Implementation and administration of safety in a Microsoft Windows network

General information Code: MS2304 Duration: 5 days Price: 2 200 € HT Public concerned This course is intended to the system administrator or to the systems engineer who has basic knowledge to deploy protected solutions founded on Microsoft Windows Server 2003. This course is not conceived to provide skills in design of architecture but it reaches a sufficient level to make it possible to make decisions in the process of implementation. Prérequis To follow this course, the trainees must have: follow-up the course Run 2810 or to have equivalent knowledge; a certain experiment in the implementation of an environment Activates Directory® Windows 2000 or Windows Server 2003; to have followed course MS2182 or to have first experience with entrepreneurial resources like Web servers, ftp and Exchange, shared resources and services network like DHCP, DNS and WINS. Means Support of course offciel in French 1 PC by anybody	Objectives At the end of this course, the trainees will be capable to carry out the following tasks: to determine the structure of group necessary for an environment for several fields or several forests; to create relations of approval in an environment Microsoft Windows Server 2003; to plan, implement and to maintain a strategy of authorization and authentification in an organization with several forests; to install an authority of certification; to create and diffuse lists of revocation of certificates and accesses to information of the authority; to safeguard and restore an authority of certification; to configure models DER certificates; to deploy and revoke models of certificates; to manage the models of certificates; to implement EFS in an environment insulated Microsoft Windows XP® ; to plan and implement EFS in a field which uses an infrastructure with public key; to implement the file sharing EFS; to solve the problems related to EFS; to plan the safety of the transmission of the data; to implement methods of data transmission protected; to solve errors of data transmission; to plan a protected infrastructure WLAN (wide area network); to solve the problems and components WLAN; to install ISA Server 2000; to make safe a sub-network with ISA Server 2000; to publish waiters; to plan a strategy of remote access; to implement and to configure a waiter of VPN (virtual private network); to deploy components of control of forty for the access to the network; to plan the elementary safety of a waiter member; to configure additional components of safety; to deploy models of safety; to plan and configure elementary safety for a role of waiter; to plan, implement and repair an infrastructure with smart cards; to plan the elementary safety of a computer customer; to configure and deploy the elementary safety of a computer customer; to plan and implement a strategy of software restriction. This course prepares with certification MCP 70-299
	Modulate 1 Planning and configuration of a strategy of authorization and authentification This module explains how to evaluate the infrastructure of your organization, to create and document a plan of authentification and authorization which will make it possible to reach the level of suitable access for the various entities of safety. It also describes the relations of approval, the functional levels of the forest and the field and the principles of basic safety. At the end of this module, the trainees will be capable to carry out the following tasks: to determine the structure of group necessary for an environment for several fields or several forests; - to create approvals in an environment Microsoft Windows Server 2003; - to plan, implement and manage a strategy of authorization and authentification in an organization with several forests; - to describe the components, tools and protocols which deal with the authorization and the authentification; - to plan and implement a strategy of authorization and authentification in an organization with several forests; - to describe the strategies of additional authorization and authentification. Modulate 2 Installation, configuration and management of the Authorities of certification This module describes the guiding principles of the systems which enable you to make safe the communications. It describes the methods, such as the infrastructure with public key, which enable you to communicate on the networks in full safety. At the end of this module, the trainees will be capable to carry out the following tasks: - to describe an infrastructure with public key; - to describe the applications and the components which are used in an infrastructure with public key; - to install an Authority of certification; - to create and publish points of distribution of the list of revocation of certificates and access to information of the Authority; - to safeguard and restore an Authority of certification. Modulate 3 Configuration, deployment and management of certificates This module explains how to make sure that the certificates are emitted in the suitable entities of safety and a required aim. It describes in particular how the end-users can carry out easily and quickly the deployment of certificates. At the end of this module, the trainees will be capable to carry out the following tasks: - to configure models of certificates in an environment PKI Microsoft Windows Server 2003; - to deploy, register and revoke certificates in an environment PKI Windows Server 2003; - to describe the applications and the components which are used in an infrastructure with public key; - to export, import and file certificates and keys in an environment PKI Windows Server 2003. Modulate 4 Planning, implementation and resolution of the problems of certificates of smart cards This module explains how to deploy, manage and configure certificates and models of certificates in an environment of infrastructure to public key (PKI). At the end of this module, the trainees will be capable to carry out the following tasks: - to include/understand the concepts and the applications of the multifactorielle authentification; - to plan and implement an infrastructure of smart cards; - to manage and repair an infrastructure of smart cards. Modulate 5 Planning, implementation and resolution of the problems of the filing system EFS (Encrypting Spins System) This module describes how to plan and implement a filing system EFS (Encrypting File System), and to solve the problems which are attached to it. At the end of this module, the trainees will be capable to carry out the following tasks: - to describe the filing system EFS and to explain its operation; - to implement system EFS in an autonomous Microsoft Windows XP environment; - to plan and implement system EFS in an environment of field which uses an infrastructure with public key (PKI); - to implement the file sharing EFS; - to solve the problems related to system EFS. Modulate 6 Planning, configuration and deployment of a protected base of waiters members The safety of a network depends on the configuration of the safety of the waiters which make it up. Any violation of the safety of only one waiter can compromise the safety of the whole of the computers of the network and, consequently, the safety of the network itself. In this module, the trainees will learn how to create bases made safe for the waiters. At the end of this module, the trainees will be capable to carry out the following tasks: - to describe the importance of the bases of safety and the bases of waiters members; - to plan a protected base of waiters members; - to configure additional parameters of safety; - to deploy models of safety.	Modulate 7 Planning, configuration and implementation of bases made safe for the roles of the waiters In this module, the trainees will learn how to create bases made safe for the various roles of the waiters. At the end of this module, the trainees will be capable to carry out the following tasks: - to plan and configure a base made safe for the controllers of field; - to plan and configure a base made safe for waiters DNS (Domain Name System); - to plan and configure a base made safe for the waiters of infrastructure; - to plan a base made safe for the impression and file servers; - to plan and configure a base made safe for waiters IIS (Internet Information Services). Modulate 8 Planning, configuration, implementation and deployment of a protected base of computers customers In this module, the trainees will learn how to create bases made safe for the computers customers. At the end of this module, the trainees will be capable to carry out the following tasks: - to plan a protected base of computers customers; - to configure and deploy a base of computers customers; - to plan and implement a strategy of software restriction on the computers customers; - to implement safety on the portable computers. Modulate 9 Planning and implementation of the KNOWN services (Software Update Services) In this module, the trainees will learn how to plan and implement strategies of management of the updates on the computers. At the end of this module, the trainees will be capable to carry out the following tasks: to describe the need for the management of the updates and the tools with - their provision to implement strategies of management of the updates; - to plan a strategy of management of the updates; - to implement an infrastructure KNOWN. Modulate 10 Planning, deployment and resolution of the problems related to the safety of the data transmissions This module provides to the trainees information necessary to plan the safety of the data transmissions and to solve the problems which are dependent there. At the end of this module, the trainees will be capable to carry out the following tasks: - to describe the various methods of security of the data transmissions; - to describe the objective and the operation of the IPSec protocol; - to plan the safety of the data transmissions; - to implement protected methods of data transmission; - to solve the errors of data transmission. Modulate 11 Planning and implementation of safety on networks without wire The technology used on a network without wire makes it possible several peripherals to communicate by means of protocols standard network and of electromagnetic waves (and not of cables network) in order to transmit signals on all or a part of the routing. This module describes how to plan and implement the safety of the networks without wire. At the end of this module, the trainees will be capable to carry out the following tasks: - to describe the components and the functionalities of a protected network WLAN and an infrastructure without wire; - to describe the authentification 802.1x and its operation; - to plan a protected infrastructure WLAN; - to implement a protected infrastructure WLAN; - to solve the problems related on the components and errors WLAN. Modulate 12 Planning and implementation of the safety of perimeter using Internet Security and Acceleration Server 2000 In the current organizations, the networks are very often inter-connected: the various networks within an organization connect the ones to the others, and the corporate networks are connected to Internet. Although this situation offers new opportunities for the company, it can also cause concerns in terms of safety, performance and facility of administration. At the end of this module, the trainees will be capable to carry out the following tasks: - to describe the advantages, the modes and the versions of ISA Server; - to install ISA Server 2000; - to make safe a screened subnetwork with ISA Server 2000; - to publish waiters. Modulate 13 Security of the remote access The remote access makes it possible to the customers of remote access to reach the corporate networks as if they were directly connected to the latter. The customers of remote access connect themselves to the network by using connections of remote communication. The safety of a network is compromised if unauthorized distant users manage to reach resources of the Intranet. So that the design of access security network is effective, it must validate the identity of the customers who try to reach the resources network of the organization and to make so that the access to specific resources is correctly restricted. At the end of this module, the trainees will be capable to carry out the following tasks: - to describe the various technologies used for the remote access and the threats associated with this last; - to plan a strategy of remote access; - to implement and configure a virtual private network server (VPN); - to deploy the components of the Control of forty for the access network