M2812 – Applying Microsoft Security Guidance II

Enquire/Book this course

  • This field is for validation purposes and should be left unchanged.
Print this page
  • Code: M2812
  • Duration: Days 1
  • Price per delegate: £250.00 +VAT

Trained over 60000 delegates

Course delivered by industry expert instructors

Highly competitive pricing



Course Description

This one-day instructor-led hands-on lab allows students to apply information and guidance that can help in implementing and managing security in a network based on Microsoft Windows and that includes Microsoft Exchange Server, Microsoft Internet Security and Acceleration (ISA) Server 2004 or Microsoft Identity Integration Server 2003.

Target Student: Attendees will be current IT professionals with experience using Microsoft Windows 2000 Server or Microsoft Windows Server 2003 and with knowledge of security concepts including firewalls, virtual private networks, encryption, and identity management. The students will be in an environment where they are responsible for aspects of security management and deployment associated with their internal network infrastructure and Internet or intranet services.

Prerequisites: The target audience must have good baseline IT skills, because the concepts presented in these labs will build on their current experience.
Delivery Method: Instructor led, group-paced, classroom-delivery learning model with structured hands-on activities.
Performance-Based Objectives
After completing this module, students will be able to:
  • Implement secure access to Internet resources.
  • Implement secure Internet client access to an organization™s internal servers.
  • Implement secure VPN access to an organization™s internal network.
  • Monitor ISA Server 2004.
  • Analyze an Exchange server by using the Microsoft Baseline Security Analyzer (MBSA) and Exchange Best Practices Analyzer, and update the security configuration based on the analysis.
  • Configure Exchange Server to secure SMTP messages by using Secure Sockets Layer/Transport Layer Security (SSL/TLS).
  • Configure Exchange Server 2003 to reduce the amount of unwanted e-mail by using Real Time Block List.
  • Implement Exchange Intelligent Message Filter.
  • Implement certificate authentication on an OWA Web site.
  • Configure ISA Server to secure client connections to Exchange Server.
  • Configure ISA Server to secure SMTP messages.
  • Encrypt communication between network clients by using IPSec.
  • Configure MIIS 2003 to provide identity integration and provisioning.
  • Implement identity integration by using MIIS.
  • Implement user account provisioning with MIIS.
  • Implement identity changes and deprovisioning by using MIIS.
  • Manage passwords by using MIIS.

Course Content
Exercise 1: Securing the Perimeter Using ISA Server 2004
In this lab, you will implement secure access to Internet resources, implement secure Internet client access to an organization™s internal servers, implement secure virtual private network (VPN) access to an organization™s internal network, and monitor Microsoft Internet Security and Acceleration (ISA) Server 2004.
Lab : Implementing Internet Access with ISA Server 2004
  • Create a new access rule
  • Test for connectivity under a new access rule
  • Create a new Computer Set rule element
  • Deny access to restricted computers
Lab : Implementing Web Publishing with ISA Server 2004
  • Create a new Web listener
  • Test the configuration of a new Web listener
  • Configure link translation
Lab : Implementing VPN Client Access on ISA Server 2004
  • Enable VPN client access
  • Configure VPN connection settings
  • Configure user account settings to allow remote access
  • Create an access rule to allow VPN connections
Lab : Monitoring ISA Server 2004
  • Examine alert definitions
  • Create a connectivity verifier
  • Start a new online mode log query
  • Create a filter definition for online mode logging
Exercise 2: Exchange Server Security
In this lab, you will use the tools and obtain the skills needed to analyze a Microsoft Exchange Server 2003 infrastructure and to configure it to be as secure as possible. This lab also shows how to increase the security of e-mail that flows through an organization™s Exchange servers and to other Simple Mail Transfer Protocol (SMTP) servers. Also, this lab shows how to configure Exchange Server 2003 to reduce the amount of unwanted e-mail.
Lab : Analyzing and Configuring Exchange Server Security
  • Examine Exchange Server security using MBSA
  • Examine Exchange Server security using Best Practices Analyzer Tool
  • Disable SMTP relaying
  • Disable Network News Transfer Protocol (NNTP) and Microsoft Exchange MTA Stacks service
Lab : Securing SMTP Messages with SSL/TLS
  • View captured network packets by using Network Monitor
  • Create a new SMTP virtual server to support SSL and TLS
  • Configure the POP3 virtual server to require SSL
  • Configure an SMTP connector
  • Configure the default SMTP virtual server by using Internet Information Services (IIS) Manager
Lab : Implementing Real-Time Block List Support
  • Configure the Domain Name System to simulate a Real-Time Block List (RBL) provider
  • Add a new RBL provider
  • Enable the SMTP connection filter
Lab : Implementing Exchange Server Intelligent Message Filter
  • Set minimum Intelligent Message Filter (IMF) blocking standards
  • Configure Performance Monitor to identify Spam Confidence Level (SCL) ratings
  • Configure the IMF SCL threshold
  • Configure the IMF Gateway Blocking Configuration threshold
Exercise 3: Securing Exchange Server Using ISA Server 2004 and IPSec
In this lab, you will implement certificate authentication on an Outlook Web Access (OWA) Web site, configure ISA Server to secure client connections to Exchange Server, configure ISA Server to secure SMTP messages, and encrypt communication between network clients by using Internet Protocol Security (IPSec).
Lab : Implementing Certificate Authentication for OWA
  • Configure IIS to require SSL on virtual directories
  • Create a new URL set
  • Request a certificate
  • Configure a Web listener to accept client certificates
  • Create an OWA mail server publishing rule
Lab : Configuring ISA Server to Secure Client Access to Exchange Server
  • Create a mail server publishing rule
  • Install the RPC over HTTP proxy network service
  • Configure the RPC virtual directory
  • Configure an RPC back-end server
  • Configure the SSL Web listener
  • Create a secure Web publishing rule
  • Configure Outlook to use RPC over HTTP
Lab : Implementing SMTP Message Security
  • Configure the SMTP firewall policy
  • Configure the SMTP message screener
  • Configure the Exchange IMF
  • Verify that ICF is blocking access to TCP ports
  • Use Group Policy to enable ICF
Lab : Implementing IPSec to Secure Network Traffic
  • Configure a Microsoft Active Directory Organizational Unit (OU) to request IP security
  • Configure client computers to respond to IPSec requests
  • View IPSec Active Policy details by using the IP Security Monitor
Exercise 4: Identity and Access Management
In this lab, you will configure Microsoft Identity Integration Server (MIIS) to provide identity management, implement identity integration by using MIIS, implement user account provisioning and deprovisioning with MIIS, understand how changes are propagated throughout the MIIS structure, and, if time permits, manage passwords by using MIIS.
Lab : Configuring MIIS to Provide Identity Integration and Provisioning
  • Create a management agent by using Identity Manager
  • Create direct import attribute flow mappings
  • Create advanced attribute mappings
  • Import a management agent to connect Active Directory to the MIIS Connector space
  • Configure a Full Import run profile
  • Configure a Delta Synchronization run profile
  • Configure an Export run profile
  • Configure a Metaverse object deletion rule
Lab : Implementing Identity Integration Using MIIS
  • Stage objects from Microsoft SQL Server database into MIIS connector space
  • Investigate staged operations using Search Connector Space and Preview
  • Project user objects from connector space to the Metaverse
  • Verify attribute sources using Metaverse Search
Lab : Enabling Provisioning with MIIS
  • Configure extensions to enable Metaverse rules extension
  • Provision accounts into the Active Directory connector space
Lab : Implementing Identity Changes and Deprovisioning Using MIIS
  • Implement Run profiles to synchronize modifications with the Metaverse
  • Implement Run profiles to synchronize modifications with Active Directory
Lab : Managing Passwords Using MIIS 2003
  • Import a management agent to connect to an extranet domain
  • Execute the Full Import and Synchronization run profiles
  • Configure MIIS management agents for password management