MCSEMCSA Implementing Administering Security in a Windows 2000 Network Study Guide (Exam 70-214) | MCSE/MCSA Implementing and Administering Security in a Windows 2000 Network: Study Guide and DVD Training System (Exam 70-214)

Will Schmied
Robert J. Shimonski
Dr. Thomas W. Shinder Technical Editor
Tony Piltzecker Technical Editor

Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively "Makers") of this book ("the Work") do not guarantee or warrant the results to be obtained from the Work.

There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state.

In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.

You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files.

Syngress Media®, Syngress®, "Career Advancement Through Skill Enhancement®," "Ask the Author UPDATE®," and "Hack Proofing®," are registered trademarks of Syngress Publishing, Inc. "Mission Critical™," and "The Only Way to Stop a Hacker is to Think Like One™" are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.

KEY	SERIAL NUMBER
001	PV43kfu7GY
002	Q29T6CN7VA
003	8C38A9HF5X
004	Z6TN247H9Y
005	7PT5R3T8MS
006	3SHX6BNC4E
007	G8PQND42AK
008	9EU6BKM8D7
009	SU76W4KDFH
010	5BUF397V2Z

PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370

MCSE Implementing and Administering Security in a
Windows 2000 Network Study Guide & DVD Training System

Copyright © 2003 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

1 2 3 4 5 6 7 8 9 0

ISBN: 1-931836-84-1

Technical Editor: Thomas W. Shinder M.D and Tony Piltzecker
Technical Reviewer: Robert J. Shimonski
Acquisitions Editor: Jonathan Babcock
DVD Production: Michael Donovan
Cover Designer: Michael Kavish
Page Layout and Art by: Shannon Tozier
Copy Editor: Darlene Bordwell and Judy Edy
Indexer: Rich Carlson

Distributed by Publishers Group West in the United States and Jaguar Book Group in Canada.

Acknowledgments

We would like to acknowledge the following people for their kindness and support in making this book possible.

Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Kevin Votel, Kent Anderson, Frida Yara, Jon Mayes, John Mesjak, Peg O'Donnell, Sandra Patterson, Betty Redmond, Roy Remer, Ron Shapiro, Patricia Kelly, Andrea Tetrick, Jennifer Pascal, Doug Reil, David Dahl, Janis Carpenter, and Susan Fryer of Publishers Group West for sharing their incredible marketing experience and expertise.

Duncan Enright, AnnHelen Lindeholm, David Burton, Febea Marinetti, and Rosie Moss of Elsevier Science for making certain that our vision remains worldwide in scope.

David Buckland, Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, and Joseph Chan of Transquest Publishers for the enthusiasm with which they receive our books.

Kwon Sung June at Acorn Publishing for his support.

Jackie Gross, Gayle Voycey, Alexia Penny, Anik Robitaille, Craig Siddall, Darlene Morrow, Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associates for all their help and enthusiasm representing our product in Canada.

Lois Fraser, Connie McMenemy, Shannon Russell, and the rest of the great folks at Jaguar Book Group for their help with distribution of Syngress books in Canada.

David Scott, Annette Scott, Geoff Ebbs, Hedley Partis, Bec Lowe, and Mark Langley of Woodslane for distributing our books throughout Australia, New Zealand, Papua New Guinea, Fiji Tonga, Solomon Islands, and the Cook Islands.

Winston Lim of Global Publishing for his help and support with distribution of Syngress books in the Philippines.

Author

Will Schmied (BSET, MCSE, CWNA, MCSA, Security+, Network+, A+) is a featured writer on Windows 2000 and Windows XP technologies for CramSession.com. He has also authored several works for various Microsoft certification exams. Will provides consulting and training on Microsoft products to small and medium sized organizations in the Hampton Roads, VA area. He holds a bachelor's degree in Mechanical Engineering Technology from Old Dominion University and is a member of the American Society of Mechanical Engineers and the National Society of Professional Engineers. Will currently resides in Newport News, VA with his wife, Allison, and their children, Christopher, Austin, Andrea, and Hannah.

Contributors

Dave Bixler is the Technology Services Manager and Information Security Officer for Siemens Business Systems Inc., one of the world's leading IT service providers, where he heads a consulting group responsible for internal IT consulting, and is also responsible for information security company-wide. Dave has been working in the computer industry for longer than he cares to remember, working on everything from paper tape readers to Windows .NET servers. He currently focuses on Internet technologies, specifically thin client servers, transparent proxy servers, and information security. Dave's industry certifications include Microsoft's MCP and MCSE, and Novell's MCNE.

Martin Grasdal (MCSE+I, MCSE/W2K, MCT, CISSP, CTT, A+), Director of Web Sites and CTO at Brainbuzz.com, has worked in the computer industry for over nine years. He has been an MCT since 1995 and an MCSE since 1996. His training and networking experience covers a broad range of products, including NetWare, Lotus Notes, Windows NT and 2000, Exchange Server, IIS, Proxy Server, and ISA Server. Martin also works actively as a consultant. His recent consulting experience includes contract work for Microsoft as a Technical Contributor to the MCP Program on projects related to server technologies. Martin has served as Technical Editor for several Syngress books, including Configuring ISA Server 2000: Building Firewalls for Windows 2000 (ISBN: 1-928994-29-6), and Configuring and Troubleshooting Windows XP Professional (ISBN: 1-928994-80-6). Martin lives in Edmonton, Alberta, Canada with his wife, Cathy, and their two sons.

Technical Reviewer & Contributor

Robert J. Shimonski (Sniffer SCP, Cisco CCDP, CCNP, Nortel NNCSS, MCSE, MCP+I, Master CNE, CIP, CIBS, CWP, CIW, GSEC, GCIH, Server+, Network+, i-Net+, A+, e-Biz+, TICSA, SPS) is the Lead Network Engineer and Security Analyst for Thomson Industries, a leading manufacturer and provider of linear motion products and engineering. One of Robert's responsibilities is to use multiple network analysis tools to monitor, baseline, and troubleshoot an enterprise network comprised of many protocols and media technologies.

Robert currently hosts an online forum for TechTarget.com and is referred to as the "Network Management Answer Man," where he offers daily solutions to seekers of network analysis and management advice. Robert's other specialties include network infrastructure design with the Cisco and Nortel product line for enterprise networks. Robert also provides network and security analysis using Sniffer Pro, Etherpeek, the CiscoSecure Platform (including PIX Firewalls), and Norton's AntiVirus Enterprise Software.

Robert has contributed to many articles, study guides and certification preparation software, Web sites, and organizations worldwide, including MCP Magazine, TechTarget.com, BrainBuzz.com, and SANS.org. Robert's background includes positions as a Network Architect at Avis Rent A Car and Cendant Information Technology. Robert holds a bachelor's degree from SUNY, NY and is a part time Licensed Technical Instructor for Computer Career Center in Garden City, NY teaching Windows-based and Networking Technologies. Robert is also a contributing author for Configuring and Troubleshooting Windows XP Professional (Syngress Publishing, ISBN: 1-928994-80-6) BizTalk Server 2000 Developer's Guide for .NET (Syngress, ISBN: 1-928994-40-7), and Sniffer Pro Network Optimization & Troubleshooting Handbook (Syngress, ISBN: 1-931836-57-4).

Technical Editors

Thomas W. Shinder M.D. (MVP, MCSE) is a computing industry veteran who has worked as a trainer, writer, and a consultant for Fortune 500 companies including FINA Oil, Lucent Technologies, and Sealand Container Corporation. Tom was a Series Editor of the Syngress/Osborne Series of Windows 2000 Certification Study Guides and is author of the best selling book Configuring ISA Server 2000: Building Firewalls with Windows 2000 (Syngress Publishing, ISBN: 1-928994-29-6). Tom is the editor of the Brainbuzz.com Win2k News newsletter and is a regular contributor to TechProGuild. He is also content editor, contributor, and moderator for the World's leading site on ISA Server 2000, www.isaserver.org. Microsoft recognized Tom's leadership in the ISA Server community and awarded him their Most Valued Professional (MVP) award in December of 2001.

Tony Piltzecker (CISSP, MCSE, CCNA, Check Point CCSA, Citrix CCA, Security+) is author of the CCSA Exam Cram and co-author of the Security+ Study Guide and DVD Training System (Syngress Publishing, ISBN: 1-931836-72-8). He is a Network Architect with Planning Systems Inc., providing network design and support for federal and state agencies. Tony's specialties include network security design, implementation, and testing. Tony's background includes positions as a senior networking consultant with Integrated Information Systems and a senior engineer with Private Networks, Inc. He holds a bachelor's degree in Business Administration and is a member of ISSA. Tony resides in Leominster, MA with his wife, Melanie, and his daughter, Kaitlyn.

About the Study Guide & DVD Training System

In this book, you'll find lots of interesting sidebars designed to highlight the most important concepts being presented in the main text. These include the following:

Exam Warnings focus on specific elements on which the reader needs to focus in order to pass the exam.
Test Day Tips are short tips that will help you in organizing and remembering information for the exam.
Notes from the Underground contain background information that goes beyond what you need to know from the exam, providing a deep foundation for understanding the security concepts discussed in the text.
Damage and Defense relate real-world experiences to security exploits while outlining defensive strategies.
Head of the Class discussions are based on the author's interactions with students in live classrooms and the topics covered here are the ones students have the most problems with.

Each chapter also includes hands-on exercises. It is important that you work through these exercises in order to be confident you know how to apply the concepts you have just read about.

You will find a number of helpful elements at the end of each chapter. For example, each chapter contains a Summary of Exam Objectives that ties the topics discussed in that chapter to the published objectives. Each chapter also contains an Exam Objectives Fast Track, which boils all exam objectives down to manageable summaries that are perfect for last minute review. The Exam Objectives Frequently Asked Questions answers those questions that most often arise from readers and students regarding the topics covered in the chapter. Finally, in the Self Test section, you will find a set of practice questions written in a multiple-choice form similar to those you will encounter on the exam. You can use the Self Test Quick Answer Key that follows the Self Test questions to quickly determine what information you need to review again. The Self Test Appendix at the end of the book provides detailed explanations of both the correct and incorrect answers.

Additional Resources

There are two other important exam preparation tools included with this Study Guide. One is the DVD included in the back of this book. The other is the practice exam available from our website.

Instructor-led training DVD provides you with almost two hours of virtual classroom instruction. Sit back and watch as an author and trainer reviews all the key exam concepts from the perspective of someone taking the exam for the first time. Here, you'll cut through all of the noise to prepare you for exactly what to expect when you take the exam for the first time. You will want to watch this DVD just before you head out to the testing center!
Web based practice exams. Just visit us at www.syngress.com/certification to access a complete Exam Simulation. These exams are written to test you on all of the published certification objectives. The exam simulator runs in both "live" and "practice" mode. Use "live" mode first to get an accurate gauge of your knowledge and skills, and then use practice mode to launch an extensive review of the questions that gave you trouble.

MCSE/MCSA 70-214 Exam Objectives Map and Table of Contents

All of Microsoft's published objectives for the MCSE/MCSA 70-214 Exam are covered in this book. To help you easily find the sections that directly support particular objectives, we've listed all of the exam objectives below, and mapped them to the Chapter number and heading in which they are covered. We've also assigned numbers to each objective, which we use in the subsequent Table of Contents and again throughout the book to identify objective coverage. In some chapters, we've made the judgment that it is probably easier for the student to cover objectives in a slightly different sequence than the order of the published Microsoft objectives. By reading this study guide and following the corresponding objective list, you can be sure that you have studied 100% of Microsoft's MCSE/MCSA 70-214 Exam objectives.

Exam Objective Map
Objective Number	Objective	Chapter Number	Chapter Heading
1	Implementing, Managing, and Troubleshooting Baseline Security
1.1	Configure security templates.	1	Configuring Basic Windows 2000 Security with Templates
1.1.1	Configure registry and file system permissions.	1	Registry, File System
1.1.2	Configure account policies.	1	Account Policies
1.1.3	Configure audit policies.	1	Local Policies
1.1.4	Configure user rights assignment.	1	Local Policies
1.1.5	Configure security options.	1	Local Policies
1.1.6	Configure system services.	1	System Services
1.1.7	Configure restricted groups.	1	Restricted Groups
1.1.8	Configure event logs.	1	Event Log
1.2	Deploy security templates. Deployment methods include using Group Policy and scripting.	1	Deploying Security Templates Analyzing Your Security Configuration
1.3	Troubleshoot security template problems. Considerations include Group Policy, upgraded operating systems, and mixed client-computer operating systems.	2	Security Template Application Issues
1.4	Configure additional security based on computer roles. Computer roles include Microsoft SQL Server computer, Microsoft Exchange Server computer, domain controller, Internet Authentication Service (IAS) server, Internet Information Services (IIS) server, and mobile client computer.	2	Configuring Role-Based Server Security
1.5	Configure additional security for client-computer operating systems by using Group Policy.	2	Creating Secure Workstations
2	Implementing, Managing, and Troubleshooting Service Packs and Security Updates
2.1	Determine the current status of service packs and security updates. Tools include MBSA and HFNetChk	3	Identifying Required Updates
2.2	Install service packs and security updates. Considerations include slipstreaming and using Remote Installation Services (RIS), custom scripts, and isolated networks.	3	Deploying and Managing Updates
2.2.1	Install service packs and security updates on new client computers and servers. Considerations include slipstreaming and using RIS, custom scripts, and isolated networks.	3	Installing Updates on New Computers
2.3	Manage service packs and security updates. Considerations include server computers and remote client computers. Tools include Microsoft Software Update Service, Automatic Updates, and SMS.	3	Deploying and Managing Updates
2.4	Troubleshoot the deployment of service packs and security updates. Typical issues include third-party application compatibility, permissions, and version conflicts	3	Troubleshooting Update Installations
3	Implementing, Managing, and Troubleshooting Secure Communication Channels
3.1	Configure IPSec to secure communication between networks and hosts. Hosts include domain controllers, Internet Web servers, databases, e-mail servers, and client computers.	6	Deploying and Troubleshooting Windows IP Security
3.1.1	Configure IPSec authentication.	6	Deploying and Troubleshooting Windows IP Security
3.1.2	Configure appropriate encryption levels.	6	Confidentiality
3.1.3	Configure the appropriate IPSec protocol. Protocols include AH and ESP.	6	IPSec Security Services
3.1.4	Deploy and manage IPSec certificates. Considerations include renewing certificates.	4	Certificate Authorities
3.2	Troubleshoot IPSec. Typical issues include IPSec rule configurations, firewall configurations, routers, and authentication.	6	Deploying and Troubleshooting Windows IP Security
3.3	Implement security for wireless networks.	7	Wireless LAN Security Issues Wireless LAN Security: It's Not Perfect Should You Use Wep? IEEE 802.1x Vulnerabilites Additional Secuirty Measures for Wireless LANs Implementing Wireless LAN Security: Common Best Practices
3.3.1	Configure public and private wireless LANs.	7	Configuring Windows Client Computers for Wireless LAN Security
3.3.2	Configure wireless encryption levels. Levels include WEP and802.1x.	7	Wired Equivalent Privacy 802.1x Authentication
3.3.3	Configure wireless network connection settings on client computers. Client-computer operating systems include Windows 2000 Professional, Windows XP Professional, and Windows CE 3.0.	7	Configuring Windows Client Computers for Wireless LAN Security
3.4	Configure Server Message Block (SMB) signing to support packet authentication and integrity.	2	Securing Server Message Block Traffic
3.5	Deploy and manage SSL certificates. Considerations include renewing certificates and obtaining self-issued certificates versus public- issued certificates.	8	Configuring Web Site Authentication
3.5.1	Obtain public and private certificates.	4	Requesting a Certificate Exporting and Importing Certificates
3.5.2	Install certificates for SSL.	8	Configuring Web Site Authentication
3.5.3	Renew certificates.	4	Requesting a Certificate Exporting and Importing Certificates
3.6	Configure SSL to secure communication channels. Communication channels include client computer to Web server, Web server to SQL Server computer, client computer to Active Directory domain controller, and e-mail server to client computer	8	Configuring Web Site Authentication
4	Configuring, Managing, and Troubleshooting Authentication and Remote Access Security
4.1	Configure and troubleshoot authentication.	8	Configuring User Authentication
4.1.1	Configure authentication protocols to support mixed Windows client-computer environments.	8	Configuring User Authentication
4.1.2	Configure the interoperability of Kerberos authentication with UNIX computers.	8	Configuring Interoperability with UNIX Servers
4.1.3	Configure authentication for extranet scenarios.	8	Authentication for External Users
4.1.4	Configure trust relationships.	8	Configuring Kerberos Trusts
4.1.5	Configure authentication for members of non-trusted domain authentication.	8	Configuring Web Authentication
4.2	Configure and troubleshoot authentication for Web users. Authentication types include Basic, Integrated Windows, anonymous, digest, and client certificate mapping.	8	Configuring Web Authentication
4.3	Configure authentication for secure remote access. Authentication types include PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-TLS, and Multi-factor authentication with smart cards and EAP.	9	Remote Access Authentication Methods Configuring Network Clients for Secure Remote Access
4.4	Configure and troubleshoot virtual private network (VPN) protocols. Considerations include Internet service provider (ISP), client-computer operating system, Network Address Translation (NAT) devices, Routing and Remote Access server, and firewall server.	9	Configuring a Remote Access Server (RAS) Configuring a Virtual Private Networking (VPN) Server Configuring Network Clients for Secure Remote Access
4.5	Manage client-computer configuration for remote access security. Tools include remote access policy and Connection Manager Administration Kit.	9	Using the Connection Manager Administration Kit (CMAK)
5	Implementing and Managing a Public Key Infrastructure (PKI) and Encrypting File System (EFS)
5.1	Install and configure Certificate Authority (CA) hierarchies. Considerations include enterprise, standalone, and third-party.	4	Installing and Managing Windows 2000 Certificate Authorities
5.1.1	Install and configure the root, intermediate, and issuing CA. Considerations include renewals and hierarchy.	4	Installing and Managing Windows 2000 Certificate Authorities
5.1.2	Configure certificate templates. Considerations include LDAP queries, HTTP queries, and third-party CAs.	4	Configuring Certificate Templates
5.1.3	Configure the publication of Certificate Revocation Lists (CRLs).	4	Configuring Publication of Certificate Revocation Lists (CRLs)
5.1.4	Configure public key Group Policy.	4	Configuring Public Key Group Policy
5.1.5	Configure certificate renewal and enrollment.	4	Requesting a Certificate
5.1.6	Deploy certificates to users, computers, and CAs.	4	Requesting a Certificate Exporting and Importing Certificates
5.2	Manage Certificate Authorities (CAs). Considerations include enterprise, stand-alone, and third-party.	4	Installing and Managing Windows 2000 Certificate Authorities
5.2.1	Enroll and renew certificates.	4	Requesting a Certificate
5.2.2	Revoke certificates.	4	Revoking Certificates
5.2.3	Manage and troubleshoot Certificate Revocation Lists (CRLs). Considerations include publishing the CRL.	4	Configuring Publication of Certificate Revocation Lists (CRLs)
5.2.4	Back up and restore the CA.	4	Backing Up and Restoring Certificate Services
5.3	Manage client-computer and server certificates. Considerations include SMIME, EFS, exporting, and storage.	4	Advanced Certificate Management Issues Exporting and Importing Certificates
5.3.1	Publish certificates through Active Directory.	4	Publishing Certificates in Active Directory
5.3.2	Issue certificates using MMC, Web enrollment, programmatic, or auto enrollment using Windows XP.	4	Requesting a Certificate Windows XP auto enrollment
5.3.3	Recover KMS-issued keys.	4	Recovering KMS Issued Keys
5.4	Manage and troubleshoot EFS. Considerations include domain members, workgroup members, and client-computer operating systems.	5	User Operations EFS Architecture and Troubleshooting
6	Monitoring and Responding to Security Incidents
6.1	Configure and manage auditing. Considerations include Windows Events, Internet Information Services (IIS), firewall log files, Network Monitor Log, and RAS log files.	10	Auditing Windows 2000 Auditing IIS Auditing Best Practices
6.1.1	Manage audit log retention.	10	Auditing Best Practices
6.1.2	Manage distributed audit logs by using EventComb.	10	Windows Auditing Tools
6.2	Analyze security events. Considerations include reviewing logs and events.	10	Auditing Best Practices
6.3	Respond to security incidents. Incidents include hackers, viruses, denial-of-service (DoS) attacks, natural disasters, and maintaining chains of evidence.	11	Security Incidents Malware Issues Incident Response
6.3.1	Isolate and contain the incident. Considerations include preserving the chain of evidence.	11	Chain of Custody
6.3.2	Implement counter measures.	11	Incident Response
6.3.3	Restore services.	11	Incident Response

Syngress knows what passing the exam means to you and to your career. And we know that you are often financing your own training and certification; therefore, you need a system that is comprehensive, affordable, and effective.

Boasting one-of-a-kind integration of text, DVD-quality instructor-led training, and Web-based exam simulation, the Syngress Study Guide & DVD Training System guarantees 100% coverage of exam objectives.

The Syngress Study Guide & DVD Training System includes:

Study Guide with 100% coverage of exam objectives By reading this study guide and following the corresponding objective list, you can be sure that you have studied 100% of the exam objectives.
Instructor-led DVD This DVD provides almost two hours of virtual classroom instruction.
Web-based practice exams Just visit us at www.syngress.com/certification to access a complete exam simulation.

Thank you for giving us the opportunity to serve your certification needs. And be sure to let us know if there's anything else we can do to help you get the maximum value from your investment. We're listening.

 www.syngress.com/certification