Lab 1: Securing the Perimeter Using ISA Server 2004

In this lab, you will implement secure access to Internet resources, implement secure Internet client access to an organization’s internal servers, implement secure virtual private network (VPN) access to an organization’s internal network, and monitor Microsoft Internet Security and Acceleration (ISA) Server 2004.

Exercise 1 – Implementing Internet Access with ISA Server 2004

• Create a new access rule
• Test for connectivity under a new access rule
• Create a new Computer Set rule element
• Deny access to restricted computers

Exercise 2 – Implementing Web Publishing with ISA Server 2004

• Create a new Web listener
• Test the configuration of a new Web listener
• Configure link translation

Exercise 3 – Implementing VPN Client Access on ISA Server 2004

• Enable VPN client access
• Configure VPN connection settings
• Configure user account settings to allow remote access
• Create an access rule to allow VPN connections

Exercise 4 – Monitoring ISA Server 2004

• Examine alert definitions
• Create a connectivity verifier
• Start a new online mode log query
• Create a filter definition for online mode logging

Lab 2: Exchange Server Security

In this lab, you will use the tools and obtain the skills needed to analyze a Microsoft Exchange Server 2003 infrastructure and to configure it to be as secure as possible. This lab also shows how to increase the security of e-mail that flows through an organization’s Exchange servers and to other Simple Mail Transfer Protocol (SMTP) servers. Also, this lab shows how to configure Exchange Server 2003 to reduce the amount of unwanted e-mail.

Exercise 1 – Analyzing and Configuring Exchange Server Security

• Examine Exchange Server security using MBSA
• Examine Exchange Server security using Best Practices Analyzer Tool
• Disable SMTP relaying
• Disable Network News Transfer Protocol (NNTP) and Microsoft Exchange MTA Stacks service

Exercise 2 – Securing SMTP Messages with SSL/TLS

• View captured network packets by using Network Monitor
• Create a new SMTP virtual server to support SSL and TLS
• Configure the POP3 virtual server to require SSL
• Configure an SMTP connector
• Configure the default SMTP virtual server by using Internet Information Services (IIS) Manager

Exercise 3 – Implementing Real-Time Block List Support

• Configure the Domain Name System to simulate a Real-Time Block List (RBL) provider
• Add a new RBL provider
• Enable the SMTP connection filter

Exercise 4 – Implementing Exchange Server Intelligent Message Filter

• Set minimum Intelligent Message Filter (IMF) blocking standards
• Configure Performance Monitor to identify Spam Confidence Level (SCL) ratings
• Configure the IMF SCL threshold
• Configure the IMF Gateway Blocking Configuration threshold

Lab 3: Securing Exchange Server Using ISA Server 2004 and IPSec

In this lab, you will implement certificate authentication on an Outlook Web Access (OWA) Web site, configure ISA Server to secure client connections to Exchange Server, configure ISA Server to secure SMTP messages, and encrypt communication between network clients by using Internet Protocol Security (IPSec).

Exercise 1 – Implementing Certificate Authentication for OWA

• Configure IIS to require SSL on virtual directories
• Create a new URL set
• Request a certificate
• Configure a Web listener to accept client certificates
• Create an OWA mail server publishing rule

Exercise 2 – Configuring ISA Server to Secure Client Access to Exchange Server

• Create a mail server publishing rule
• Install the RPC over HTTP proxy network service
• Configure the RPC virtual directory
• Configure an RPC back-end server
• Configure the SSL Web listener
• Create a secure Web publishing rule
• Configure Outlook to use RPC over HTTP

Exercise 3 – Implementing SMTP Message Security

• Configure the SMTP firewall policy
• Configure the SMTP message screener
• Configure the Exchange IMF
• Verify that ICF is blocking access to TCP ports
• Use Group Policy to enable ICF

Exercise 4 – Implementing IPSec to Secure Network Traffic

• Configure a Microsoft Active Directory Organizational Unit (OU) to request IP security
• Configure client computers to respond to IPSec requests
• View IPSec Active Policy details by using the IP Security Monitor

Lab 4: Identity and Access Management

In this lab, you will configure Microsoft Identity Integration Server (MIIS) to provide identity management, implement identity integration by using MIIS, implement user account provisioning and deprovisioning with MIIS, understand how changes are propagated throughout the MIIS structure, and, if time permits, manage passwords by using MIIS.

Exercise 1 – Configuring MIIS to Provide Identity Integration and Provisioning

• Create a management agent by using Identity Manager
• Create direct import attribute flow mappings
• Create advanced attribute mappings
• Import a management agent to connect Active Directory to the MIIS Connector space
• Configure a Full Import run profile.
• Configure a Delta Synchronization run profile
• Configure an Export run profile
• Configure a Metaverse object deletion rule

Exercise 2 – Implementing Identity Integration Using MIIS

• Stage objects from Microsoft SQL Server database into MIIS connector space
• Investigate staged operations using Search Connector Space and Preview
• Project user objects from connector space to the Metaverse
• Verify attribute sources using Metaverse Search

Exercise 3 – Enabling Provisioning with MIIS

• Configure extensions to enable Metaverse rules extension
• Provision accounts into the Active Directory connector space

Exercise 4 – Implementing Identity Changes and Deprovisioning Using MIIS

• Implement Run profiles to synchronize modifications with the Metaverse
• Implement Run profiles to synchronize modifications with Active Directory

Exercise 5 (If Time Permits) – Managing Passwords Using MIIS 2003

• Import a management agent to connect to an extranet domain
• Execute the Full Import and Synchronization run profiles
• Configure MIIS management agents for password management