On-line training course catalogue

Applying Microsoft Security Guidance III

Type of course: Classroom

Course details

Fee	£395
Days	1
Course code	MS2813

We currently do not have public dates scheduled for this course.
If you have a requirement for this course, please contact us for the latest course information.

Print this page | Download as Word document |

Overview

This one-day, instructor-led, hands-on lab allows students to apply information and guidance that can help in implementing and managing security in a network based on Microsoft Windows and that includes Microsoft Exchange Server, Microsoft Internet Security and Acceleration (ISA) Server 2004, Microsoft Windows Rights Management Services (RMS), or Certificate Services.

Attendees will be current IT professionals with experience using Microsoft Windows 2000 Server or Microsoft Windows Server 2003 and with knowledge of security concepts including firewalls, virtual private networks (VPNs), encryption, and rights management. The students will be responsible for aspects of security management and deployment associated with their internal network infrastructure and Internet or intranet services.

Prerequisites

These labs require that you meet the following prerequisites:

• Hands-on experience with Windows 2000 or Windows Server 2003
• Experience with Active Directory and Group Policy
• Basic understanding of Windows authorization and authentication concepts
• Working knowledge of Internet protocols, including POP3, IMAP4, SMTP, and HTTP
• Basic understanding of public key infrastructure (PKI) concepts and technologies

Delegates will learn how to

• Help protect e-mail messages using S/MIME signing and encryption.
• Manage e-mail attachment security using the Outlook Security Template.
• Increase security for Microsoft Office Outlook 2003 by using remote procedure call (RPC) over HTTP(S).
• Enhance security for Outlook Web Access (OWA) connections.
• Install Rights Management Services (RMS) and understand the provisioning and enrollment process for the RMS server.
• Install and activate the RMS client component to protect Microsoft Office 2003 documents and Outlook 2003 e-mail messages.
• Perform administrative tasks such as deploying custom rights policy templates and troubleshooting client configurations using the RMS Administration Toolkit.
• Sub-enroll and provision licensing servers to provide a distributed RMS infrastructure.
• Implement a VPN solution that incorporates L2TP/IPSec and Network Access Quarantine.
• Configure the remote access polices for VPN to support L2TP and PPTP remote access connections. You will also learn how to configure Certificate provisioning to support L2TP VPN connections.
• Implement VPN Network Quarantine: configure a remote access policy for network quarantine and implement the Remote Access Quarantine Service.
• Configure and deploy a Connection Manager profile for use with VPN Network Quarantine.
• Install and configure a stand-alone Root Certification Authority (CA).
• Install and configure a subordinate Enterprise CA.
• Configure custom certificate templates, and deploy certificates using autoenrollment.
• Increase security for e-mail communication and Web-site authentication by using digital certificates.

Course Outline

Lab 1: Implementing Messaging Security for Exchange Server Clients

• Exercise 1 – Protecting E-Mail Messages Using S/MIME Signing and Encryption
• Configure Certificate Services.
• Obtain a digital certificate to be used for S/MIME.
• Send and receive a digitally signed e-mail message.
• Send and receive an encrypted e-mail message.
• Test OWA functionality with signed and encrypted e-mail, and install the S/MIME Control.
• Exercise 2 – Customizing Outlook Security Settings Using the Outlook Security Template
• Install and configure the Outlook Security Template.
• Modify the default security settings to block specific attachments from within Outlook 2003.
• Exercise 3 – Securing Remote Outlook 2003 Connections Using RPC Over HTTPS
• Install the RPC over HTTP Proxy network service.
• Configure the RPC back-end server.
• Configure ISA Server 2004 to listen for traffic destined for the RPC over HTTP service on the Exchange server.
• Configure Outlook to use RPC over HTTPS to connect to the Exchange server.
• Exercise 4 – Securing Outlook Web Access Connections
• Configure OWA to require Secure Sockets Layer (SSL).
• Configure ISA Server 2004 to provide secure access to OWA.
• Enable OWA to use forms-based authentication.
• Install the Outlook Web Access Administration tool.

Lab 2: Protecting Data Using Rights Management Services

• Exercise 1 – Installing and Provisioning Windows Rights Management Services
• Install Windows RMS.
• Use the Windows RMS Administration Web page to begin the RMS Provisioning process.
• Enroll the RMS server, and request a new server licensor certificate (SLC).
• Import the SLC (ServerCert.xml) to complete the enrollment process.
• Register the RMS service connection point.
• Exercise 2 – Installing and Activating an RMS Client to Protect Microsoft Office Files and E-Mail Messages
• Install the RMS client.
• Protect a Microsoft Office Word 2003 document using rights management.
• Protect an Outlook 2003 e-mail message using rights management.
• Install and configure the Information Rights Management Add-on for Internet Explorer.
• Open a rights-protected document using Microsoft Internet Explorer and the Information Rights Management Add-on for Internet Explorer.
• Exercise 3 – Administering an RMS Deployment
• Create a custom rights policy template.
• Distribute the custom rights policy template.
• Use the IRMCheck tool to obtain information about the RMS client.
• Use the GetRMScp tool to verify that the service connection point can be located from the client.
• Use the RMS Log Viewer to view RMS-related events.
• Exercise 4 – Sub-Enrolling Additional Licensing Servers
• Configure permissions on the Certification pipeline.
• Install Windows RMS.
• Access the Windows RMS Administration Web page to begin the RMS Provisioning process.
• Verify the configuration of the sub-enrolled licensing server.
• Remove the modified permissions on the Certification pipeline.

Lab 3: Improving Remote Access Security

• Exercise 1 – Configuring Network Services to Support VPN Security
• Install and configure Internet Authentication Services.
• Configure Certificate Services.
• Configure Routing and Remote Access (RRAS).
• Install the Connection Manager Administration Kit (CMAK).
• Exercise 2 – Configuring VPN Remote Access Policy and Certificate Provisioning
• Create a remote access policy for L2TP/IPSec VPN connections.
• Create a remote access policy for PPTP VPN connections.
• Configure Active Directory for autoenrollment of certificates.
• Create and issue certificate templates for L2TP/IPSec VPN access.
• Configure the Certification Authority to issue the new certificates.
• Exercise 3 – Implementing VPN Network Quarantine
• Create a remote access policy for network quarantine.
• Install the Network Access Quarantine Service.
• Exercise 4 – Creating the Quarantine Connection Manager Profile
• Create a new Connection Manager Profile using CMAK.
• Add custom actions to the Connection Manager profile to perform quarantine policy checks for VPN users.
• Connect to the VPN, and verify that a network client is now compliant with the company security policy.

Lab 4: Deploying a Windows Public Key Infrastructure

• Exercise 1 – Creating a Certification Authority Hierarchy
• Configure a CAPolicy.inf file.
• Install a stand-alone root CA.
• Define CRL and AIA Publication Settings.
• Publish the CRL and CA certificate to Active Directory directory service.
• Exercise 2 – Implementing a Subordinate Enterprise CA
• Install Certificate Services as a subordinate Enterprise CA.
• In the Certification Authority console, request a new certificate by using the request.req request file.
• Use the PKI Health Tool to verify that the offline root CA’s CDP and AIA extensions are properly configured.
• Exercise 3 – Deploying Certificates to Secure E-Mail
• Create the Autoenrollment Group Policy object, and link it to the domain.
• Create an S/MIME signing certificate template.
• Create an S/MIME encryption certificate template.
• Configure the CA to issue the S/MIME certificates.
• Send and receive a digitally signed and encrypted e-mail message.
• Exercise 4 – Securing Web Sites Using SSL Encryption
• Enable SSL on the default Web site.
• Configure authentication for a Web site.
• Enable certificate mapping for a Web site.