70-293_FORE.QXD 9/10/03 6

255_ - MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 1 PPTX
MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 1 PPTX

255_70-293_Fore.qxd 9/10/03 6:55 PM Page xlviii

xlviii

Foreword

on your network, taking into consideration organizational needs and security levels,and help you determine the appropriate authentication methods.You’ll learn aboutmanaging IPSec and we’ll walk you through the process of using the IPSec MMCsnap-in as well as the command line tools.We’ll discuss the role of IPSec policies,including default and custom policies, and we’ll show you how to assign and applypolicies.We’ll also talk about IPSec security considerations and issues, including theuse of a strong encryption algorithm (3DES), authentication methods, firewallpacket filtering, unprotected traffic, Diffie-Hellman groups and the use of pre-shared keys.We’ll show you how to use RSoP and the RSoP MMC snap-in toview policy assignments and to simulate policy assignments for deployment plan-ning.

Planning, implementing and maintaining a security framework We lookat several aspects of creating an effective security framework for your organization’snetwork. First, we look at how to plan and implement Active Directory security.This includes such measures as physically securing domain controllers, securing theschema, managing cross-forest security relationships, account security and imple-menting Active Directory access controls. Next, we discuss the issues and proce-dures involved in planning and implementing wireless security.We’ll provide anoverview of the terminology and concepts relating to 802.11 wireless technologiesand you’ll learn about authenticators and supplicants, as well as how wireless net-working works “under the hood.”We’ll discuss authentication methods for wirelessnetworks, including such authentication subtypes as open system and shared key.You’ll learn about the protocols generally used for wireless authentication,including the Extensible Authentication Protocol (EAP), EAP-Transport LayerSecurity (EAP-TLS), EAP-MS-CHAPv2, and the Protected ExtensibleAuthentication Protocol (PEAP).We’ll also talk about using IAS with wireless.We’ll address wireless security issues such as common insecure default settings(administrative password, SSID, and WEP settings) and the weaknesses of WiredEquivalent Privacy protocol (WEP) encryption, as well as how WEP can be mademore secure. Next, we’ll move on to discuss security monitoring, and we’ll addressobject based access control and security policies, including password policies,Kerberos policies, account lockout policies, user rights and the use of security tem-plates.We’ll also talk about security auditing, and you’ll learn to set the auditingpolicy, modify the security log settings and audit objects such as files or folders. Inthe next section, you’ll learn about planning a Change and ConfigurationManagement framework.We’ll walk you through the steps of using the SecurityConfiguration Manager tool as well as command line tools included with WindowsServer 2003.We’ll also discuss Security Analysis and Configuration best practices.Finally, we take you through the process of planning a security update infrastruc-ture.You’ll understand the importance of regular security updates and you’ll learnhttps://traloihay.net