Designing a Secure Microsoft Windows 2000 Network =Microsoft Windows 2000 网络安全设计 /

Contents
lntrod uction
InstructOr Notes
Introduction
Course Materials
Prerequisites
Course Outline
Course Outline continued
Course Outline continued
Course Outline continued
Course Outline continued
Microsoft Official Curriculum
Microsoft Certified Professional Program
Facilities
Module 1: Assessing Security Risks
Instructor Notes
Overview
Identifying Risks to Data
Identifying Risks to Services
Identifying Potential Threats
Introducing Common Security Standards
Planning Network Security
Review
ModuIe 2:lntroducing Windows 2000 Security
Instructor Notes
Overview
Introducing Security Features in Active Directory
Authenticating User Accounts
Securing Access to Resources
Introducing Encryption Technologies
Encrypting Stored and Transndtted Data
Introducing Public Key Infrastructure Technology
Review
ModuIe 3: Planning Administrative Access
Instructor Notes
Overview
Detendning the Appropriate Adndnistrative Model
Designing Adndnistrative Group Strategies
Planning Local Adndnistrative Access
Planning Remote AdIninistrative Access
Lab A: Planning Secure Adndnistrative Access
Review
Module 4: Planning User Accounts
Instructor Notes
Overview
Designing Account Policies and Group Policy
Planning Account Creation and Location
Planning Delegation of Authority
Auditing User Account Actions
Lab A Planning a Securitybased OU Structure
Review
Module 5: Secuing Windows 2000based Computers
Instructor Notes
Overview
Planning Physical Security fOr Windows 2000based Computers
Evaluating Security Requirements
Designing Security Configuration Templates
Lab Af Analyzing a Security Template
Evaluating Security Configuration
Deploying Security Configuration Templates
Lab B: Designing Custondzed Security TemPlates
Review
ModuIe 6:Securing FiIe and Print Resources
Instructor Notes
Overview
Exandning Windows 2000 File System Security
Protecting Resources Using DACLs
Encrypting Data Using EFS
Lab A:Managing EFS Recovery Keys
Auditing Resource Access
Securing Backup and Restore Procedures
Protecting Data frOm Viruses
Lab B Planning Data Security
Review
ModuIe 7: Securing Cmmunication Channels
Instructor Notes
Overview
Assessing Network Data Visibility Risks
Designing ApplicationLayer Security
Designing IPLayer Security
Deploying Network Traffic Encryption
Lab A: Planning Transndssion Security
Review
ModuIe 8:Providing Secure Access to NonMicrosoft CIier
Instructor Notes
Overview
Providing Secure Network Access to UNIX Clients
Providing Secure Network Access to NetWare Clients
Providing Secure Access to Macintosh Clients
Securing Network Services in a Heterogeneous Network
Monitoring for Security Breaches
Lab A: Securing Telnet Transndssions
Review
ModuIe 9: Providing Secure Access to Remote Users
Instructor Notes
Overview
Identifying the Risks of Providing Remote Access
Designing Security fOr DialUp Connections
Designing Security for VPN Connections
Centralizing Remote Access Security Settings
Lab A: Using RADIUS Authentication
ModuIe 10: Providing Secure Access to Remote Offices
Instructor Notes
Overview:
Defining Private and Public Networks
Securing Connections Using Routers
Securing VPN Connections Between Remote Offices
Identifying Security Requirements
Lab A: Planning Secure Connections for Remote Offices
Review
Module 11:Providing Secure N6tWork Access to lnternot Users
InstructOr NotCs t
Overview t
Identifying POtential Risks from the Intemet
Using Firewalls to Protect Network Resources
Using Screened Subnets to Protect Network Resources
Securing PUblic Access tO a Screened Subnet
Lab A: Designing a Screened Subnet
Review
ModuIe 12:Providing Secure lnt6rn6t Access to NatWork Users
Instructor NotCs
Overview*
Protecting Internal Network Resources
Planning Intemet Usage Policies
Managing lntemet Access Thrugh boxy Server Configuration
Managing Intemet Access Thrugh Clientside Configuration
Lab Af Securing the Intemal Network When Accessing the Internet
Review t
MQdule 13: Extending the NetWork to Partner Organizations
Instfuctor Notes
Overview
PrOviding Access to Partner Organizations
Securing Applications Used by Pedners
Securing Connections Used by Remote Partners
Smicturing Active DirectOry to Manage Patner Accounts
Authenticating Pwtners from Trusted Domains
Lab A: Planning Partner Connectivity
Review
Instructor Notes
Overview
Introducing a Public Key Infrastructure
Using Certificates
Exandning the Certificate Life Cycle
Choosing a Certification Authority
Planning a Certification Authority Hierarchy
Mapping Certificates to User Accounts
Managing CA Maintenance Strategies
Lab A: Using Certificatebased Authentication
Review
Module 15:DeveIoping a Security PIan
InstructOr Notes
Overview
Designing a Security Plan
Defining Security Requirements
Maintaining the Security Plan
Lab A: Developing a Security Plan
Review
Appendix A:SSL Port Assignments
Appendix B:Acceptable lnternet Use Policy
Appendix C:lnternet Explorer Security Settings