Part Number: X09-18461
Course Number: 2830A


Released: 12/2002

Delivery Guide
Designing Security for
Microsoft
®
Networks



Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2002 Microsoft Corporation. All rights reserved.

Microsoft, MS-DOS, Windows, Windows NT, Active Directory, ActiveX, BizTalk, PowerPoint, Visio,
and Windows Media
are either registered trademarks or trademarks of Microsoft Corporation in the
U.S.A. and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.


Course Number: 2830A
Part Number: X09-18461
Released: 12/2002
Designing Security for Microsoft® Networks iii


Contents

Introduction
Course Materials......................................................................................................2

Prerequisites ............................................................................................................3


Course Outline.........................................................................................................4

Initial Logon Procedure...........................................................................................6

Microsoft Official Curriculum.................................................................................7

Microsoft Certified Professional Program...............................................................8

Facilities ................................................................................................................10

Module 1: Introduction to Designing Security
Overview .................................................................................................................1

Lesson: Introduction to Designing Security for Microsoft Networks .....................2

Contoso Pharmaceuticals: A Case Study...............................................................10

Module 2: Creating a Plan for Network Security
Overview .................................................................................................................1

Lesson: Introduction to Security Policies................................................................2

Lesson: Defining a Process for Designing Security ................................................7

Lesson: Creating a Security Design Team.............................................................13

Lab A: Planning a Security Framework ................................................................19

Module 3: Identifying Threats to Network Security
Overview .................................................................................................................1


Lesson: Introduction to Security Threats.................................................................2

Lesson: Predicting Threats to Security....................................................................8

Lab A: Identifying Threats to Network Security...................................................15

Module 4: Analyzing Security Risks
Overview .................................................................................................................1

Lesson: Introduction to Risk Management..............................................................2

Lesson: Creating a Risk Management Plan.............................................................9

Lab A: Analyzing Security Risks ..........................................................................19

Module 5: Creating a Security Design for Physical Resources
Overview .................................................................................................................1

Lesson: Determining Threats and Analyzing Risks to Physical Resources.............2

Lesson: Designing Security for Physical Resources................................................8

Lab A: Designing Security for Physical Resources...............................................15

Module 6: Creating a Security Design for Computers
Overview .................................................................................................................1

Lesson: Determining Threats and Analyzing Risks to Computers..........................2


Lesson: Designing Security for Computers............................................................. 8

Lab A: Designing Security for Computers ............................................................23

Module 7: Creating a Security Design for Accounts
Overview .................................................................................................................1

Lesson: Determining Threats and Analyzing Risks to Accounts ............................2

Lesson: Designing Security for Accounts ...............................................................9

Lab A: Designing Security for Accounts...............................................................21
iv Designing Security for Microsoft® Networks


Module 8: Creating a Security Design for Authentication
Overview .................................................................................................................1

Lesson: Determining Threats and Analyzing Risks to Authentication....................2

Lesson: Designing Security for Authentication.......................................................8

Lab A: Designing Authentication Security............................................................23

Module 9: Creating a Security Design for Data
Overview .................................................................................................................1

Lesson: Determining Threats and Analyzing Risks to Data....................................2

Lesson: Designing Security for Data.......................................................................7


Lab A: Designing Security for Data ......................................................................15

Module 10: Creating a Security Design for Data Transmission
Overview .................................................................................................................1

Lesson: Determining Threats and Analyzing Risks to Data Transmission..............2

Lesson: Designing Security for Data Transmission.................................................7

Lab A: Designing Security for Data Transmission................................................19
Course Evaluation..................................................................................................22

Module 11: Creating a Security Design for Network Perimeters
Overview .................................................................................................................1

Lesson: Determining Threats and Analyzing Risks to Network Perimeters............2

Lesson: Designing Security for Network Perimeters...............................................8

Lab A: Designing Security for Network Perimeters..............................................17

Module 12: Designing Responses to Security Incidents
Overview .................................................................................................................1

Lesson: Introduction to Auditing and Incident Response........................................2

Lesson: Designing an Audit Policy .........................................................................8

Lesson: Designing an Incident Response Procedure .............................................15


Lab A: Designing an Incident Response Procedure ..............................................27

Course Evaluation..................................................................................................32

Appendix A: Designing an Acceptable Use Policy
Overview .................................................................................................................1

Lesson: Analyzing Risks That Users Introduce.......................................................2

Lesson: Designing Security for Computer Use .......................................................6

Appendix B: Designing Policies for Managing Networks
Overview .................................................................................................................1

Lesson: Analyzing Risks to Managing Networks....................................................2

Lesson: Designing Security for Network Administrators........................................6

Appendix C: Designing an Operations Framework to Manage Security
Overview .................................................................................................................1

Lesson: Analyzing Risks to Ongoing Network Operations.....................................2

Lesson: Designing a Framework for Ongoing Network Operations .......................6

Appendix D: Authentication in CHAP, MS-CHAP, and MS-CHAP v2

Designing Security for Microsoft® Networks v



About This Course
This section provides you with a brief description of the course, audience,
suggested prerequisites, and course objectives.
This three-day, instructor-led course teaches the skills necessary to design a
secure network infrastructure. Topics include assembling the design team,
modeling threats, and analyzing security risks in order to derive business
requirements for securing computers in a networked environment. The course
encourages decision-making skills through an interactive tool that simulates
real-life scenarios that the target audience may encounter. Students are given
the task of collecting the information and sorting through the details to resolve
the given security requirement.
This course is intended for IT systems engineers and security specialists who
are responsible for establishing security policies and procedures for an
organization. Students should have one to three years of experience designing
related business solutions.
This course requires that students meet the following prerequisites:

A strong familiarity with Microsoft
®
Windows
®
2000 core technologies,
such as those covered in Course 2152, Implementing Microsoft Windows
2000 Professional and Server.

A strong familiarity with Windows 2000 networking technologies and
implementation, such as those covered in Microsoft Official Curriculum
(MOC) Course 2153, Implementing a Microsoft Windows 2000 Network
Infrastructure.


A strong familiarity with Windows 2000 directory services technologies and
implementation, such as those covered in MOC Course 2154, Implementing
and Administering Microsoft Windows 2000 Directory Services.

After completing this course, students will be able to:

Plan a framework for security network.

Identify threats to network security.

Analyze security risks.

Design security for physical resources.

Design security for computers.

Design security for accounts.

Design security for authentication.

Design security for data.

Design security for data transmission.

Design security for network perimeters.

Design an incident response procedure.

In addition, this course contains three teachable appendices that cover designing

an acceptable use policy, designing policies for managing networks, and
designing an operations framework for managing security.
Description
Audience
Student prerequisites
Course objectives