Hands-On Lab 2812: Applying Microsoft Security Guidance II
Clinic 2812—one-day instructor-led hands-on lab or eLearning
On This Page
 | Introduction |
| Audience |
| At Clinic Completion |
| Prerequisites |
| Microsoft Certification exams |
| Hands-On Lab Materials |
| Hands-On Lab Outline |
| About Microsoft Hands-On Labs |
| Take This Training |
Introduction
This one-day instructor-led hands-on lab allows students to apply information and guidance that can help in implementing and managing security in a network based on Microsoft Windows and that includes Microsoft Exchange Server, Microsoft Internet Security and Acceleration (ISA) Server 2004 or Microsoft Identity Integration Server 2003.
Audience
Attendees will be current IT professionals with experience using Microsoft Windows 2000 Server or Microsoft Windows Server 2003 and with knowledge of security concepts including firewalls, virtual private networks, encryption, and identity management. The students will be in an environment where they are responsible for aspects of security management and deployment associated with their internal network infrastructure and Internet or intranet services.
At Clinic Completion
After completing this hands-on lab, students will be able to:
| • | Implement secure access to Internet resources. |
| • | Implement secure Internet client access to an organization’s internal servers. |
| • | Implement secure VPN access to an organization’s internal network. |
| • | Monitor ISA Server 2004. |
| • | Analyze an Exchange server by using the Microsoft Baseline Security Analyzer (MBSA) and Exchange Best Practices Analyzer, and update the security configuration based on the analysis. |
| • | Configure Exchange Server to secure SMTP messages by using Secure Sockets Layer/Transport Layer Security (SSL/TLS). |
| • | Configure Exchange Server 2003 to reduce the amount of unwanted e-mail by using Real Time Block List. |
| • | Implement Exchange Intelligent Message Filter. |
| • | Implement certificate authentication on an OWA Web site. |
| • | Configure ISA Server to secure client connections to Exchange Server. |
| • | Configure ISA Server to secure SMTP messages. |
| • | Encrypt communication between network clients by using IPSec. |
| • | Configure MIIS 2003 to provide identity integration and provisioning. |
| • | Implement identity integration by using MIIS. |
| • | Implement user account provisioning with MIIS. |
| • | Implement identity changes and deprovisioning by using MIIS. |
| • | Manage passwords by using MIIS. |
Prerequisites
The target audience must have good baseline IT skills, because the concepts presented in these labs will build on their current experience.
Microsoft Certification exams
No Microsoft Certification exams are associated with this hands-on lab currently.
Hands-On Lab Materials
The student kit includes a comprehensive workbook and other necessary materials for this class.
Hands-On Lab Outline
Lab 1: Securing the Perimeter Using ISA Server 2004
In this lab, you will implement secure access to Internet resources, implement secure Internet client access to an organization’s internal servers, implement secure virtual private network (VPN) access to an organization’s internal network, and monitor Microsoft Internet Security and Acceleration (ISA) Server 2004.
Exercise 1 – Implementing Internet Access with ISA Server 2004
Exercises
| • | Create a new access rule |
| • | Test for connectivity under a new access rule |
| • | Create a new Computer Set rule element |
| • | Deny access to restricted computers |
Exercise 2 – Implementing Web Publishing with ISA Server 2004
Exercises
| • | Create a new Web listener |
| • | Test the configuration of a new Web listener |
| • | Configure link translation |
Exercise 3 – Implementing VPN Client Access on ISA Server 2004
Exercises
| • | Enable VPN client access |
| • | Configure VPN connection settings |
| • | Configure user account settings to allow remote access |
| • | Create an access rule to allow VPN connections |
Exercise 4 – Monitoring ISA Server 2004
Exercises
| • | Examine alert definitions |
| • | Create a connectivity verifier |
| • | Start a new online mode log query |
| • | Create a filter definition for online mode logging |
Lab 2: Exchange Server Security
In this lab, you will use the tools and obtain the skills needed to analyze a Microsoft Exchange Server 2003 infrastructure and to configure it to be as secure as possible. This lab also shows how to increase the security of e-mail that flows through an organization’s Exchange servers and to other Simple Mail Transfer Protocol (SMTP) servers. Also, this lab shows how to configure Exchange Server 2003 to reduce the amount of unwanted e-mail.
Exercise 1 – Analyzing and Configuring Exchange Server Security
Exercises
| • | Examine Exchange Server security using MBSA |
| • | Examine Exchange Server security using Best Practices Analyzer Tool |
| • | Disable SMTP relaying |
| • | Disable Network News Transfer Protocol (NNTP) and Microsoft Exchange MTA Stacks service |
Exercise 2 – Securing SMTP Messages with SSL/TLS
Exercises
| • | View captured network packets by using Network Monitor |
| • | Create a new SMTP virtual server to support SSL and TLS |
| • | Configure the POP3 virtual server to require SSL |
| • | Configure an SMTP connector |
| • | Configure the default SMTP virtual server by using Internet Information Services (IIS) Manager |
Exercise 3 – Implementing Real-Time Block List Support
Exercises
| • | Configure the Domain Name System to simulate a Real-Time Block List (RBL) provider |
| • | Add a new RBL provider |
| • | Enable the SMTP connection filter |
Exercise 4 – Implementing Exchange Server Intelligent Message Filter
Exercises
| • | Set minimum Intelligent Message Filter (IMF) blocking standards |
| • | Configure Performance Monitor to identify Spam Confidence Level (SCL) ratings |
| • | Configure the IMF SCL threshold |
| • | Configure the IMF Gateway Blocking Configuration threshold |
Lab 3: Securing Exchange Server Using ISA Server 2004 and IPSec
In this lab, you will implement certificate authentication on an Outlook Web Access (OWA) Web site, configure ISA Server to secure client connections to Exchange Server, configure ISA Server to secure SMTP messages, and encrypt communication between network clients by using Internet Protocol Security (IPSec).
Exercise 1 – Implementing Certificate Authentication for OWA
Exercises
| • | Configure IIS to require SSL on virtual directories |
| • | Create a new URL set |
| • | Request a certificate |
| • | Configure a Web listener to accept client certificates |
| • | Create an OWA mail server publishing rule |
Exercise 2 – Configuring ISA Server to Secure Client Access to Exchange Server
Exercises
| • | Create a mail server publishing rule |
| • | Install the RPC over HTTP proxy network service |
| • | Configure the RPC virtual directory |
| • | Configure an RPC back-end server |
| • | Configure the SSL Web listener |
| • | Create a secure Web publishing rule |
| • | Configure Outlook to use RPC over HTTP |
Exercise 3 – Implementing SMTP Message Security
Exercises
| • | Configure the SMTP firewall policy |
| • | Configure the SMTP message screener |
| • | Configure the Exchange IMF |
| • | Verify that ICF is blocking access to TCP ports |
| • | Use Group Policy to enable ICF |
Exercise 4 – Implementing IPSec to Secure Network Traffic
Exercises
| • | Configure a Microsoft Active Directory Organizational Unit (OU) to request IP security |
| • | Configure client computers to respond to IPSec requests |
| • | View IPSec Active Policy details by using the IP Security Monitor |
Lab 4: Identity and Access Management
In this lab, you will configure Microsoft Identity Integration Server (MIIS) to provide identity management, implement identity integration by using MIIS, implement user account provisioning and deprovisioning with MIIS, understand how changes are propagated throughout the MIIS structure, and, if time permits, manage passwords by using MIIS.
Exercise 1 – Configuring MIIS to Provide Identity Integration and Provisioning
Exercises
| • | Create a management agent by using Identity Manager |
| • | Create direct import attribute flow mappings |
| • | Create advanced attribute mappings |
| • | Import a management agent to connect Active Directory to the MIIS Connector space |
| • | Configure a Full Import run profile |
| • | Configure a Delta Synchronization run profile |
| • | Configure an Export run profile |
| • | Configure a Metaverse object deletion rule |
Exercise 2 – Implementing Identity Integration Using MIIS
Exercises
| • | Stage objects from Microsoft SQL Server database into MIIS connector space |
| • | Investigate staged operations using Search Connector Space and Preview |
| • | Project user objects from connector space to the Metaverse |
| • | Verify attribute sources using Metaverse Search |
Exercise 3 – Enabling Provisioning with MIIS
Exercises
| • | Configure extensions to enable Metaverse rules extension |
| • | Provision accounts into the Active Directory connector space |
Exercise 4 – Implementing Identity Changes and Deprovisioning Using MIIS
Exercises
| • | Implement Run profiles to synchronize modifications with the Metaverse |
| • | Implement Run profiles to synchronize modifications with Active Directory |
Exercise 5 (If Time Permits) – Managing Passwords Using MIIS 2003
Exercises
| • | Import a management agent to connect to an extranet domain |
| • | Execute the Full Import and Synchronization run profiles |
| • | Configure MIIS management agents for password management |
About Microsoft Hands-On Labs
Microsoft Official Hands-On Lab learning products provide students with prescriptive exercises designed around real-world scenarios that deliver practical experience in a safe, instructor-led environment. Each hands-on lab begins with a short introductory presentation that provides an overview of the technical information covered in the self-guided portion of the lab. After the overview, the student performs the hands-on portion of the lab, following a series of prescriptive instructions to complete a task or procedure relevant to their job.
Take This Training
|