2808A:Microsoft Security Guidance Training V
|About This Clinic|
This one-day instructor-led clinic builds on existing knowledge of server and client security and provides students with the knowledge and skills to apply best practices to securing Exchange Server clients, protecting e-mail and data content, securing services and critical accounts, and securing administrative accounts and remote access using smart cards.
Attendees will be current IT professionals with experience using Microsoft Windows 2000 Server or Microsoft Windows Server 2003 and with knowledge of Microsoft Active Directory concepts. Students will also benefit from experience with Microsoft Exchange 2000 or Exchange Server 2003. The students will be in an environment where they are responsible for aspects of security management and deployment associated with their internal network infrastructure and Internet or intranet services.
|At Clinic Completion|
After completing this clinic, students will be able to:
Module 1: Implementing Messaging Security for Exchange Server Clients
It is as important to provide security for the clients of Exchange Server 2003 as it is to secure the server itself. Providing security for the clients of Exchange Server includes ensuring that messages can be read only by the intended recipients. By definition, providing client security covers a range of situations involving any local or remote Exchange Server client connecting directly to your messaging environment to send or receive messages. This session provides information about solutions such as S/MIME and Information Rights Management to protect e-mail content. RPC over HTTP is also discussed as a solution to help secure client connections to Exchange Server 2003 connecting over the Internet. The session concludes with a discussion about how to control access to e-mail attachments and how to manage and secure Outlook Web Access.Lessons
Protecting confidential data and intellectual property is a strong priority within many organizations. Many organizations have a need to protect sensitive information such as e-mail, internal documents, and Web content. The goal of implementing a rights management solution is to protect this information and define exactly who can open, read, copy, modify or redistribute the content. This session discusses the various processes that take place during RMS server provisioning, client installation and activation, and the protection and consumption of data. The session also introduces best practices for providing availability and scalability within the RMS environment.Lessons
Many organizations implement network services or applications that require the use of a service account. Unfortunately, service accounts are often configured to run with the highest possible privileges, often resulting in membership within the domain administrators group. If these service accounts are compromised, an attacker may be able to gain full and unrestricted access to the computer, domain, or entire forest. It is important that you understand how to configure service accounts to only the level of privilege necessary to support the application or network service. The goal of this session is to address the common problem of Windows services that are set to run with the highest possible privileges, describe ways to identify services that can run with lesser privileges, and how to methodically downgrade those privileges. This session also provides information on securing administrative level accounts.Lessons
User name and password combinations have typically been used to provide authentication and authorization to network resources. Even though passwords can provide effective security, many users favor convenience to security, so they choose a password that can easily be compromised. To address this issue, multifactor authentication uses a combination of components to provide secure access to network resources. Deploying a smart card solution is an increasingly popular form of multifactor authentication. The primary focus of this session is to address the challenge of securing critical administrator accounts and remote access logon sessions by implementing multifactor authentication using smart card technology.Lessons