Target Audience

This course is intended for IT systems engineers and security specialists who are responsible for establishing security policies and procedures for an organization. Students should have one to three years of experience designing related business solutions.

Prerequisites

Before attending this course, students must have:

·      A strong familiarity with Microsoft Windows® 2000 core technologies, such as those covered in Course 2152: Implementing Microsoft Windows 2000 Professional and Server.

·      A strong familiarity with Windows 2000 networking technologies and implementation, such as those covered in Course 2153: Implementing a Microsoft Windows 2000 Network Infrastructure.

·      A strong familiarity with Windows 2000 directory services technologies and implementation, such as those covered in Course 2154: Implementing and Administering Microsoft Windows 2000 Directory Services.

Module 1: Introduction to Designing Security

This module describes the basic framework for designing network security and introduces key concepts used throughout the course. It also introduces an ongoing case study that is utilized in the labs.

Module 2: Creating a Plan for Network Security

This module discusses the importance of security policies and procedures in a security design. It also explains how a security design team must include representation from various members of your organization. After completing this module, you will be able use a framework for designing security and create a security design team.

Module 3: Identifying Threats to Network Security

This module explains how to identify likely threats to a network and explains attacker motivations. After completing this module, you will be able to explain common threats and predict threats by using a threat model.

Module 4: Analyzing Security Risks

This module explains how to determine what resources in an organization require protection and how to categorize them in order to assign an appropriate level of protection. After completing this module, you will be able to apply a framework for planning risk management.

Module 5: Creating a Security Design for Physical Resources

This module describes threats and risks to physical resources in an organization, as well as how to secure facilities, computers, and hardware. After completing this module, you will be able to design security for physical resources.

Module 6: Creating a Security Design for Computers

This module explains how to determine threats and analyze risks to computers on your network. After completing this module, you will be able to design security for computers.

Module 7: Creating a Security Design for Accounts

This module describes the threats and risks to accounts in an organization. After completing this module, you will be able to design security for accounts.

Module 8: Creating a Security Design for Authentication

This module describes threats and risks to authentication. After completing this module, you will be able to design security for authentication.

Module 9: Creating a Security Design for Data

This module examines threats and risks to data. After completing this module, you will be able to design security for data.

Module 10: Creating a Security Design for Data Transmission

This module discusses threats and risks to data transmission. After completing this module, you will be able to design security for data transmission.

Module 11: Creating a Security Design for Network Perimeters

This module describes threats to the points where your network connects to other networks, such as the Internet. After completing this module, you will be able to design security for network perimeters.

Module 12: Designing Responses to Security Incidents

This module provides information about auditing and creating procedures to direct how you respond to security incidents. After completing this module, you will be able to design an audit policy and an incident response procedure.