Designing Microsoft Windows 2000 Network Security
793 pages, parution le 01/04/2001
Résumé
This official MCSE TRAINING KIT teaches IT
professionals how to design network security solutions in
Windows 2000 as they prepare for MCP Exam 70-220, a core
elective on the new Windows 2000 MCSE track. The kit
balances conceptual information with practical application:
students learn through an integrated system of
skill-building tutorials, case study examples, and
self-assessment tools. Topics map directly to the
objectives measured by the MCP exam, including analyzing
business requirements for security; evaluating the
technical environment; analyzing security requirements;
planning a Windows 2000 network security solution;
designing secure access between networks; and designing
security for communications channels. Business scenario
examples help students apply the concepts they learn to
real-world work situations. An economical alternative to
classroom instruction, this MCSE TRAINING KIT
enables students to set their own pace and learn by doing!
Contents
| About This Book | xxix |
| Intended Audience | xxx |
| Prerequisites | xxx |
| Reference Materials | xxxi |
| About the Supplemental Course Materials CD-ROM | xxxi |
| Features of This Book | xxxii |
| Notes | xxxii |
| Conventions | xxxii |
| Chapter and Appendix Overview | xxxiii |
| Finding the Best Starting Point for You | xxxvi |
| Where to Find Specific Skills in This Book | xxxvi |
| Getting Started | xl |
| Hardware Requirements | xl |
| Software Requirements | xl |
| Setup Instructions | xli |
| About the Online Book | xlviii |
| Sample Readiness Review Questions | xlviii |
| The Microsoft Certified Professional Program | xlix |
| Microsoft Certification Benefits | xlix |
| Requirements for Becoming a Microsoft Certified Professional | li |
| Technical Training for Computer Professionals | lii |
| Technical Support | liv |
| CHAPTER 1Introduction to Microsoft Windows 2000 Security | 1 |
| About This Chapter | 1 |
| Before You Begin | 1 |
| Chapter Scenario: Lucerne Publishing | 2 |
| Current Network | 2 |
| Account Management | 2 |
| Expansion Plans | 3 |
| Online Ordering | 3 |
| Security Issues | 3 |
| Lesson 1: Microsoft Windows 2000 Security Services Overview | 4 |
| Security Subsystem Components | 5 |
| LSA Functionality | 7 |
| Windows 2000 Security Protocols | 8 |
| The Security Support Provider Interface (SSPI) | 9 |
| Lesson Summary | 9 |
| Lesson 2: Designing Security Business Requirements | 10 |
| Determining Business Requirements | 10 |
| Making the Decision | 12 |
| Applying the Decision | 13 |
| Lesson Summary | 14 |
| Lesson 3: Designing Security to Meet Technical Requirements | 15 |
| Determining Technical Requirements | 15 |
| Making the Decision | 16 |
| Applying the Decision | 17 |
| Lesson Summary | 19 |
| Review | 20 |
| CHAPTER 2Designing Active Directory for Security | 21 |
| About This Chapter | 21 |
| Before You Begin | 22 |
| Chapter Scenario: Wide World Importers | 23 |
| The Existing Network | 23 |
| User Account Management | 23 |
| Application Support | 23 |
| Client Desktops | 24 |
| Lesson 1: Designing Your Forest Structure | 25 |
| Active Directory Design Basics | 25 |
| Deploying a Single Forest | 26 |
| Making the Decision | 27 |
| Applying the Decision | 28 |
| Deploying Multiple Forests | 28 |
| Making the Decision | 30 |
| Applying the Decision | 31 |
| Lesson Summary | 32 |
| Lesson 2: Designing Your Domain Structure | 33 |
| Deploying a Single Domain | 33 |
| Making the Decision | 33 |
| Applying the Decision | 34 |
| Deploying Multiple Domains | 34 |
| Understanding Account Policies | 34 |
| Making the Decision | 37 |
| Applying the Decision | 38 |
| Lesson Summary | 39 |
| Lesson 3: Designing an OU Structure | 40 |
| Planning for Delegation of Administration | 40 |
| Delegating Control to an Organizational Unit | 40 |
| Making the Decision | 42 |
| Applying the Decision | 44 |
| Planning for Group Policy Deployment | 45 |
| Making the Decision | 49 |
| Applying the Decision | 49 |
| Lesson Summary | 51 |
| Lesson 4: Designing an Audit Strategy | 52 |
| Configuring Audit Settings | 52 |
| Making the Decision | 53 |
| Applying the Decision | 54 |
| Lesson Summary | 55 |
| Activity: Designing an Audit Strategy | 56 |
| Lab 2-1: Designing Active Directory for Security | 57 |
| Lab Objectives | 57 |
| About This Lab | 57 |
| Before You Begin | 57 |
| Scenario: Contoso Ltd. | 57 |
| Exercise 1: Determining the Number of Forests | 59 |
| Exercise 2: Determining the Number of Domains | 60 |
| Exercise 3: Designing an OU Structure | 60 |
| Review | 62 |
| CHAPTER 3Designing Authentication for a Microsoft Windows 2000 Network | 63 |
| About This Chapter | 63 |
| Before You Begin | 64 |
| Chapter Scenario: Market Florist | 65 |
| The Existing Network | 65 |
| Market Florist Active Directory Design | 66 |
| Market Florist Server Configuration | 66 |
| Lesson 1: Designing Authentication in a Microsoft Windows 2000 Network | 68 |
| Determining Business and Technical Requirements | 68 |
| Lesson Summary | 69 |
| Lesson 2: Designing Kerberos Authentication | 70 |
| Designing Kerberos Authentication | 71 |
| Understanding the Kerberos Message Exchanges | 72 |
| Analyzing Kerberos Authentication | 73 |
| Initial Authentication with the Network | 73 |
| Network Authentication | 76 |
| Smart Card Authentication | 77 |
| Multiple Domain Authentication | 79 |
| Delegation | 80 |
| Making the Decision | 82 |
| Applying the Decision | 83 |
| Lesson Summary | 84 |
| Lesson 3: NTLM Authentication | 85 |
| Designing NTML Authentication | 85 |
| Making the Decision | 86 |
| Applying the Decision | 87 |
| Lesson Summary | 87 |
| Lesson 4: Authenticating Down-Level Clients | 88 |
| Analyzing Standard Authentication | 88 |
| Analyzing the Directory Services Client | 89 |
| Making the Decision | 92 |
| Applying the Decision | 92 |
| Lesson Summary | 93 |
| Lesson 5: Planning Server Placement for Authentication | 94 |
| Determining Server Placement for Authentication | 94 |
| Planning DNS Server Placement | 94 |
| Making the Decision | 95 |
| Applying the Decision | 95 |
| Planning DC Placement | 97 |
| Making the Decision | 97 |
| Applying the Decision | 97 |
| Planning Global Catalog Server Placement | 97 |
| Making the Decision | 98 |
| Applying the Decision | 99 |
| Planning PDC Emulator Placement | 99 |
| Making the Decision | 99 |
| Applying the Decision | 100 |
| Lesson Summary | 100 |
| Activity: Analyzing Authentication Network Infrastructure | 101 |
| Lab 3-1: Designing Authentication for the Network | 102 |
| Lab Objectives | 102 |
| About This Lab | 102 |
| Before You Begin | 102 |
| Scenario: Contoso Ltd. | 102 |
| Exercise 1: Designing Windows 2000 Client Authentication | 104 |
| Exercise 2: Designing Down-Level Client Authentication | 105 |
| Review | 106 |
| CHAPTER 4Planning a Microsoft Windows 2000 Administrative Structure | 107 |
| About This Chapter | 107 |
| Before You Begin | 107 |
| Chapter Scenario: Hanson Brothers | 108 |
| The Existing Network | 108 |
| Hanson Brothers' Active Directory Design | 109 |
| Hanson Brothers' Administrative Needs | 109 |
| The Central Administration Team | 110 |
| Hanson Brothers' Current Issues | 110 |
| Lesson 1: Planning Administrative Group Membership | 111 |
| Designing Default Administrative Group Membership | 111 |
| The Default Windows 2000 Administrative Groups | 111 |
| Assessing Administrative Group Membership Design | 114 |
| Making the Decision | 116 |
| Applying the Decision | 117 |
| Designing Custom Administrative Groups | 118 |
| Determining When to Create Custom Groups | 119 |
| Making the Decision | 120 |
| Applying the Decision | 121 |
| Lesson Summary | 122 |
| Lesson 2: Securing Administrative Access to the Network | 123 |
| Designing Secure Administrative Access | 123 |
| Making the Decision | 124 |
| Applying the Decision | 125 |
| Designing Secondary Access | 126 |
| Understanding the RunAs Service | 127 |
| Making the Decision | 129 |
| Applying the Decision | 129 |
| Designing Telnet Administration | 129 |
| Making the Decision | 130 |
| Applying the Decision | 130 |
| Designing Terminal Services Administration | 131 |
| Assessing Terminal Services Administration | 131 |
| Making the Decision | 132 |
| Applying the Decision | 132 |
| Lesson Summary | 133 |
| Activity: Administering the Network | 134 |
| Lab 4-1: Designing Administration for a Microsoft Windows 2000 Network | 136 |
| Lab Objectives | 136 |
| About This Lab | 136 |
| Before You Begin | 136 |
| Scenario: Contoso Ltd. | 136 |
| Exercise 1: Designing Preexisting Administration Groups | 138 |
| Exercise 2: Designing Administrative Access | 140 |
| Review | 142 |
| CHAPTER 5Designing Group Security | 143 |
| About This Chapter | 143 |
| Before You Begin | 143 |
| Chapter Scenario: Hanson Brothers | 144 |
| The Microsoft Exchange 2000 Server Deployment | 144 |
| Deployment of Microsoft Outlook 2000 | 144 |
| User Rights Requirements | 145 |
| Lesson 1: Designing Microsoft Windows 2000 Security Groups | 146 |
| Windows 2000 Groups | 146 |
| Assessing Group Usage | 149 |
| Making the Decision | 152 |
| Applying the Decision | 152 |
| Lesson Summary | 154 |
| Activity: Reviewing Group Memberships | 155 |
| Lesson 2: Designing User Rights | 158 |
| Defining User Rights with Group Policy | 158 |
| User Rights Within Windows 2000 | 158 |
| Assessing Where to Apply User Rights | 162 |
| Making the Decision | 163 |
| Applying the Decision | 164 |
| Lesson Summary | 165 |
| Lab 5-1: Designing Security Groups and User Rights | 166 |
| Lab Objectives | 166 |
| About This Lab | 166 |
| Before You Begin | 166 |
| Scenario: Contoso Ltd. | 166 |
| The Human Resources Application | 166 |
| Exercise 1: Designing Security Groups | 168 |
| Exercise 2: Designing User Rights | 170 |
| Review | 171 |
| CHAPTER 6Securing File Resources | 173 |
| About This Chapter | 173 |
| Before You Begin | 173 |
| Chapter Scenario: Wide World Importers | 174 |
| Planning Security for Software Deployment | 174 |
| Print Security | 176 |
| Planning for Protection of Confidential Data | 176 |
| Lesson 1: Securing Access to File Resources | 177 |
| Designing Share Security | 177 |
| Configuring Share Permissions | 177 |
| Making the Decision | 179 |
| Applying the Decision | 180 |
| Planning NTFS Security | 180 |
| Changes in the Windows 2000 NTFS File System | 181 |
| Assessing NTFS Permissions | 181 |
| Making the Decision | 183 |
| Applying the Decision | 184 |
| Combining Share and NTFS Security | 185 |
| Making the Decision | 187 |
| Applying the Decision | 188 |
| Lesson Summary | 188 |
| Activity: Evaluating Permissions | 189 |
| Lesson 2: Securing Access to Print Resources | 191 |
| Assessing Printer Security | 191 |
| Making the Decision | 192 |
| Applying the Decision | 193 |
| Lesson Summary | 193 |
| Lesson 3: Planning EFS Security | 194 |
| Overview of the EFS Process | 194 |
| Designating an EFS Recovery Agent | 197 |
| The Initial EFS Recovery Agent | 197 |
| Configuring a Custom EFS Recovery Agent | 198 |
| Configuring an Empty Encrypted Data Recovery Agent Policy | 199 |
| Making the Decision | 199 |
| Applying the Decision | 200 |
| Recovering Encrypted Files | 200 |
| Assessing Recovery of Encrypted Files | 200 |
| Making the Decision | 202 |
| Applying the Decision | 202 |
| Lesson Summary | 202 |
| Lab 6-1: Securing File and Print Resources | 203 |
| Lab Objectives | 203 |
| About This Lab | 203 |
| Before You Begin | 203 |
| Scenario: Contoso Ltd. | 203 |
| Exercise 1: Planning File Security | 206 |
| Exercise 2: Planning Print Security | 207 |
| Exercise 3: Planning EFS for Laptops | 208 |
| Review | 210 |
| CHAPTER 7Designing Group Policy | 211 |
| About This Chapter | 211 |
| Before You Begin | 211 |
| Chapter Scenario: Wide World Importers | 212 |
| Proposed OU Structure | 212 |
| Existing Site Definitions | 213 |
| Application Installation Requirements | 213 |
| Engineering Requirements | 213 |
| The New Employee | 214 |
| Lesson 1: Planning Deployment of Group Policy | 215 |
| Group Policy Overview | 215 |
| Planning Group Policy Inheritance | 215 |
| Assessing Group Policy Application | 217 |
| Block Policy Inheritance | 218 |
| Configuring No Override | 219 |
| Making the Decision | 219 |
| Applying the Decision | 220 |
| Filtering Group Policy by Using Security Groups | 221 |
| Making the Decision | 223 |
| Applying the Decision | 224 |
| Lesson Summary | 224 |
| Lesson 2: Troubleshooting Group Policy | 225 |
| Assessing Group Policy Troubleshooting | 225 |
| Making the Decision | 227 |
| Applying the Decision | 228 |
| Lesson Summary | 228 |
| Activity: Troubleshooting Group Policy Application | 229 |
| Lab 7-1: Planning Group Policy Deployment | 230 |
| Lab Objectives | 230 |
| About This Lab | 230 |
| Before You Begin | 230 |
| Scenario: Contoso Ltd. | 230 |
| Exercise 1: Applying Group Policy | 233 |
| Exercise 2: Designing Group Policy Filtering | 233 |
| Exercise 3: Troubleshooting Group Policy Application | 234 |
| Review | 237 |
L'auteur - Microsoft Corporation
The Microsoft Windows Server 2003 team designs, builds, tests, documents and supports Microsoft Windows server products and solutions.
Caractéristiques techniques
| PAPIER | |
| Éditeur(s) | Microsoft Press |
| Auteur(s) | Microsoft Corporation |
| Parution | 01/04/2001 |
| Nb. de pages | 793 |
| Format | 19 x 23,5 |
| Couverture | Relié |
| Poids | 1475g |
| Intérieur | Noir et Blanc |
| EAN13 | 9780735611344 |
| ISBN13 | 978-0-7356-1134-4 |
Avantages Eyrolles.com
Livraison à partir de 0,01 € en France métropolitaine
Paiement en ligne SÉCURISÉ
Livraison dans le monde
Retour sous 15 jours
+ d'un million et demi de livres disponibles
Consultez aussi
- Les meilleures ventes en Graphisme & Photo
- Les meilleures ventes en Informatique
- Les meilleures ventes en Construction
- Les meilleures ventes en Entreprise & Droit
- Les meilleures ventes en Sciences
- Les meilleures ventes en Littérature
- Les meilleures ventes en Arts & Loisirs
- Les meilleures ventes en Vie pratique
- Les meilleures ventes en Voyage et Tourisme
- Les meilleures ventes en BD et Jeunesse
