Clinic Outline

Module 1: Essentials of Security

This session provides information essential for the design and implementation of a more secure computing environment. The session covers important security concepts and discusses the need for establishing a process for security within an organization. Also included is an overview of Windows Server 2003 SP1 and Windows XP SP2 security features.

Lessons

• Business Case for Security
• Security Risk Management
• Defense in Depth
• Security Incident Response
• 10 Immutable Laws of Security
• Best Practices

Module 2: Implementing Security Update Management

This session provides security best practices and available tools and technologies to implement a security update management process and strategy within an organization. The session covers the update management lifecycle and demonstrates how tools such as Microsoft Baseline Security Analyzer and Windows Server Update Services can be used to quickly and effectively respond to published security bulletins and establish update compliance across an infrastructure.

Lessons

• Update Management Overview
• Update Management Process
• Update Management Tools

Module 3: Implementing Server Security on Windows 2000 and Windows Server 2003

This session provides prescriptive host hardening guidance for securing servers used in enterprise environments. The session discusses configuring the domain infrastructure through Active Directory and applying security templates to establish security baselines for domain controllers and member servers operating in various roles. The session also describes how to use the new security features included with Windows Server 2003 SP1.

Lessons

• Introduction to Securing Servers
• Core Server Security
• Active Directory Security
• Hardening Member Servers
• Hardening Domain Controllers
• Hardening Servers for Specific Roles
• Hardening Stand-Alone Servers

Module 4: Implementing Client Security on Windows 2000 and Windows XP

This session describes the requirements for securing client computers in environments where Windows servers are present. The session covers the use of Group Policy and Administrative Templates to secure Windows 2000 and Windows XP installations and provides guidance on software restriction policies, antivirus strategies, and firewall technologies including new firewall features in Windows XP SP2. This session also covers configuring Microsoft Office products and Internet Explorer to help achieve a more secure client environment.

Lessons

• Core Client Security
• Defense Against Malicious Software
• Client Firewalls
• Securing Clients with Active Directory
• Using Group Policy to Secure Clients
• Securing Applications
• Local Group Policy Settings for Stand-Alone Clients