SUMMARY:   This course is designed for Administrators and others who have a need to address security issues on their corporate networks. It will be assumed that attendees are familiar with Windows Server Administration and Network administration and Configuration. DURATION:   5 Days OBJECTIVES:   Principles of Security Securing Active Directory Securing the Core Operating System Securing Common Services Managing Security Updates Security Assessments and Incident Responses Key Principles of Privacy COURSE CONTENT:   Key Principles of Security Risk Management Risk Management Strategies Accepting Risk 10 Laws of Security Administration Understand the Enemy Assess Own Skills Accurately Detailed Network Documentation Identify the Attacker Levels of Trust Attackers Have Unlimited Resources User Accounts and Passwords Account Security Options RunAs Service Password Security and Complexity Rights and Permissions Using Groups AD, File, and Registry Permissions Built-In Domain Groups Universal Groups NTLM Kerberos DPAPI Active Directory Objects and Attributes Active Directory Schema Group Policy Group Policy Computer-Related Group Policies Preferences vs. Policies User-Related Group Policies Group Policy Containers Block Inheritance Active Directory Forest and Domains Design Autonomy and Isolation Enterprise Administration Boundaries Physical Security of Domain Controllers Designing DNS for AD Security Single Namespace Designing Authority Delegation Permissions File and Folder Permissions Assigning DACLs Encrypting File System Securing Registry Permissions Securing Services Managing Service Permissions Configuring the DACL for a Service TCP/IP Security Securing TCP/IP Denial of Service Configuring Registry Settings TCP/IP Filtering IPSec ESP Kerberos Authentication X.509 Certificates IPSec Monitoring Internet Explorer 6 and Office XP Security Settings in IE 6 Security Zones ActiveX Controls and Plug-Ins Microsoft VM Options Security Settings in Office XP Security Templates Security Template Settings Account Policies Local Policies IP Security Policies Security Templates Using Group Policy Auditing Security Events Determining Events to Audit Audit Policies Monitoring Audited Events Mobile Computer Security Mobile Computers Security Updates Hardware Protection Boot Protection Data Protection Wireless Networking in Windows XP Security for Domain Controllers Domain Controller Threats Security on Domain Controllers Physical Security Security Settings by Using Group Policy Protecting Against Domain Controller Failure Auditing Active Directory Communication IPSec Encryption Security for DNS Servers Threats to DNS Servers Denial-of-Service Attacks on DNS Services Restricting DNS Traffic at the Firewall Security for Terminal Services Threats to Terminal Services Securing Terminal Services Strengthening Security Configuration of Terminal Server Security for DHCP Servers Threats to DHCP Servers Securing DHCP Servers Security for WINS Servers Threats to WINS Servers Securing WINS Servers Security for Routing and Remote Access Remote Access Solution Components VPN Protocols Threats to Remote Access Solutions Securing Remote Access Servers Securing Remote Access Clients Security for Certificate Services Threats to Certificate Services Securing Certificate Services Security for IIS 5.0 Implementing Windows 2000 Security Configuring IIS Security Tools to Secure IIS Configuring the FTP Service Patch Management Types of Patch Development of a Hotfix Windows Update Installing Service Packs Patch Management Tools Security Patch Bulletin Catalogue Windows Update Automatic Updates Baseline Security Analyser Security Assessment Tools Assessing Security Configuration Performing Security Assessments Network Security Assessment Types of Security Assessment Penetration Testing IT Security Audit Conducting Security Assessments Conducting Penetration Tests Incident Response Planning Creating an Incident Response Team Security Reporting Policy Creating a Communication Plan Security Incident Response Common Indicators of Security Incidents Analysing a Security Incident Security Investigations Network Monitoring Importance of Privacy Privacy Definition Formulating an Enterprise Privacy Strategy Privacy for the Corporate Web Site Defining a Privacy Statement Internet Explorer 6 Privacy Settings Privacy in the Enterprise Selecting Applications Based Privacy Protecting Employees Privacy Protecting Customers and Business Partners Privacy JS/03