Exam 70-298: Designing Security for a Microsoft Windows Server 2003 Network | 400 MB
Creating the Conceptual Design for Network Infrastructure Security by Gathering and Analyzing Business and Technical Requirements
* Analyze business requirements for designing security. Considerations include existing policies and procedures, sensitivity of data, cost, legal requirements, end-user impact, interoperability, maintainability, scalability, and risk.
o Analyze existing security policies and procedures.
o Analyze the organizational requirements for securing data.
o Analyze the security requirements of different types of data.
o Analyze risks to security within the current IT administration structure and security practices.
* Design a framework for designing and implementing security. The framework should include prevention, detection, isolation, and recovery.
o Predict threats to your network from internal and external sources.
o Design a process for responding to incidents.
o Design segmented networks.
o Design a process for recovering services.
* Analyze technical constraints when designing security.
o Identify capabilities of the existing infrastructure.
o Identify technology limitations.
o Analyze interoperability constraints.
Creating the Logical Design for Network Infrastructure Security
* Design a public key infrastructure (PKI) that uses Certificate Services.
o Design a certification authority (CA) hierarchy implementation. Types include geographical, organizational, and trusted.
o Design enrollment and distribution processes.
o Establish renewal, revocation and auditing processes.
o Design security for CA servers.
* Design a logical authentication strategy.
o Design certificate distribution.
o Design forest and domain trust models.
o Design security that meets interoperability requirements.
o Establish account and password requirements for security.
* Design security for network management.
o Design the administration of servers by using common administration tools. Tools include Microsoft Management Console (MMC), Terminal Server, Remote Desktop for Administration, Remote Assistance, and Telnet.
o Design security for Emergency Management Services.
o Manage the risk of managing networks.
* Design a security update infrastructure.
o Design a strategy for identifying computers that are not at the current patch level.
o Design a Software Update Services (SUS) infrastructure.
o Design Group Policy to deploy software updates.
Creating the Physical Design for Network Infrastructure Security
* Design network infrastructure security.
o Specify the required protocols for a firewall configuration.
o Design IP filtering.
o Design an IPSec policy.
o Secure a DNS implementation.
o Design security for data transmission.
* Design security for wireless networks.
o Design public and private wireless LANs.
o Design 802.1x authentication for wireless networks.
* Design user authentication for Internet Information Services (IIS).
o Design user authentication for a Web site by using certificates.
o Design user authentication for a Web site by using IIS authentication.
o Design user authentication for a Web site by using RADIUS for IIS authentication.
* Design security for Internet Information Services (IIS).
o Design security for Web sites that have different technical requirements by enabling only the minimum required services.
o Design a monitoring strategy for IIS.
o Design an IIS baseline that is based on business requirements.
o Design a content management strategy for updating an IIS server.
* Design security for communication between networks.
o Select protocols for VPN access.
o Design VPN connectivity.
o Design demand-dial routing between internal networks.
* Design security for communication with external organizations.
o Design an extranet infrastructure.
o Design a strategy for cross-certification of Certificate Services.
* Design security for servers that have specific roles. Roles include domain controller, network infrastructure server, file server, IIS server, terminal server, and POP3 mail server.
o Define a baseline security template for all systems.
o Create a plan to modify baseline security templates according to role.
Designing an Access Control Strategy for Data
* Design an access control strategy for directory services.
o Create a delegation strategy.
o Analyze auditing requirements.
o Design the appropriate group strategy for accessing resources.
o Design a permission structure for directory service objects.
* Design an access control strategy for files and folders.
o Design a strategy for the encryption and decryption of files and folders.
o Design a permission structure for files and folders.
o Design security for a backup and recovery strategy.
o Analyze auditing requirements.
* Design an access control strategy for the registry.
o Design a permission structure for registry objects.
o Analyze auditing requirements.
Creating the Physical Design for Client Infrastructure Security
* Design a client authentication strategy.
o Analyze authentication requirements.
o Establish account and password security requirements.
* Design a security strategy for client remote access.
o Design remote access policies.
o Design access to internal resources.
o Design an authentication provider and accounting strategy for remote network access by using Internet Authentication Service (IAS).
* Design a strategy for securing client computers. Considerations include desktop and portable computers.
o Design a strategy for hardening client operating systems.
o Design a strategy for restricting user access to operating system features.
Offline
Reply With Quote
Connect With Us