On-line training course catalogue

Hands-On Lab 2812: Applying Microsoft Security Guidance II

Type of course: Classroom

Course details

Fee	£395
Days	1
Course code	MS2812

We currently do not have public dates scheduled for this course.
If you have a requirement for this course, please contact us for the latest course information.

Print this page | Download as Word document |

Overview

This one-day instructor-led hands-on lab allows students to apply information and guidance that can help in implementing and managing security in a network based on Microsoft Windows and that includes Microsoft Exchange Server, Microsoft Internet Security and Acceleration (ISA) Server 2004 or Microsoft Identity Integration Server 2003.

Attendees will be current IT professionals with experience using Microsoft Windows 2000 Server or Microsoft Windows Server 2003 and with knowledge of security concepts including firewalls, virtual private networks, encryption, and identity management. The students will be in an environment where they are responsible for aspects of security management and deployment associated with their internal network infrastructure and Internet or intranet services.

Prerequisites

The target audience must have good baseline IT skills, because the concepts presented in these labs will build on their current experience.

Delegates will learn how to

• Implement secure access to Internet resources.
• Implement secure Internet client access to an organization’s internal servers.
• Implement secure VPN access to an organization’s internal network.
• Monitor ISA Server 2004.
• Analyze an Exchange server by using the Microsoft Baseline Security Analyzer (MBSA) and Exchange Best Practices Analyzer, and update the security configuration based on the analysis.
• Configure Exchange Server to secure SMTP messages by using Secure Sockets Layer/Transport Layer Security (SSL/TLS).
• Configure Exchange Server 2003 to reduce the amount of unwanted e-mail by using Real Time Block List.
• Implement Exchange Intelligent Message Filter.
• Implement certificate authentication on an OWA Web site.
• Configure ISA Server to secure client connections to Exchange Server.
• Configure ISA Server to secure SMTP messages.
• Encrypt communication between network clients by using IPSec.
• Configure MIIS 2003 to provide identity integration and provisioning.
• Implement identity integration by using MIIS.
• Implement user account provisioning with MIIS.
• Implement identity changes and deprovisioning by using MIIS.
• Manage passwords by using MIIS.

Course Outline

Lab 1: Securing the Perimeter Using ISA Server 2004

• Exercise 1 – Implementing Internet Access with ISA Server 2004 Exercises
• Create a new access rule
• Test for connectivity under a new access rule
• Create a new Computer Set rule element
• Deny access to restricted computers
• Exercise 2 – Implementing Web Publishing with ISA Server 2004 Exercises
• Create a new Web listener
• Test the configuration of a new Web listener
• Configure link translation
• Exercise 3 – Implementing VPN Client Access on ISA Server 2004 Exercises
• Enable VPN client access
• Configure VPN connection settings
• Configure user account settings to allow remote access
• Create an access rule to allow VPN connections
• Exercise 4 – Monitoring ISA Server 2004 Exercises
• Examine alert definitions
• Create a connectivity verifier
• Start a new online mode log query
• Create a filter definition for online mode logging

Lab 2: Exchange Server Security

• Exercise 1 – Analyzing and Configuring Exchange Server Security Exercises
• Examine Exchange Server security using MBSA
• Examine Exchange Server security using Best Practices Analyzer Tool
• Disable SMTP relaying
• Disable Network News Transfer Protocol (NNTP) and Microsoft Exchange MTA Stacks service
• Exercise 2 – Securing SMTP Messages with SSL/TLS Exercises
• View captured network packets by using Network Monitor
• Create a new SMTP virtual server to support SSL and TLS
• Configure the POP3 virtual server to require SSL
• Configure an SMTP connector
• Configure the default SMTP virtual server by using Internet Information Services (IIS) Manager
• Exercise 3 – Implementing Real-Time Block List Support Exercises
• Configure the Domain Name System to simulate a Real-Time Block List (RBL) provider
• Add a new RBL provider
• Enable the SMTP connection filter
• Exercise 4 – Implementing Exchange Server Intelligent Message Filter Exercises
• Set minimum Intelligent Message Filter (IMF) blocking standards
• Configure Performance Monitor to identify Spam Confidence Level (SCL) ratings
• Configure the IMF SCL threshold
• Configure the IMF Gateway Blocking Configuration threshold

Lab 3: Securing Exchange Server Using ISA Server 2004 and IPSec

• Exercise 1 – Implementing Certificate Authentication for OWA Exercises
• Configure IIS to require SSL on virtual directories
• Create a new URL set
• Request a certificate
• Configure a Web listener to accept client certificates
• Create an OWA mail server publishing rule
• Exercise 2 – Configuring ISA Server to Secure Client Access to Exchange Server Exercises
• Create a mail server publishing rule
• Install the RPC over HTTP proxy network service
• Configure the RPC virtual directory
• Configure an RPC back-end server
• Configure the SSL Web listener
• Create a secure Web publishing rule
• Configure Outlook to use RPC over HTTP
• Exercise 3 – Implementing SMTP Message Security Exercises
• Configure the SMTP firewall policy
• Configure the SMTP message screener
• Configure the Exchange IMF
• Verify that ICF is blocking access to TCP ports
• Use Group Policy to enable ICF
• Exercise 4 – Implementing IPSec to Secure Network Traffic Exercises
• Configure a Microsoft Active Directory Organizational Unit (OU) to request IP security
• Configure client computers to respond to IPSec requests
• View IPSec Active Policy details by using the IP Security Monitor

Lab 4: Identity and Access Management

• Exercise 1 – Configuring MIIS to Provide Identity Integration and Provisioning Exercises
• Create a management agent by using Identity Manager
• Create direct import attribute flow mappings
• Create advanced attribute mappings
• Import a management agent to connect Active Directory to the MIIS Connector space
• Configure a Full Import run profile
• Configure a Delta Synchronization run profile
• Configure an Export run profile
• Configure a Metaverse object deletion rule
• Exercise 2 – Implementing Identity Integration Using MIIS Exercises
• Stage objects from Microsoft SQL Server database into MIIS connector space
• Investigate staged operations using Search Connector Space and Preview
• Project user objects from connector space to the Metaverse
• Verify attribute sources using Metaverse Search
• Exercise 3 – Enabling Provisioning with MIIS Exercises
• Configure extensions to enable Metaverse rules extension
• Provision accounts into the Active Directory connector space
• Exercise 4 – Implementing Identity Changes and Deprovisioning Using MIIS Exercises
• Implement Run profiles to synchronize modifications with the Metaverse
• Implement Run profiles to synchronize modifications with Active Directory
• Exercise 5 (If Time Permits) – Managing Passwords Using MIIS 2003 Exercises
• mport a management agent to connect to an extranet domain
• Execute the Full Import and Synchronization run profiles
• Configure MIIS management agents for password management