In this book, we have tried to follow Microsofts exam objectives as closely as possible. However, we have rearranged the order of some topics for a better flow, and included background material to help you understand the concepts and procedures that are included in the objectives. Following is a brief synopsis of the exam topics covered in each chapter:
Chapter 1 Designing a Secure Network Framework: We begin the 70-298 exam with a look at analyzing a companys business requirements for securing its network and data. This includes examining existing security policies and procedures, includinh technical elements such as analyzing security requirements for different kinds of data. This chapter will also look at some of the common attacks that an enterprise network might face, and what motivates both internal and external attackers . Finally, well look at the some of the challenges created by interoperability concerns in a heterogeneous network, since real-world security planning will often require you to integrate earlier Microsoft operating systems into your design scheme, as well as non-Microsoft and third-party systems and services.
Chapter 2 Securing Servers Based on Function: Youll learn how to secure servers in a consistent manner once youve configured one or more machines to fulfill a specific role on your network, as there are a number of security enhancements that can benefit domain controllers, Web servers, network infrastructure servers and file servers.. Well talk about Security Templates as a way to apply consistent security settings to an entire network, or to a subset of computers or servers. Well then talk about Group Policy Objects (GPOs) and scripting techniques as a way to quickly deploy common security settings and templates across an entire network.
Chapter 3 Designing a Secure Public Key Infrastructure: This chapter discusses one of the biggest challenges in doing business on the Internet: how to verify someones identity so that you can transmit confidential information to them. A popular solution to this challenge is the Public Key Infrastructure, or PKI. PKI provides a way for one to verify the identity of another, and for consumers to be sure that a company theyre doing business with is really who it claims to be. Well talk about common implementations of PKI, as well as its specific uses within Windows Server 2003, Certificate Services. This service provides the basis for IP Security (IPSec), Secure Sockets Layer (SSL) communication on a Web server, and the Encrypted File System (EFS) to secure files and folders stored on file shares.
Chapter 4 Securing the Network Management Process: We begin with a discussion of how to secure the administrative process, including utilities such as Telnet, Remote Desktop and Emergency Management Services. Well also look at strategies for applying security updates efficiently within an enterprise network, using tools like the Microsoft Baseline Security Analyzer (MBSA) and the Software Update Service (SUS). Well finish with a discussion of designing a domain and forest trust model in Windows Server 2003 that will provide appropriate access for your network users without becoming a security risk or an administrative nightmare. Well focus on how to design the domain and forest to provide the best possible security in a number of different scenarios, including enterprises that are supporting down-level or non-Microsoft clients and services.
Chapter 5 Securing Network Services and Protocols: We discuss options within Windows Server 2003 for securing data as it traverses a network, especially the IPSec protocol. Well take a look at the inner workings of IPSec, and how to implement it within an enterprise environment. Well also look at ways to secure the Domain Naming System (DNS) service, another common point of attack on a modern network. Last, well look at ways to secure wireless network traffic. Well talk about at some common vulnerabilities of wireless transmissions, and ways to design a secure wireless LAN for your organization.
Chapter 6 Securing Internet Information Server (IIS): Well discuss user authentication within IIS to protect your users and customers privacy and personal information. Well look at the various types of authentication offered by IIS 6.0, including Certificate Authentication, Integrated Windows logons , and RADIUS authentication using Internet Authentication Server, or IAS. After that, we focus on other aspects of securing Internet Information Services. We look at some common attack vulnerabilities for Web servers in general and IIS servers in particular, and then move on to finding ways to address these concerns for a single server or a large server farm. Some of these strategies include hardening the IIS installation and designing an effective monitoring plan so that you can respond to security incidents in a timely fashion. Well close with a look at securing the process of actually updating Web content itself to secure against the public embarrassment of Web defacement or inadvertent information disclosure.
Chapter 7 Securing VPN and Extranet Communications: We take a look at the the remote connectivity services and applications available in Windows Server 2003. Depending on your connectivity needs, Windows Server 2003 can actually function as a basic router, using either the Routing Information Protocol or the Open Shortest Path First algorithm. We then discuss in detail use of Windows Server 2003 as a Virtual Private Network, or VPN. Server 2003 to ensure that all traffic is sufficiently encrypted, and to control the use of company resources for VPN usage. Some topics include the use of Remote Access Policies to control aspects of the VPN connection process, accepting or rejecting connections based on user authentication, connection type, time of day, and the like. This chapter focuses on the best ways to design and deploy Windows Server 2003 VPN technologies to provide remote access without sacrificing the overall integrity of the corporate network data and resources.
Chapter 8 Securing Active Directory: Youll learn to secure the directory that houses your user database information, to understand potential risks to Active Directory, and to design your user accounts in a secure fashion. In addition, well go over the use of security countermeasures such as Account and Password policies to keep the Active Directory database safe. Well also discuss the use of auditing to ensure that no unauthorized user activity or other potential security incidents are taking place. We close Chapter 8 with a discussion of the best ways to assign user permissions to network resources and data.
Chapter 9 Securing Network Resources: Well look some common risks that can affect file shares, such as data corruption caused by viruses or security breaches arising from incorrectly assigned permissions. Then well look at ways to design a permission structure for the files and folders in a large, multi-server environment, as well as best practices for securing the Windows Registry. Then well talk about the Encrypted File System, which combines public key cryptography with 3DES encryption to allow users and administrators to extend file security beyond NTFS permissions. The last topic well talk about here is designing a secure backup and recovery strategy for your network resources. Well look at ways to secure the backup process itself, including physically securing backup media, and assigning rights and permissions to perform backups and restores in a secure manner.
Chapter 10 Securing Network Clients: Well spend some time examining the ways to maintain the overall security of the workstations on your network, including ways to secure the client operating system and maintain and enforce virus protection and patch management for all of your users. Well also look at client authentication, ways to improve the security of your user accounts, and how to select the best authentication protocols to fit the needs of your enterprise. Well also go over ways to enforce that choice throughout your network through tools such as Group Policy. Finally, well talk about creating a secure remote access plan for your end-users, and close with a discussion of Internet Authentication Service, Windows Server 2003s implementation of the RADIUS standard.