Microsoft Security Guidance Training V
Clinic 2808: One day; Instructor-Led
On This Page
 | Introduction |
| Audience |
| At Clinic Completion |
| Prerequisites |
| Microsoft Certification exams |
| Clinic Materials |
| Clinic Outline |
| About Microsoft Clinics |
| Take This Training |
Introduction
This one-day instructor-led clinic builds on existing knowledge of server and client security and provides students with the knowledge and skills to apply best practices to securing Exchange Server clients, protecting e-mail and data content, securing services and critical accounts, and securing administrative accounts and remote access using smart cards.
Audience
Attendees will be current IT professionals with experience using Microsoft Windows 2000 Server or Microsoft Windows Server 2003 and with knowledge of Microsoft Active Directory concepts. Students will also benefit from experience with Microsoft Exchange 2000 or Exchange Server 2003. The students will be in an environment where they are responsible for aspects of security management and deployment associated with their internal network infrastructure and Internet or intranet services.
At Clinic Completion
After completing this clinic, students will be able to:
| • | List challenges related to message security. |
| • | Compare commonly employed methods used to secure and protect e-mail content, such as S/MIME and Information Rights Management. |
| • | Compare commonly employed methods used to secure client access to Exchange Server, such as RPC over HTTP and publishing Exchange Server services by using Internet Security and Acceleration (ISA) Server 2004. |
| • | Configure Outlook 2003 to improve security, by implementing features such as attachment security. |
| • | Compare forms-based authentication, SSL, and S/MIME as methods for securing Outlook Web Access. |
| • | Identify challenges and benefits to protecting confidential information. |
| • | Identify and explain the components and prerequisites needed to implement a Rights Management Services infrastructure. |
| • | Explain the process of key generation, distribution, and management. |
| • | Highlight implementation best practices for both server and client scenarios |
| • | Review and demonstrate the administrative and configuration tasks associated with Rights Management on the server. |
| • | Understand the challenges faced with securing service and critical accounts. |
| • | Explain the types of accounts used to run services. |
| • | Understand how to plan for service-account security. |
| • | Understand how to run services securely by determining current service-security status and then implementing least privilege for service deployment. |
| • | Explain how to secure administrative accounts by using Microsoft best practices. |
| • | Identify common security challenges and benefits of using multifactor authentication. |
| • | Identify and evaluate prerequisites and hardware needed to implement a multifactor authentication strategy using smart cards. |
| • | Explain how to use smart cards to secure administrator accounts. |
| • | Explain how to use smart card authentication to secure remote access. |
Prerequisites
Before attending this clinic, students must have:
| • | Hands-on experience with Microsoft Windows 2000 or Microsoft Windows Server 2003 |
| • | Experience with Active Directory and Group Policy |
| • | Basic understanding of Windows authorization and authentication concepts |
| • | Working knowledge of Internet protocols including POP3, IMAP4, SMTP, and HTTP |
| • | Basic understanding of PKI concepts and technologies |
Microsoft Certification exams
No Microsoft Certification exams are associated with this clinic currently.
Clinic Materials
The student kit includes comprehensive notes supporting the topics discussed.
Clinic Outline
Implementing Messaging Security for Exchange Server Clients
It is as important to provide security for the clients of Exchange Server 2003 as it is to secure the server itself. Providing security for the clients of Exchange Server includes ensuring that messages can be read only by the intended recipients. By definition, providing client security covers a range of situations involving any local or remote Exchange Server client connecting directly to your messaging environment to send or receive messages. This session provides information about solutions such as S/MIME and Information Rights Management to protect e-mail content. RPC over HTTP is also discussed as a solution to help secure client connections to Exchange Server 2003 connecting over the Internet. The session concludes with a discussion about how to control access to e-mail attachments and how to manage and secure Outlook Web Access.
Topics
| • | Implementing Message Security |
| • | Configuring Secure Client Access to Exchange Server |
| • | Understanding Additional Outlook 2003 Security Features |
| • | Securing Outlook Web Access |
Protecting Information with Microsoft Windows Rights Management Services
Protecting confidential data and intellectual property is a strong priority within many organizations. Many organizations have a need to protect sensitive information such as e-mail, internal documents, and Web content. The goal of implementing a rights management solution is to protect this information and define exactly who can open, read, copy, modify or redistribute the content. This session discusses the various processes that take place during RMS server provisioning, client installation and activation, and the protection and consumption of data. The session also introduces best practices for providing availability and scalability within the RMS environment.
Topics
| • | Introduction to Managing Digital Information |
| • | Understanding Rights Management Services |
| • | Planning Considerations for RMS Deployments |
| • | Administering an RMS Infrastructure |
Securing Services and Critical Accounts
Many organizations implement network services or applications that require the use of a service account. Unfortunately, service accounts are often configured to run with the highest possible privileges, often resulting in membership within the domain administrators group. If these service accounts are compromised, an attacker may be able to gain full and unrestricted access to the computer, domain, or entire forest. It is important that you understand how to configure service accounts to only the level of privilege necessary to support the application or network service. The goal of this session is to address the common problem of Windows services that are set to run with the highest possible privileges, describe ways to identify services that can run with lesser privileges, and how to methodically downgrade those privileges. This session also provides information on securing administrative level accounts.
Topics
| • | Securing Administrator Accounts |
| • | Overview of Service Account Security |
| • | Planning Service Account Security |
| • | Implementing Service Account Security |
Implementing Multifactor Authentication Using Smart Cards
User name and password combinations have typically been used to provide authentication and authorization to network resources. Even though passwords can provide effective security, many users favor convenience to security, so they choose a password that can easily be compromised. To address this issue, multifactor authentication uses a combination of components to provide secure access to network resources. Deploying a smart card solution is an increasingly popular form of multifactor authentication. The primary focus of this session is to address the challenge of securing critical administrator accounts and remote access logon sessions by implementing multifactor authentication using smart card technology.
Topics
| • | Securing Accounts by Using Multifactor Authentication |
| • | Planning the Implementation of Smart Card Authentication |
| • | Using Smart Cards to Secure Administrative Accounts |
| • | Implementing Smart Cards to Secure Remote Access |
About Microsoft Clinics
Microsoft Official Clinic learning products provide students with technical information on Microsoft products or technologies while discussing real-world considerations for their implementation. Clinics highlight features and functionality through product demonstrations.
Take This Training
|