This books primary goal is to help you prepare to take and pass Microsofts exam number 70-298, Designing Security for a Microsoft Windows Server 2003 Network. Our secondary purpose in writing this book is to provide exam candidates with knowledge and skills that go beyond the minimum requirements for passing the exam, and help to prepare them to work in the real world of Microsoft computer networking.
Exam 70-298 will fulfill the Design Exam requirement for the Microsoft Certified Systems Engineer (MCSE) certification, as well as for the new MCSE: Security specialization. Passing the 70-298 exam will also earn Microsoft Certified Professional (MCP) certification. Microsofts stated target audience consists of IT professionals with at least one year of work experience on a medium or large company network. This means a multi-site network with at least three domain controllers, running typical network services such as file and print services, database, firewall services, proxy services, remote access services and Internet connectivity. In addition, an MCSE candidate should also have one years experience in designing a network infrastructure and administering a desktop operating system.
However, not everyone who takes Exam 70-298 will have this ideal background. Many people will take this exam after classroom instruction or self-study to advance in the networking or security field. Many of those who do have job experience in IT will not have had the opportunity to work with all of the technologies covered by the exam. In this book, our goal is to provide background information that will help you to understand the concepts and procedures described even if you dont have the requisite experience, while keeping our focus on the exam objectives.
Exam 70-298 measures your ability to analyze business information for a secure network infrastructure, and to design a solution that meets those requirements. Objectives are case study-oriented, and include the following:
Creating the Conceptual Design for Network Infrastructure Security by Gathering and Analyzing Business and Technical Requirements This requires you to analyze your organizations business requirements for designing security. Some possible considerations include existing policies and procedures, sensitivity of data, cost, legal requirements, end- user impact, interoperability, maintainability, scalability, and risk. You should also be familiar with design a framework for designing and implementing security, including tasks such as intrusion prevention, detection, isolation, and recovery. You will also need to be able to analyze technical constraints when designing security, including understanding the capabilities of existing hardware and addressing any interoperability constraints that may exist.
Creating the Logical Design for Network Infrastructure Security This includes designing a public key infrastructure (PKI) using Certificate Services; designing a logical authentication strategy including domain and forest trust relationships; designing security for the network management process, and designing a security update infrastructure for your servers and workstations.
Creating the Physical Design for Network Infrastructure Security This includes designing network infrastructure security such as IPSec and secure DNS implementations ; designing security for wireless networks; and designing user authentication and overall security for Internet Information Services (IIS). Youll also need to understand how to design security for communication between networks, as well as designing security for communication with external organizations. Finally, you should be familiar with designing security for servers that have specific roles, such as domain controllers, network infrastructure servers, file servers, Terminal Servers, and POP3 mail servers.
Designing an Access Control Strategy for Data This exam objectives covers the tasks necessary in designing an access control strategy for directory services, including designing appropriate group structures to assign permissions effectively, analyzing auditing requirements, and creating a strategy for delegating authority within Active Directory. Youll also need to be familiar with strategies for designing an access control strategy for files and folders, as well as the Registry. Some topics here include creating a secure backup and recovery strategy, and implementing the Encrypting File System (EFS).
Creating the Physical Design for Client Infrastructure Security This includes designing a client authentication strategy; designing a security strategy for client remote access; and designing a strategy for securing client computers, including desktop and portable computers.