Contents
Overview 1
Lesson: Introduction to Designing Security
for Microsoft Networks 2
Contoso Pharmaceuticals: A Case Study 10

Module 1: Introduction
to Designing Security




Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any

license to these patents, trademarks, copyrights, or other intellectual property.

 2002 Microsoft Corporation. All rights reserved.

Microsoft, MS-DOS, Windows, Windows NT, Active Directory, ActiveX, BizTalk, PowerPoint, Visio,
and Windows Media
are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.


Module 1: Introduction to Designing Security iii


Instructor Notes
This module introduces Course 2830A, Designing Security for Microsoft
Networks, and presents general security concepts that are used throughout the
course. This module emphasizes the importance of a network security design in
the protection of an organization’s assets.
The module also introduces a fictional organization, Contoso Pharmaceuticals,
which is used as an ongoing case study for the labs in the course. Students will
become familiar with the network security issues that confront Contoso
Pharmaceuticals, meet some of its employees, and learn about the lab
environment. There is no lab for this module.
After completing this module, students will be able to:

Provide an overview of designing security.


Describe the components of the case study for this course.

To teach this module, you need Microsoft
®
PowerPoint
®
file 2830A_01.ppt.

It is recommended that you use PowerPoint version 2002 or later to
display the slides for this course. If you use PowerPoint Viewer or an earlier
version of PowerPoint, all of the features of the slides may not be displayed
correctly.

To prepare for this module:

Read all of the materials for this module.

Presentation:
30 minutes

Lab:
00 minutes
Required materials
Important
Preparation tasks
iv Module 1: Introduction to Designing Security


How to Teach This Module
This section contains information that will help you to teach this module.


This course contains teachable appendices, which are modules that do
not contain practices, assessments, or labs. If you have time at the end of the
course, you can use the appendices as lecture material. Encourage students to
read the material on their own.

Lesson: Introduction to Designing Security for Microsoft Networks
This lesson is designed to introduce students to key security concepts such as
asset, threat, vulnerability, and risk. It also introduces a framework for
understanding security design. Other modules in this course will revisit the
framework, giving students a context in which to place the information that
they receive in this course.
Emphasize the concepts of asset, threat, vulnerability, and risk. You will revisit
these concepts in depth in later modules.
Emphasize these principles to students, and revisit them throughout the course.
Spend as much time as necessary based on the experience level of the students
in your classroom.
Discuss the differences between design and implementation and the challenges
and difficulties of each. Try to relate each aspect of design and implementation
to roles in students’ organizations. Discuss non-Microsoft administrators on a
network, such as router administrators, and how they play a role in overall
network security. Module 2, “Creating a Plan for Network Security” in this
course goes into greater detail about design teams, policies, and procedures.
Use this page to set student expectations regarding the scope of this course.
There are several Microsoft servers, for example, that this course does not focus
on. Emphasize that the items on the slide represent the areas of a network that
this course covers.
Describe how data might flow across the network in the slide, and where
possible vulnerabilities might exist. Describe how each point is a complex area
of threats, vulnerabilities, risks, and countermeasures. Also emphasize to

students that the areas listed in the Additional Reading section are not covered
in this course, but are covered in detail in the courses listed. Use this
opportunity to point out the Additional Reading listings, and tell students that
this course provides numerous resources, white papers, and other materials in
this folder on the Student Materials CD.
Note
Wh
y Secure a Network?
Important Principles of
Securit
y
Security Design and
Implementation
Overview of a Microsoft
Network
Module 1: Introduction to Designing Security v


This page shows the flow of the course on a single slide, and also gives students
a simple framework that they can use to approach security design. This
framework will be revisited at the end of each module on a page called Security
Design Checklist. Use this slide to show students how the content in the course
flows from a planning segment in Modules 2, 3, and 4 to a building component
in Modules 5 through 11. Module 12 and the Appendices reflect the
management aspect of security design. This framework was leveraged from
Microsoft Solutions Framework (MSF), which is discussed in greater detail in
Module 2, “Creating a Plan for Network Security.” Avoid going into excessive
depth on this page, but ensure that students understand the general structure of
the course, and why topics are presented in the order given here.
Emphasize that this framework is not meant to be inclusive or act as the

ultimate statement regarding security; instead, it is simply an effective way to
categorize the planning that each student will need to perform as she designs
security for her organization. Appendices A, B, and C are teachable modules
that do not include instructor notes, practices, labs, or assessment items. If your
class finishes early on the last day, you can either teach your students the
appendices or use them as subjects for discussion.
Lesson: Contoso Pharmaceuticals: A Case Study
Contoso Pharmaceuticals is a fictional company that the labs in this course use
as an ongoing case study. The labs rely on an interactive application in which
students will read and watch scenario information relating to Contoso’s security
design.
Put students in the mindset of being consultants for Contoso Pharmaceuticals.
Have them draw on their own experience as they perform the labs in this
course.
Ashley Larson is the new Chief Information Officer (CIO) for Contoso
Pharmaceuticals. In the labs, she has hired students to help her as Contoso
updates its security design. Emphasize to students that Ashley’s comments and
e-mails will provide the goals for each lab.
The labs in this course are scenario-based exercises that revolve around the
student analyzing or solving a problem relating to the topics covered in the
module. Although this introductory module does not have a lab, the rest of the
modules do have labs associated with them. Tell students that beginning with
the next module, they will use the lab environment in each module.
One teaching suggestion is to perform the lab for Module 2, “Creating a Plan
for Network Security,” together as a class, so that students can familiarize
themselves with the lab structure. In subsequent labs, have students work in
pairs to generate interaction among students.
Framework for
Desi
gning Security

Introduction to Contoso
Pharmaceuticals
Contoso
Pharmaceuticals
Personnel
Introduction to the Lab
Environment
vi Module 1: Introduction to Designing Security


Assessment
This is an introductory module, and as such there are no assessment questions
designed for it. You can use the Key Security Concepts topic page to lead a
post-module discussion.
There are assessments for each lesson, located on the Student Materials
compact disc. You can use them as pre-assessments to help students identify
areas of difficulty, or you can use them as post-assessments to validate learning.
Customization Information
This section identifies the lab setup requirements for a module and the
configuration changes that occur on student computers during the labs. This
information is provided to assist you in replicating or customizing Microsoft
Official Curriculum (MOC) courseware.
There are no labs in this module, and as a result, there are no lab setup
requirements or configuration changes that affect replication or customization.
Module 1: Introduction to Designing Security 1


Overview

*****************************

ILLEGAL FOR NON
-
TRAINER USE
******************************
This module introduces Course 2830, Designing Security for Microsoft
Networks, and presents general security concepts that are used in the course.
This module emphasizes the importance of a network security design in the
protection of an organization’s assets.
The module also introduces a fictional organization, Contoso Pharmaceuticals,
which the labs in the course use as an ongoing case study. You will become
familiar with the network security issues that confront Contoso
Pharmaceuticals, meet some of its employees, and learn about the lab
environment.
After completing this module, you will be able to:

Provide an overview of designing security.

Describe the components of the case study for this course.

Introduction
Objectives
2 Module 1: Introduction to Designing Security


Lesson: Introduction to Designing Security for Microsoft
Networks

*****************************
ILLEGAL FOR NON
-

TRAINER USE
******************************
A security design is a comprehensive plan that guides the implementation of
security policies and procedures for an organization. A security design helps an
organization protect its assets so that it can implement security in a consistent
and effective manner.
After completing this lesson, you will be able to:

Explain why organizations invest in network security.

Describe important principles of security.

Explain the difference between security design and security implementation.

Describe the areas of a Microsoft network that should be secured.

Describe the general organization of information in this course.

Introduction
Lesson objectives