laws and regulations. | Chapter 12: Lesson 1 |
Identify the company's tolerance for risk. | Chapter 1: Lesson 2 |
Identify the total cost of operations. | Chapter 1: Lesson 2 |
Analyze business and security requirements for the end user. | Chapter 1: Lesson 2 Chapter 2: Lesson 2 Chapter 5: Lesson 1 and Lesson 2 |
Analyze the structure of IT management. Considerations include type of administration, such as centralized or decentralized; funding model; outsourcing; decision-making process; and change-management process. | Chapter 4: Lesson 1 |
Analyze the current physical model and information security model. | Chapter 2: Lesson 2 and Lesson 3 |
Analyze internal and external security risks. | Chapter 1: Lesson 2 |
Skill Being Measured | Location in Book |
---|---|
Evaluate the company's existing and planned technical environment. | |
Analyze company size and user and resource distribution. | Chapter 2: Lesson 2 and Lesson 3 |
Assess the available connectivity between the geographic location of work sites and remote sites. | Chapter 13: Lesson 3 |
Assess the net available bandwidth. | Chapter 2: Lesson 3 |
Analyze performance requirements. | Chapter 1: Lesson 3 |
Analyze the method of accessing data and systems. | Chapter 5: Lesson 1 Chapter 6: Lesson 1 |
Analyze network roles and responsibilities. Roles include administrative, user, service, resource ownership, and application. | Chapter 4: Lesson 1 and Lesson 2 Chapter 2: Lesson 2 and Lesson 3 |
Analyze the impact of the security design on the existing and planned technical environment. | |
Assess existing systems and applications. | Chapter 1: Lesson 3 Chapter 2: Lesson 3 |
Identify existing and planned upgrades and rollouts. | Chapter 1: Lesson 2 and Lesson 3 Chapter 8: Lesson 1 and Lesson 3 |
Analyze technical support structure. | Chapter 4: Lesson 1 and Lesson 2 |
Analyze existing and planned network and systems management. | Chapter 9: Lesson 4 Chapter 4: Lesson 1 and Lesson 2 |
Skill Being Measured | Location in Book |
---|---|
Design a security baseline for a Windows 2000 network that includes domain controllers, operations masters, application servers, file and print servers, RAS servers, desktop computers, portable computers, and kiosks. | Chapter 8: Lesson 1 |
Identify the required level of security for each resource. Resources include printers, files, shares, Internet access, and dial-in access. | Chapter 6: Lesson 1, Lesson 2, and Lesson 3 Chapter 15: Lesson 2 and Lesson 3 Chapter 13: Lesson 2 |
Skill Being Measured | Location in Book |
---|---|
Design an audit policy. | Chapter 2: Lesson 4 |
Design a delegation of authority strategy. | Chapter 4: Lesson 1 Chapter 2: Lesson 3 |
Design the placement and inheritance of security policies for sites, domains, and organizational units. | Chapter 7: Lesson 1 and Lesson 2 Chapter 8: Lesson 3 |
Design an Encrypting File System strategy. | Chapter 6: Lesson 3 |
Design an authentication strategy. | |
Select authentication methods. Methods include certificate-based authentication, Kerberos authentication, clear-text passwords, digest authentication, smart cards, NTLM, RADIUS, and SSL. | Chapter 3: Lesson 1, Lesson 2, Lesson 3, and Lesson 4 Chapter 13: Lesson 5 Chapter 10: Lesson 3 |
Design an authentication strategy for integration with other systems. | Chapter 3: Lesson 2 Chapter 16: Lesson 2 Chapter 10: Lesson 3 |
Design a security group strategy. | Chapter 4: Lesson 1 Chapter 5: Lesson 1 |
Design a Public Key Infrastructure. | |
Design Certificate Authority (CA) hierarchies. | Chapter 10: Lesson 1 |
Identify certificate server roles. | Chapter 10: Lesson 1 and Lesson 2 |
Manage certificates. | Chapter 10: Lesson 2 |
Integrate with third-party CAs. | Chapter 10: Lesson 1 |
Map certificates. | Chapter 10: Lesson 3 |
Design Windows 2000 network services security. | |
Design Windows 2000 DNS security. | Chapter 9: Lesson 1 |
Design Windows 2000 Remote Installation Services (RIS) security. | Chapter 9: Lesson 3 |
Design Windows 2000 SNMP security. | Chapter 9: Lesson 4 |
Design Windows 2000 Terminal Services security. | Chapter 9: Lesson 5 |
Skill Being Measured | Location in Book |
---|---|
Provide secure access to public networks from a private network. | Chapter 15: Lesson 1, Lesson 2, Lesson 3, and Lesson 4 |
Provide external users with secure access to private network resources. | Chapter 14: Lesson 1, Lesson 2, and Lesson 3 |
Provide secure access between private networks. | |
Provide secure access within a LAN. | Chapter 11: Lesson 1 and Lesson 2 Chapter 12: Lesson 1 and Lesson 2 |
Provide secure access within a WAN. | Chapter 13: Lesson 3 Chapter 12: Lesson 1 and Lesson 2 |
Provide secure access across a public network. | Chapter 13: Lesson 3 Chapter 12: Lesson 1 and Lesson 2 |
Design Windows 2000 security for remote access users. | Chapter 13: Lesson 1, Lesson 2, Lesson 4, and Lesson 5 |
Skill Being Measured | Location in Book |
---|---|
Design an SMB-signing solution. | Chapter 11: Lesson 1 |
Design an IPSec solution. | Chapter 12: Lesson 1 and Lesson 2 |
Design an IPSec encryption scheme. | Chapter 12: Lesson 1 |
Design an IPSec management strategy. | Chapter 12: Lesson 2 |
Design negotiation policies. | Chapter 12: Lesson 1 |
Design security policies. | Chapter 12: Lesson 1 and Lesson 2 |
Design IP filters. | Chapter 12: Lesson 1 |
Define security levels. | Chapter 12: Lesson 1 |