Applying Microsoft Security Guidance III

866.762.3990


Certification
Server Technologies
Microsoft Server
2272
2273
2274
2275
2276
2277
2278
2279
2282
2285
2801
2802
2803
2804
2808
2810
2812
2813
2830
Microsoft Server Support
MS SQL Server
MS Sharepoint
Microsoft Exchange
Network Technologies
Accounting Software
Multimedia Software
Office Software

Hands-On Lab 2813: One day; Instructor-Led

Introduction

This one-day, instructor-led, hands-on lab allows students to apply information and guidance that can help in implementing and managing security in a network based on Microsoft Windows and that includes Microsoft Exchange Server, Microsoft Internet Security and Acceleration (ISA) Server 2004, Microsoft Windows Rights Management Services (RMS), or Certificate Services.

Audience
Attendees will be current IT professionals with experience using Microsoft Windows 2000 Server or Microsoft Windows Server 2003 and with knowledge of security concepts including firewalls, virtual private networks (VPNs), encryption, and rights management. The students will be responsible for aspects of security management and deployment associated with their internal network infrastructure and Internet or intranet services.

At Hands-On Lab Completion
After completing this hands-on lab, students will be able to:

Help protect e-mail messages using S/MIME signing and encryption.
Manage e-mail attachment security using the Outlook Security Template.
Increase security for Microsoft Office Outlook 2003 by using remote procedure call (RPC) over HTTP(S).
Enhance security for Outlook Web Access (OWA) connections.
Install Rights Management Services (RMS) and understand the provisioning and enrollment process for the RMS server.
Install and activate the RMS client component to protect Microsoft Office 2003 documents and Outlook 2003 e-mail messages.
Perform administrative tasks such as deploying custom rights policy templates and troubleshooting client configurations using the RMS Administration Toolkit.
Sub-enroll and provision licensing servers to provide a distributed RMS infrastructure.
Implement a VPN solution that incorporates L2TP/IPSec and Network Access Quarantine.
Configure the remote access polices for VPN to support L2TP and PPTP remote access connections. You will also learn how to configure Certificate provisioning to support L2TP VPN connections.
Implement VPN Network Quarantine: configure a remote access policy for network quarantine and implement the Remote Access Quarantine Service.Configure and deploy a Connection Manager profile for use with VPN Network Quarantine.
Install and configure a stand-alone Root Certification Authority (CA).
Install and configure a subordinate Enterprise CA.
Configure custom certificate templates, and deploy certificates using autoenrollment.
Increase security for e-mail communication and Web-site authentication by using digital certificates.

Prerequisites
These labs require that you meet the following prerequisites:

Hands-on experience with Windows 2000 or Windows Server 2003
Experience with Active Directory and Group Policy
Basic understanding of Windows authorization and authentication concepts
Working knowledge of Internet protocols, including POP3, IMAP4, SMTP, and HTTP
Basic understanding of public key infrastructure (PKI) concepts and technologies

Additional Training Courses at SOT

Why SOT?

Quality
Price
Service

Course Outline

Exercise 1 - Protecting E-Mail Messages Using S/MIME Signing and Encryption

Configure Certificate Services.
Obtain a digital certificate to be used for S/MIME.
Send and receive a digitally signed e-mail message.
Send and receive an encrypted e-mail message.
Test OWA functionality with signed and encrypted e-mail, and install the S/MIME Control.

Exercise 2 - Customizing Outlook Security Settings Using the Outlook Security Template

Install and configure the Outlook Security Template.
Modify the default security settings to block specific attachments from within Outlook 2003.

Exercise 3 - Securing Remote Outlook 2003 Connections Using RPC Over HTTPS

Install the RPC over HTTP Proxy network service.
Configure the RPC back-end server.
Configure ISA Server 2004 to listen for traffic destined for the RPC over HTTP service on the Exchange server.
Configure Outlook to use RPC over HTTPS to connect to the Exchange server.

Exercise 4 - Securing Outlook Web Access Connections

Configure OWA to require Secure Sockets Layer (SSL).
Configure ISA Server 2004 to provide secure access to OWA.
Enable OWA to use forms-based authentication.
Install the Outlook Web Access Administration tool.

Lab 2: Protecting Data Using Rights Management Services

In this lab, you learn how to improve data protection using Rights Management Services (RMS). You learn how to configure Rights Management Services on Windows Server 2003, and you learn best practices for administering rights management servers and clients. You also learn how rights management is supported in Microsoft Office applications.

Exercises

Exercise 1 - Installing and Provisioning Windows Rights Management Services

Install Windows RMS.
Use the Windows RMS Administration Web page to begin the RMS Provisioning process.
Enroll the RMS server, and request a new server licensor certificate (SLC).
Import the SLC (ServerCert.xml) to complete the enrollment process.
Register the RMS service connection point.

Exercise 2 - Installing and Activating an RMS Client to Protect Microsoft Office Files and E-Mail Messages

Install the RMS client.
Protect a Microsoft Office Word 2003 document using rights management.
Protect an Outlook 2003 e-mail message using rights management.
Install and configure the Information Rights Management Add-on for Internet Explorer.
Open a rights-protected document using Microsoft Internet Explorer and the Information Rights Management Add-on for Internet Explorer.

Exercise 3 - Administering an RMS Deployment

Create a custom rights policy template.
Distribute the custom rights policy template.
Use the IRMCheck tool to obtain information about the RMS client.
Use the GetRMScp tool to verify that the service connection point can be located from the client.
Use the RMS Log Viewer to view RMS-related events.

Exercise 4 - Sub-Enrolling Additional Licensing Servers

Configure permissions on the Certification pipeline.
Install Windows RMS.
Access the Windows RMS Administration Web page to begin the RMS Provisioning process.
Verify the configuration of the sub-enrolled licensing server.
Remove the modified permissions on the Certification pipeline.

Lab 3: Improving Remote Access Security

In this lab, you learn how to improve security for clients that connect remotely to your network. You learn how to implement VPN connections to encrypt data communications and how to create a "quarantine" zone in which remote clients can be placed while they are inspected for installed security and software updates.

Exercises

Exercise 1 - Configuring Network Services to Support VPN Security

Install and configure Internet Authentication Services.
Configure Certificate Services.
Configure Routing and Remote Access (RRAS).
Install the Connection Manager Administration Kit (CMAK).

Exercise 2 - Configuring VPN Remote Access Policy and Certificate Provisioning

Create a remote access policy for L2TP/IPSec VPN connections.
Create a remote access policy for PPTP VPN connections.
Configure Active Directory for autoenrollment of certificates.
Create and issue certificate templates for L2TP/IPSec VPN access.
Configure the Certification Authority to issue the new certificates.

Exercise 3 - Implementing VPN Network Quarantine

Create a remote access policy for network quarantine.
Install the Network Access Quarantine Service.

Exercise 4 - Creating the Quarantine Connection Manager Profile

Create a new Connection Manager Profile using CMAK.
Add custom actions to the Connection Manager profile to perform quarantine policy checks for VPN users.
Connect to the VPN, and verify that a network client is now compliant with the company security policy.

Lab 4: Deploying a Windows Public Key Infrastructure

In this lab, you learn how to implement a Windows Server 2003 PKI to enable security enhancements for messaging and network communications. You also learn how to implement certificates for SSL-enhanced Web sites and how digital certificates can be deployed to enable client authentication and improve e-mail security.

Exercises

Exercise 1 - Creating a Certification Authority Hierarchy

Configure a CAPolicy.inf file.
Install a stand-alone root CA.
Define CRL and AIA Publication Settings.
Publish the CRL and CA certificate to Active Directory directory service.

Exercise 2 - Implementing a Subordinate Enterprise CA

Install Certificate Services as a subordinate Enterprise CA.
In the Certification Authority console, request a new certificate by using the request.req request file.
Use the PKI Health Tool to verify that the offline root CA's CDP and AIA extensions are properly configured.

Exercise 3 - Deploying Certificates to Secure E-Mail

Create the Autoenrollment Group Policy object, and link it to the domain.
Create an S/MIME signing certificate template.
Create an S/MIME encryption certificate template.
Configure the CA to issue the S/MIME certificates.
Send and receive a digitally signed and encrypted e-mail message.

Exercise 4 - Securing Web Sites Using SSL Encryption

Enable SSL on the default Web site.
Configure authentication for a Web site.
Enable certificate mapping for a Web site.

Support Services: Accounting Software Support - CRM Software Support - MAS 90 Support - MAS 500 Support - SalesLogix Support
Home Page: Save On Support Home - Save On Training Home
Help: Register For a Class – Contact Us Save On Support