Students should bring their own network ready laptops (with CD) preferably running Windows XP and an open mind. A CD will be provided with reference material, sample code, and utilities. Where possible, students should pre-install VMWare images of Win2k and associated software applications should they wish to participate in and experiment with “live” configuration changes.

This course covers a substantial amount of material for many different Microsoft applications and technologies in relatively short period of time. Students should expect a wide range of topics and a quick pace.

CLOSED

New and Improved! This training session now includes elements of Windows 2003 Server security and configuration, and a first look at “Titanium,” the Exchange Server 2003 beta.

The key to securing a Microsoft infrastructure is to build security into the foundation. When properly configured, the Microsoft suite of technologies can be deployed to provide highly available, reliable, and secure network services.

This intensive two-day course will take you on a journey through the full deployment cycle of the most common Microsoft products, stopping along the way to sniff the packets and secure the route less traveled. If you make it to the end of Day Two in one piece, you will be prepared to snatch the pebble from the Master's palm.

Day One: Infrastructure

• Win2k / Win2k3 Domain Controllers
  • Active Directory Domains and Forests
    
  • Server Role Wizards (Win2k3)
  • New RRAS Options and Basic Firewall (Win2k3)
  • Sites and Services
  • Group Policy and Organizational Units
  • Certificate Services
  • Terminal Services
• Client Configuration
  • Leveraging XP Pro Clients
  • Security Policies
  • System Restrictions
  • Software Restrictions
  • Encryption and IPSec
• Exchange 2000 / Titanium
  • Setup and Configuration
  • Default protocols: HTTP, SMTP, POP3, IMAP
  • Multiple sites
  • OWA (HTTPS/HTTP)
  • OWA 2003/Front and Backend Servers
• SQL Server 2000
  • Setup and Configuration
  • Authentication Modes
  • SQL Server/Agent Service Security Contexts
  • Client/Process data access and best practices
  • Auditing Tools
• IIS 5 / IIS 6
  • Setup and Configuration
  • ISAPI extensions and application mapping
  • HTTPS Configuration and Certificates
  • IIS Lockdown / URL Scan
  • Secure ASP Development and Auditing Tools
  • IIS 6.0 Security Overview and Default Configurations

Day Two: Deploying Internet Services

• ISA Server
  • Setup and Configuration
  • Packet Filters and Protocol Rules
  • Policy Elements (Address Sets, Authentication, Schedules)
  • Application Filters
  • Web, Firewall and Secure NAT Clients
• Publishing Services
  • Web Publishing
  • Publishing Exchange Services (SMTP, POP3, etc)
  • 3rd Party SMTP Gateway Solutions and Filtering
  • Publishing Multiple OWA Sites Securely
  • Feature Pack 1 enhancements
  • Publishing Terminal Services, Alternate Port Configuration, and TS Web
• Remote Access
  • RAS and Routing Service Configuration
  • Client VPN Setup
  • Point-to-point ISA VPN Servers

Note that aspects of Day Two, “Deploying Internet Services” may be integrated into Day One’s “Infrastructure” material as required where relevant.

Timothy Mullen is CIO and Chief Software architect for AnchorIS.Com, a developer of secure enterprise-based accounting solutions.  Mullen is also a columnist for Security Focus' Microsoft Focus section, and a regular contributor of InFocus technical articles.  A.k.a. Thor, he is the founder of the "Hammer of God" security co-op group.