M2830
Designing Security for Microsoft Networks
Microsoft Certified Systems Engineer (MCSE):
Windows Server 2003 M2830 70-298
Course Title: Designing Security for Microsoft Networks
Course Code: M2830
Version: B
Level: 300
Duration: 3 Days
Course Overview
The Managing and Maintaining a Microsoft Windows Server 2003 Environment M2830 instructor-led training course has been designed to provide candidates with the skills and knowledge required to design a secure network infrastructure. Topics include assembling the design team, modelling threats, and analysing security risks in order to meet business requirements for securing computers in a networked environment. The course encourages decision-making skills through real-life scenarios that the target audience may encounter. Candidates are given the task of collecting the information and sorting through the details to resolve the given security requirement.Target Audience
Candidates who should consider attending the M2830 Microsoft training course are IT system engineers and security specialists who are responsible for establishing security policies and procedures for an organisation. Candidates should have one to three years of experience designing related business solutions.Course Objectives
On successfully completing the M2830 course candidates will be able to:- Plan a framework for network security
- Identify threats to network security
- Analyse security risks
- Design security for physical resources
- Design security for computers
- Design security for accounts and services
- Design security for authentication
- Design security for data
- Design security for data transmission
- Design security for network perimeters
- Design an incident response procedure
- Designing an acceptable use policy
- Designing policies for managing networks
- Designing an operations framework for managing security
Course Prerequisites
Candidates attending the M2830 Microsoft training course should be robustly familiar with Windows Server 2003 core technologies, such as those covered in course M2273: Managing and Maintaining a Microsoft Windows Server 2003 Environment.Candidates should be robustly familiar with Windows Server 2003 networking technologies and implementation, such as those covered in courses M2276: Implementing a Microsoft Windows Server 2003 Network Infrastructure: Network Hosts, M2277: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services, and M2278: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure.
Finally, candidates should be robustly familiar with Windows Server 2003 directory services technologies and implementation, such as those covered in course M2279: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Testing and Certification
The M2830 Microsoft training course is the recommended preparation for the 70-298 Designing Security for a Microsoft Windows Server 2003 Network exam.Course Content
Module 1: Introduction to Designing SecurityIn this module candidates will learn about the basic framework for designing network security and key concepts used throughout the course. The module also introduces a fictional organisation which the labs in the course use as an on-going case study.
Lessons:
- Introduction to Designing Security for Microsoft Networks
- Contoso Pharmaceuticals: A Case Study
- Provide an overview of designing security for Microsoft networks
- Describe the components of the case study for this course
Module 2: Creating a Plan for Network Security
In this module candidates will learn about the importance of security policies and procedures in a security design, and how a security design team must include representation from various members of the organisation. The module also introduces the Microsoft Solutions Framework (MSF) process model, which provides a comprehensive framework that can be used to create a security design.
Lessons:
- Introduction to Security Policies
- Designing Security by Using a Framework
- Creating a Security Design Team
- Identifying Reasons Why Security Policies Fail
- Determining the Members of a Security Design Team
- Describe common elements of security policies and procedures
- Create a security design framework by using the MSF process model
- Create a security design team
Module 3: Identifying Threats to Network Security
In this module candidates will learn how to identify possible threats to a network and understand common motivations of attackers. The module introduces the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) threat model as an effective way to predict where threats may occur in an organisation.
Lessons:
- Introduction to Security Threats
- Predicting Threats to Security
- Identifying and Categorising Threats by Using a Threat Model
- Documenting Security Threats
- Explain common network vulnerabilities and how attackers can exploit them
- Predict threats to security by using a threat model
Module 4: Analysing Security Risks
In this module candidates will learn how to determine what resources in an organisation require protection and how to prioritise those resources based on their value. Candidates will then develop a risk management plan, based on the MOF risk model, to identify and analyse risks proactively and to determine an appropriate level of protection for each resource.
Lessons:
- Introduction to Risk Management
- Creating a Risk Management Plan
- Applying Quantitative and Qualitative Risk Analysis
- Explain the purpose and operation of risk management
- Create a risk management plan
Module 5: Designing Physical Security for Network Resources
In this module candidates will learn how to determine threats and analyse physical risks to resources in an organisation. The module then covers how to design security for facilities, computers, mobile devices, and hardware. Candidates will also learn about implementing disaster recovery as a way to protect physical resources. The module focuses on physical access to resources and how to protect them and other modules will focus on access to data and how to protect it.
Lessons:
- Creating a Plan for Physical Security
- Creating a Design for Physical Security of Network Resources
- Identifying Potential Physical Vulnerabilities
- Implementing Countermeasures
- Create a plan for physical security
- Create a design for physical security of network resources
Module 6: Designing Security for Network Hosts
In this module candidates will learn how to determine threats and analyse risks to network hosts in an organisation. The module also covers how to design security for network hosts throughout their life cycles, from initial purchase to decommissioning.
Lessons:
- Creating a Security Plan for Network Hosts
- Creating a Design for the Security of Network Hosts
- Identifying Vulnerabilities When Applying Security Updates
- Identifying Vulnerabilities When Decommissioning Computers
- Create a security plan for network hosts
- Create a design for the security of network hosts
Module 7: Designing Security for Accounts and Services
In this module candidates will learn how to determine threats and analyse risks to accounts and services in an organisation. Candidates will also learn how to design security for accounts and services, including determining security requirements, creating policies, and designing strategies to manage security.
Lessons:
- Creating a Security Plan for Accounts
- Creating a Security Plan for Services
- Creating a Design for Security of Accounts and Services
- Identifying Potential Account Vulnerabilities
- Applying Countermeasures
- Create a security plan for accounts
- Create a security plan for services
- Create a design for security of accounts and services
Module 8: Designing Security for Authentication
In this module candidates will learn how to determine threats and analyse risks to authentication. The module covers how to design security for authenticating local users, remote users, and users who access a network across the Internet. Candidates will also learn when to choose multifactor authentication for additional security.
Lessons:
- Creating a Security Plan for Authentication
- Creating a Design for Security of Authentication
- Identifying Potential Authentication Vulnerabilities
- Applying Countermeasures
- Create a security plan for authentication
- Create a design for security of authentication
Module 9: Designing Security for Data
In this module candidates will learn how to determine threats and analyse risks to data in an organisation. The module covers how to design an access control model for files and folders in order to protect data that is stored on network servers, and candidates will also learn about considerations for encrypting and managing data.
Lessons:
- Creating a Security Plan for Data
- Creating a Design for Security of Data
- Identifying Potential Data Vulnerabilities
- Designing Countermeasures
- Create a security plan for data
- Create a design for security of data
Module 10: Designing Security for Data Transmission
In this module candidates will learn how to determine threats and analyse risks to data transmission in an organisation. Candidates will also learn how to design security for various types of data transmission, including traffic on local area networks (LANs), wide area networks (WANs), Virtual Private Networks (VPNs), wireless networks, and the Internet.
Lessons:
- Creating a Security Plan for Data Transmission
- Creating a Design for Security of Data Transmission
- Identifying Potential Data Transmission Vulnerabilities
- Implementing Countermeasures
- Create a security plan for data transmission
- Create a design for security of data transmission
Module 11: Designing Security for Network Perimeters
In this module candidates will learn how to determine threats and analyse risks to network perimeters. The module also covers how to design security for network perimeters, including perimeter networks (also known as DMZs, demilitarised zones, and screened subnets), and for computers that connect directly to the Internet.
Lessons:
- Creating a Security Plan for the Perimeter of a Network
- Creating a Design for Security of Network Perimeters
- Identifying Potential Perimeter Network Vulnerabilities
- Implementing Countermeasures
- Create a security plan for the perimeter of a network
- Create a design for security of network perimeters
Module 12: Responding to Security Incidents
In this module candidates will learn how to limit damage from an attack through early detection and a rapid and orderly response by using Auditing and Incident Response Procedure.
Lessons:
- Introduction to Auditing and Incident Response
- Designing an Audit Policy
- Designing and Incident Response Procedure
- Identifying Potential Vulnerabilities
- Implementing an Incident Response Team
- Implementing an Incident Response Plan
- Describe auditing and incident response
- Design an audit policy
- Design an incident response procedure
Appendices
Appendix A: Designing an Acceptable Use PolicyIn this module candidates will learn information on creating policies for acceptable use of network resources by users.
Lessons:
- Analysing Risks That Users Introduce
- Designing Security for Computer Use
Appendix B: Designing Policies for Managing Networks
In this module candidates will learn guidelines for ensuring that network administrators manage networks in a secure manner.
Lessons:
- Analysing Risks to Managing Networks
- Designing Security for Managing Networks
Appendix C: Designing an Operations Framework to Manage Security
In this appendix candidates will learn how to create a framework to ensure security of a network as the network changes and as the security requirements of the organisation change.
Lessons:
- Analysing Risks to Ongoing Network Operations
- Designing a Framework for Ongoing Network Operations
