Exam Overview


In this book, we have tried to follow Microsoft’s exam objectives as closely as possible. However, we have rearranged the order of some topics for a better flow, and included background material to help you understand the concepts and procedures that are included in the objectives. Following is a brief synopsis of the exam topics covered in the book:

  • Planning tools and documentation We begin with an overview of network infrastructure planning, introducing you to planning strategies and how to use planning tools. We will review the fundamentals of network design, including analysis of organizational needs. This includes such factors as information flow, management model and organizational structure, and centralization vs. decentralization issues. We discuss management priorities, including availability and fault tolerance, security, scalability, performance and cost. Next, we address user priorities, which include email communications, scheduling and task management, project collaboration, data storage and retrieval, Internet research, application services, print services and graphics/audio/video services. This chapter also looks at legal and regulatory considerations, how to calculate Total Cost of Ownership (TCO) and how to plan for future growth. We discuss how to develop a test network environment, and how to document the planning and network design process.

  • Planning server roles and server security You will first review server roles and ensure that you have an understanding of the many roles a Windows Server 2003 server can play on the network. We discuss domain controllers, file and print servers, DHCP, DNS and WINS servers, Web servers, database servers, mail servers, certification authorities and terminal services application servers. Then we delve into how to plan a server security strategy. Here we examine how to choose the right operating system according to security needs, how to identify minimum security requirements for your organization and how to identify the correct configurations to satisfy those security requirements. You will learn how to plan baseline security, first planning the secure baseline installation parameters and then enforcing default security settings on new computers, both client and server machines. We’ll show you how to customize server security, securing your servers according to their roles. Then we’ll walk you through the process of creating custom security templates and show you how to deploy security configurations.

  • Planning, Implementing and Maintaining the TCP/IP infrastructure We then examine the TCP/IP infrastructure, and you will learn all about the network protocols supported by Windows Server 2003 and how to identify the protocols to be used in your network environment. We discuss the advantages of the TCP/IP protocol suite and we also address the multi-protocol environment that is increasingly common in today’s business organizations. We will review TCP/IP basics, and then get into what’s new in TCP/IP for Server 2003. Specifically, we’ll discuss IGMP v3, IPv6 support, the alternate configuration feature, and automatic determination of interface metric. You’ll find out how to plan an IP addressing strategy, including how to analyze your addressing requirements and how to create an effective subnetting scheme. Then we will address methods for troubleshooting IP addressing problems, both those related to client configuration and those related to DHCP server issues. You’ll learn about transitioning to the next generation of IP, IPv6, and we’ll introduce IPv6 utilities such as Netsh commands, Ipsec6.exe, and the IPv6 PING and TRACERT parameters. We discuss 6to4 tunneling, the IPv6 Helper service, and connecting to the 6bone. Next, we’ll discuss the planning of the network topology. This includes analysis of hardware requirements and how to plan for the placement of physical resources. You’ll learn to plan network traffic management, and how to monitor network traffic and devices using Network Monitor and System Monitor. We’ll show you how to determine bandwidth requirements and how to optimize your network’s performance.

  • Planning, implementing and maintaining a routing strategy We first review the basics of IP routing, including the role of routing tables, static and dynamic routing, and routing protocols such as RIP and OSPF. You’ll learn to use the netsh commands related to routing, and then we’ll show you how to evaluate routing options. This includes selecting the proper connectivity devices, and we’ll discuss hubs, bridges, switches (layer 2, 3 and 4 varieties), and routers. We will look at how you can use a Windows Server 2003 machine as a router, and how to configure the Routing and Remote Access Service (RRAS) to do so. Next, we look at security considerations related to routing. We’ll show you how to analyze requirements for routing components from a security-conscious point of view, and discuss methods of simplifying the network topology to provide fewer attack points. This includes minimizing the number of network interfaces, the number of routes, and the number of routing protocols. We will also discuss router to router VPNs and packet filtering and firewalls, as well as setting the logging level. Finally, we cover how to troubleshoot IP routing issues. We’ll identify troubleshooting tools and take a look at some common routing problems, including those related to interface configuration, to RRAS configuration, to routing protocols, to TCP/IP configuration and to routing table configuration.

  • Planning, implementing and maintaining an Internet connectivity strategy We then turn to how to develop the best strategy for connecting your company’s Windows Server 2003 network to the Internet. We discuss connecting the LAN to the Internet using routed connections or translated connections (via Internet Connection Sharing or the RRAS Network Address Translation component). You’ll learn about virtual private networking, and how to use both Internet-based VPNs and router-to-router VPNs to provide connectivity to the company’s LAN from remote locations or connect two branch offices. We discuss the intricacies of demand-dial/on-demand connections and persistent connections, and explain the difference between one-way and two-way initiation. We also show you how to use remote access policies to control VPN connections, and we discuss VPN protocols supported by Windows Server 2003 and how to make VPN connections using either the Point to Point Tunneling Protocol (PPTP) or the Layer 2 Tunneling Protocol (L2TP). You’ll learn about VPN security and the authentication and encryption protocols that make your virtual network private. Next, we take a look at the Internet Authentication Service (IAS), and how it can provide centralized user authentication and authorization, centralized auditing and accounting, and extensibility and scalability. You’ll learn about IAS integration with Server 2003 RRAS and how to control authentication via remote access policies. We show you how to use the IAS MMC snap-in and how to implement monitoring of IAS, and we discuss the use of the IAS Software Developers’ Kit (SDK). Then we delve a little deeper into the IAS authentication methods, and discuss RADIUS access server support, wireless access points and authenticating switches. In the next section, we walk you through the process of using the Connection Manager Administration Kit (CMAK) to create service profiles, custom actions and custom Help, as well as VPN support, to make it easier for non-technical users to connect remotely without having to do complex configuration. We’ll talk about security issues pertaining to Connection Manager, and show you how to prevent editing of service profile files, how to prevent users from saving their passwords, and how to distribute service profiles securely.

  • Planning, implementing and maintaining a name resolution strategy You will learn how to plan for the best way of resolving host names on your network. We’ll present an overview of host naming, and how host names are resolved using the hosts file and using DNS. We’ll discuss issues involved in designing a DNS namespace, such as choosing the parent domain name, the conventions and limitations that govern host names, the relationship of DNS and the Active Directory, and how to support multiple namespaces. Then we move on to planning DNS server deployment. You’ll find out how to factor in such things as number of servers, server roles, server capacity and server placement. We’ll also show you how to plan for zone replication between your DNS servers, and we’ll address planning for forwarding and how DNS interacts with DHCP on a Server 2003 network. We’ll discuss Server 2003 DNS server interoperability with BIND and other non-Windows DNS implementations. You’ll learn about zone transfers between Server 2003 DNS servers and BIND servers, and we’ll discuss supporting Active Directory with BIND. You’ll learn about split DNS configurations and how interoperability relates to other services such as WINS and DHCP. Next, we address DNS security issues, including common DNS threats such as footprinting, redirection and DNS DoS attacks. You’ll learn how to best secure your DNS deployment, using a split namespace and using packet filtering. We’ll discuss how to determine the best DNS security level for your network. Next, we look at DNS performance issues. We show you how to monitor DNS server performance and how to analyze DNS server tests. In the next section, we’ll address NetBIOS name resolution and provide an overview of how NetBIOS names are resolved using lmhosts files and NetBIOS Name Servers such as WINS servers. You’ll find out what’s new for WINS in Server 2003, and we’ll show you how to plan WINS server deployment and how to plan for WINS replication. We’ll walk you through the process of configuring WINS replication partnerships, including Push Only, Pull Only and Push/Pull configurations. We’ll also discuss common WINS issues, including configuration issues, performance issues and security issues. We’ll show you how to plan for WINS database backup, and how to troubleshoot name resolution problems related to both host names and NetBIOS names.

  • Planning, implementing and maintaining a remote access strategy We examine the issues and procedures involved in devising a remote access strategy, including planning tasks such as analyzing organizational needs, analyzing user needs, and selecting the remote access types that will be allowed (dial-in, VPN, and/or wireless). We’ll discuss design considerations related to dial-in access, such as the allocation of IP addresses, how to determine incoming port needs, and how to select the best administrative model based on your organizational needs and the functional level of your domain. Next, we’ll talk about design considerations related to VPN access. You’ll learn how to select the VPN protocols to be allowed, based on client support, PKI requirements and the need for data integrity and sender authentication. You’ll learn how to install machine certificates, how to configure firewall filters, and how to create access policies governing VPN connections. In the next section, you’ll learn about the design considerations that relate to wireless remote access. We’ll discuss the use of IAS for wireless connections, and how to configure remote access policies for wireless connections. We’ll address the use of multiple wireless access points, and the advantages of placing a certification authority on a Virtual LAN (VLAN) for new wireless clients. We’ll also show you how to configure wire access points (WAPs) as RADIUS clients. Next, we move on to planning overall security strategies for remote access connections. We’ll discuss the best practices in selecting authentication methods that will be allowed, and the benefits of disallowing insecure password based connections such as PAP, SPAP, CHAP and MS-CHAPv1). We’ll then look at the more secure methods such as MS-CHAPv2 and EAP, and discuss the advantages of using RADIUS/IAS rather than Windows authentication. We’ll also address the selection of the data encryption level, and other security measures such as requiring callback, mandating operating system and file system choices, using managed connections and using smart cards for remote access. We’ll delve deeply into the subject of remote access policies, and show you how to authorize remote access by user or group, how to restrict remote access in various ways, and how to control remote connections.

  • Planning, implementing and maintaining a high availability strategy We then look at the concept of high availability and how it can be attained. We’ll provide an overview of performance bottlenecks and what causes them, and show you how to identify such common system bottlenecks as memory, processor, disk and network components. We’ll walk you through the steps of using the System Monitor to monitor server performance, and show you how to use Event Viewer and service logs to monitor server issues, as well. Next, we show you how to plan a backup and recovery strategy. We’ll introduce you to the Windows Backup utility, and ensure that you understand the differences between full, incremental and differential backups. We’ll also discuss the use of volume shadow copies as a backup option. You’ll learn how to decide what information should be backed up, and we’ll show you how to back up user data, system state data, the DHCP, WINS and DNS databases and cluster disk signatures and partition layouts. We’ll walk you through the process of using the Windows Backup administrative tool, including the Backup and Restore Wizard feature and the Advanced Mode feature. We’ll also discuss the use of command line tools. Next, we’ll talk about how to select your backup media, and you’ll learn about scheduling backups and how to restore data from backup when necessary. In the next section, we’ll address how to plan for system recovery using the Automated System Recovery (ASR). You’ll learn about system services, how to make an ASR backup and how to do an ASR restore. We’ll explain how ASR works, and discuss alternatives to ASR such as Safe Mode boot and Last Known Good. Finally, we’ll discuss the importance of planning for fault tolerance, including solutions aimed at providing fault tolerance for local network connectivity, for Internet connectivity, for data on disk, and for mission-critical servers.

  • Windows Cluster Services and Network Load Balancing We will look at the ultimate in fault tolerance: server clustering, and shows you how you can make clustering services part of your enterprise-level organization’s high availability plan. We’ll start by introducing you to the terminology and concepts involved in understanding clustering; you’ll learn about cluster nodes, cluster groups, failover and failback, name resolution as it pertains to cluster services, and how server clustering works. We’ll discuss three cluster models: single node, single quorum device and majority node set. Then we’ll talk about cluster deployment options, including N-node failover pairs, hot standby server/N+1, failover ring and random. You’ll learn about cluster administration and we’ll show you how to use the cluster administrator tool as well as provided command line tools. Next, we’ll discuss best practices for deploying server clusters. You’ll learn about hardware issues, especially those related to network interface controllers, storage devices, power saving features and general compatibility issues. We’ll discuss cluster network configuration and you’ll learn about multiple interconnections and node-to-node communication. We’ll talk about the importance of binding order, adapter settings, and TCP/IP settings, and we’ll discuss the default cluster group. Next, we’ll move on to the subject of security for server clusters. This includes physical security, public/mixed networks, private networks, secure remote administration of cluster nodes, security issues involving the cluster service account and how to limit client access. We’ll also talk about how to secure data in a cluster, how to secure disk resources, and how to secure cluster configuration log files. The next section addresses how to make Network Load Balancing (NLB) part of your high availability plan. We introduce you to NLB concepts such as hosts/default host, load weight, traffic distribution and convergence and heartbeats. You’ll learn how NLB works, and the relationship of NLB to clustering. We’ll show you how to manage NLB clusters using the NLB Manager tool, remote management and the command line tools. We’ll also discuss NLB error detection and handling. Next, we’ll move on to monitoring NLB using the NLB Monitor MMC snap-in or using the Windows Load Balancing Service (WLBS) cluster control utility. We discuss best practices for implementing and managing NLB, including issues such as multiple network adapters, protocols and IP addressing, and NLB Manager logging. Finally, we address NLB security.

  • Planning, implementing and maintaining Internet Protocol Security We then turn to Windows Server 2003’s implementation of the Internet Protocol Security protocol (IPSec). We start by introducing IPSec terminology and concepts and explaining how IPSec works “under the hood” to secure data in transit over the network. We discuss the purposes of IPSec encryption: authentication, integrity and confidentiality. You’ll learn about how IPSec operates in either of two modes: tunnel or transport. You’ll also learn about the protocols used by IPSec. These include the two primary protocols: the Authentication Header (AH) protocol and the Encapsulating Security Payload (ESP) protocol. We’ll also discuss the roles of additional protocols used by IPSec, including the Internet Security and Key Management Protocol (ISAKMP), Internet Key Exchange (IKE), the Oakley key determination protocol and the Diffie-Hellman key agreement protocol. You’ll also learn about Server 2003’s IPSec components such as the IPSec driver and we’ll discuss the relationship of IPSec to IPv6. Next, we’ll show you how to deploy IPSec on your network, taking into consideration organizational needs and security levels, and help you determine the appropriate authentication methods. You’ll learn about managing IPSec and we’ll walk you through the process of using the IPSec MMC snap-in as well as the command line tools. We’ll discuss the role of IPSec policies, including default and custom policies, and we’ll show you how to assign and apply policies. We’ll also talk about IPSec security considerations and issues, including the use of a strong encryption algorithm (3DES), authentication methods, firewall packet filtering, unprotected traffic, Diffie-Hellman groups and the use of pre-shared keys. We’ll show you how to use RSoP and the RSoP MMC snap-in to view policy assignments and to simulate policy assignments for deployment planning.

  • Planning, implementing and maintaining a security framework We look at several aspects of creating an effective security framework for your organization’s network. First, we look at how to plan and implement Active Directory security. This includes such measures as physically securing domain controllers, securing the schema, managing cross-forest security relationships, account security and implementing Active Directory access controls. Next, we discuss the issues and procedures involved in planning and implementing wireless security. We’ll provide an overview of the terminology and concepts relating to 802.11 wireless technologies and you’ll learn about authenticators and supplicants, as well as how wireless networking works “under the hood.” We’ll discuss authentication methods for wireless networks, including such authentication subtypes as open system and shared key. You’ll learn about the protocols generally used for wireless authentication, including the Extensible Authentication Protocol (EAP), EAP-Transport Layer Security (EAP-TLS), EAP-MS-CHAPv2, and the Protected Extensible Authentication Protocol (PEAP). We’ll also talk about using IAS with wireless. We’ll address wireless security issues such as common insecure default settings (administrative password, SSID, and WEP settings) and the weaknesses of Wired Equivalent Privacy protocol (WEP) encryption, as well as how WEP can be made more secure. Next, we’ll move on to discuss security monitoring, and we’ll address object based access control and security policies, including password policies, Kerberos policies, account lockout policies, user rights and the use of security templates. We’ll also talk about security auditing, and you’ll learn to set the auditing policy, modify the security log settings and audit objects such as files or folders. In the next section, you’ll learn about planning a Change and Configuration Management framework. We’ll walk you through the steps of using the Security Configuration Manager tool as well as command line tools included with Windows Server 2003. We’ll also discuss Security Analysis and Configuration best practices. Finally, we take you through the process of planning a security update infrastructure. You’ll understand the importance of regular security updates and you’ll learn to use the Microsoft Baseline Security Analyzer (MBSA) and the Microsoft Software Update Services to ensure that your Server 2003’s security features are always current.

  • Planning, implementing and maintaining a public key infrastructure We will examine the complex issues involved in planning a certificate based PKI. We’ll provide an overview of the basic terminology and concepts relating to the public key infrastructure, and you’ll learn about public key cryptography and how it is used to authenticate the identity of users, computers, and applications/services. We’ll discuss the role of digital certificates and the different types of certificates (user, machine and application certificates). You’ll learn about certification authorities (CAs), the servers that issue certificates, including both public CAs and private CAs such as the ones you can implement on your own network using Server 2003’s certificate services. Next, we’ll discuss the CA hierarchy, and how root CAs and subordinate CAs act together to provide for your organization’s certificate needs. You’ll find out how the Microsoft certificate services work, and we’ll walk you through the steps involved in implementing one or more certification authorities based on the needs of the organization. You’ll learn to determine the appropriate CA type—enterprise or standalone CA—for a given situation, and how to plan the CA hierarchy and provide for security of your CAs. We’ll show you how to plan for enrollment and distribution of certificates, including the use of certificate requests, role based administration and autoenrollment deployment. Next, we’ll discuss how to implement the use of smart cards for authentication within the PKI. You’ll learn what smart cards are and how smart card authentication works, and we’ll show you how to deploy smart card logon on your network. We’ll discuss smart card readers and show you how to set up a smart card enrollment station. Finally, we’ll discuss the procedures for using smart cards to log onto Windows, for remote access and VPNs and to log onto a terminal server.




MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure. Exam 70-293 Study Guide and DVD Training System
MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293 Study Guide and DVD Training System
ISBN: 1931836930
EAN: 2147483647
Year: 2003
Pages: 173

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net