MCSE Windows 2000 Network Security Design: Training Guide; Exam 70-220 with Cdrom

MCSE Windows 2000 Network Security Design: Training Guide; Exam 70-220 with Cdrom

by Roberta Bragg

Other Format(Older Edition)


Product Details

ISBN-13: 9780735709843
Publisher: Que
Publication date: 08/07/2000
Series: MCSE Training Guide Series
Edition description: Older Edition
Pages: 1200
Product dimensions: 8.39(w) x 9.59(h) x 2.17(d)

About the Author

A veteran of more than 20 years of information system experience, Roberta Bragg currently specializes in Windows (NT and Windows 2000) security issues. She is a columnist (Security Advisor) and contributing editor for Microsoft Certified Professional Magazine. In the past, she has developed curriculum on C, C++, Windows NT Microsoft Exchange Server, VPNs, and firewalls. Her virtual company Have Computer Will Travel, has her working across the world, lecturing, consulting, and training.

Read an Excerpt

Chapter 1: General Business Analysis

Business management often sees IT the way Alice described Wonderland. Things are not as they seem. You have to go backward to make progress. You might find lots of instructions on things, but they make no sense ("this one will make you larger, this one will make you small"). There are illusive Queens, Mad Hatters, and white rabbits that are always late. It always seems as if you've not only arrived late for the tea party, but you also are very unaware of the protocol and therefore can't follow the conversation.

Business managers are looking for IT to tell them which way to go, but it often seems to IT as if business managers don't know where they want to be. Stop grinning like a Cheshire cat, and learn how to ask them questions they understand.As IT professionals, you and I must take the time to learn the business side of business so that we can support that business with IT efforts and protect it with a security solution. If you encompass the organization's business drives, opportunities, processes, and goals in your IT proposals, you are more likely to succeed. If you recognize that investments in IT should be driven by business, not technical aspects, you may just realize, if not the most technically advanced security solution, surely the best security solution for the problem at hand.This chapter is meant to help you ground yourself with a little business knowledge before you embark on your security design. You will analyze the business in general by looking at three business-related objectives: analyzing existing and planned business models, analyzing existing and planned organizational structures, and analyzingfactors that influence company strategies. At the least, I hope that it gives you a better sense of direction to follow. At the best, perhaps it will give you enough insight to direct your IT proposals toward business goals. Either way, you and your company should benefit from your increased understanding.

Companies often are defined by the answers to several questions. What are their products, and what industry are they in? What markets do they do business in, and how centralized is their control? Knowing these things about a company gives you a frame of reference. If you know other companies that follow this model, you will feel that you know something about how this new business functions, which in turn will make you feel more comfortable with it.

Companies with the same model often find similarities in their requirements for communications, financing, marketing, management, development, expansion, human resources, and technologies.

Another way to look at a business is to define the way it does business-the steps it takes to complete a business function. These functions, or business processes, also tell us much about the business

So, how do you start your quest for business knowledge?

Today, knowing the geographical scope of a business often serves to define it and its IT infrastructure. An international corporation that produces laptop computers may have much more in common with an international corporation that produces luggage than with a local producer of PCs. A branch office of Allstate Insurance has more in common with a branch office of Arthur Anderson Consulting than it does with the national headquarters of Prudential. In these comparisons, many business processes and information technological needs are similar.

Analyzing Company Model and Geographical Scope

Analyze the company model and the geographical scope. Models include regional, national, international, subsidiary, and branch offices...

Table of Contents


1. General Business Analysis.
Introduction. Analyzing Existing and Planned Business Models. Analyzing Existing and Planned Organizational Structures. Analyzing Factors That Influence Company Strategies.

2. Analyzing.
Introduction. End-User Requirements. IT Management. Physical and Information Security Models. Security Risks.


3. Analyzing Technical Environments.
Introduction. Analyze Company Size and User and Resource Distribution. Assess Available Connectivity. Identify Network Topology. Assess Net Available Bandwidth. Analyze Performance Requirements. Analyze Data and Systems Access Method. Analyze Network Roles and Responsibilities. Analyze the Security Design.


4. Designing a Security Baseline.
Introduction. Active Directory Introduction. Understanding Security Templates and Computer Policy Introduction. Creating or Modifying Security Templates Using Security Configuration and Analysis. Domain Controllers Baseline. Operations Master. Servers. Desktop Computers. Kiosks. System Services Template Settings. Registry and File System. Installing Computers with Enhanced and Appropriate Security. Using Secedit to Apply and Analyze Security Settings.

5. Securing Resources.
Introduction. Applying Security to File Systems. Analyzing Printer Permissions. Analyzing Registry Keys Access. Examining Dial-In Access. Internet Access. Active Directory Schema Permissions.


6. Designing an Audit Policy.
Introduction. Designing an Audit Policy. What Can Be Audited?. Objects to Watch. Using Periodic or Fixed-Frame Audit Techniques. Configuring Auditing. Determine How You Are Going to Cope with the Multitude of Records Produced.

7. Designing a Security Group Strategy.
Introduction. Built-In Users. Types of Groups and Group Scope. Default Groups. Using Security Groups to Provide Resource Access. Restricted Groups. Terminal Services. Tools for Managing Users. User Rights and Privileges. Delegation of Authority.

8. Designing Security Policy Inheritance.
Introduction. What Is Group Policy? Group Policy Application. Group Policy Inheritance. Controlling Group Policy with Group Policy. Client-Side Processing. Policies for Windows NT and Windows 9x Computers in a Windows 2000 Domain. Design. Testing and Documenting Group Policy. Best Practices.

9. Designing an Encrypting File System Strategy.
Introduction. Revisiting ITS. Encrypting Files—User Processes. Encrypting File System Internals. Recovery Policy. The cipher Command. Designing a Strategy for EFS. Best Practices.

10. Designing an Authentication Strategy.
Introduction. Windows 2000 Security Model. Kerberos—Native Windows 2000 Authentication. Native Mode versus Mixed Mode. NTLM, LM, and NTLMv2. Using NTLM for Downlevel Clients. Digest Authentication. Using Certificate-Based Authentication. Smart Cards and Biometrics. What Does a Smart Card Do? Integration with Windows 2000 Kerberos. Integration with Windows 2000 PKI. SSL. RADIUS: Internet Authentication Service. Windows 2000 Kerberos Interoperability. Windows 2000 PKI Interoperability. Windows 2000 and Macintosh Interoperability. Windows 2000 Novell Interoperability. Windows 2000 UNIX Interoperability. SNA Server and Authentication in the IBM Mainframe and AS/400 World. What Works for You?

11. Designing a Public Key Infrastructure.
Introduction. Basic Definitions. Windows 2000 PKI. Certificate Server Roles. Installing Certificate Services. Configuring a CA. Certificate Authority Hierarchies. Certificate Lifecycle—Managing Certificates. Mapping Certificates. Third-Party Integration.

12. Designing Windows 2000 Network Services Security.
Introduction. DNS Security. RIS Security. SNMP.


13. Providing Secure Access Between Networks.
Introduction. NAT and Internet Connection Sharing. Routing and Remote Access Services. Internet Authentication Services. Virtual Private Networking. Terminal Services.

14. Designing Security for Access Between Networks.
Introduction. Secure Access to Public Networks. Secure Access to Private Network Resources. Secure Access Between Private Networks. Windows 2000 Security for Remote Access Users.

15. Designing Security for Communication Channels.
Introduction. SMB Signing. IPSec.


Fast Facts.
Analysis and Security Requirements. Security Templates. Encrypted File System. Public Key Infrastructure. Network Services Security. Providing Secure Access Between Networks. Designing Security for Communication Channels.

Study and Exam Prep Tips.
Learning Styles. Study Tips. Exam Prep Tips. Final Considerations.

Practice Exam.
Exam Questions. Answers to Exam Questions.


Appendix A. Glossary.
Appendix B. Overview of the Certification Process.
Types of Certification. Certification Requirements.

Appendix C. What's on the CD-ROM.
ExamGear, Training Guide Edition. Exclusive Electronic Version of Text. Copyright Information and Disclaimer.

Appendix D. Using the ExamGear, Training Guide Edition Software.
Exam Simulation. Study Tools. How ExamGear, Training Guide Edition Works. Installing and Registering ExamGear, Training Guide Edition. Using ExamGear, Training Guide Edition. Obtaining Updates. Contacting New Riders Publishing. License Agreement. License. Software and Documentation. License Term and Charges. Title. Updates. Limited Warranty and Disclaimer. Limitation of Liability. Miscellaneous. U.S. Government Restricted Rights.


Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews