Information Technologies

Securing Windows Infrastructure

hours

24

language

English

Target Audience

Passionate IT Professionals, including:

  • Information Security Professionals
  • Government Agents
  • IT Administrators
  • IT Architects
  • Risk Assessment Professionals
  • Penetration Testers

prerequisites

  • An understanding of infrastructure management
  • It’s recommended that students have MCTS certification on server or client technologies

Topics Covered

  • Windows Kernel role
  • Kernel functionality
  • Kernel debugging (useful techniques)
  • Kernel security mechanisms and their practical implementation
  • Lab: Kernel digging
  • Securing operating system objects
  • Influencing the security of processes & threads
  • User account security (elevation of privileges, permissions, functionality, passwords, hardening)
  • Functionality and hardening of rights, permissions, privileges
  • Services security
  • Registry settings and activity
  • Lab: Securing system objects
  • Lab: Improving services security
  • Lab: Verifying the meaning of rights, permissions and privileges
  • Lab: System security bypass techniques and countermeasures
  • Modern malware and threats
  • Sensitive operating system areas
  • Techniques used by modern malware
  • Cases of the real attacks on sensitive areas (with the practical examples)
  • Protection mechanisms and countermeasures
  • Lab: Malware hunting
  • Lab: Stuxnet / other malware cases
  • Device Drivers
  • Types of drivers and their security considerations
  • Managing device drivers
  • Lab: Monitoring drivers
  • Lab: Driver Isolation
  • Lab: Signing drivers
  • Group Policy Settings
  • Useful GPO Settings for hardening
  • Customized GPO Templates
  • AGPM
  • Lab: Advanced GPO features
  • Lab: Implementing AGPM
  • Practical Cryptography
  • EFS
  • Deep-dive to BitLocker
  • 3rd party solutions
  • Lab: Implementing and managing BitLocker
  • After completing this module, students will be familiar with:
  • Threats and their effects
  • Points of entry to the client operating system
  • Secure configuration of the client operating system
  • Security management in the client operating system
  • Securing Server Features
  • Public Key Infrastructures
  • Design considerations
  • Hardening techniques
  • Lab: PKI implementation
  • Active Directory
  • Design considerations for Windows Server 2008 R2 and Windows Server 8
  • Securing Domain Services
  • Schema configuration
  • New security features in Windows Server 8
  • Lab: Active Directory security in the single domain environment
  • Lab: Active Directory security in the multiple domains environment
  • Microsoft SQL Server hardening
  • Installation considerations
  • Configuring crucial security features
  • Lab: Hardening Microsoft SQL Server
  • After completing this module, students will be familiar with:
  • Threats for servers and countermeasures
  • Points of entry to the server operating system
  • Solutions for server security
  • Hardening of the Windows related roles
  • Hardening minor network roles
  • DNS Hardening
  • Improving DNS functionality
  • Hardening and designing DNS Role
  • Lab: Hardening DNS role
  • Lab: Testing the DNS configuration
  • Internet Information Security 7.5 / 8
  • Implementing secure web server
  • Implementing web site security
  • Monitoring security and performance
  • Lab: IIS Server Hardening
  • Lab: Web site security settings
  • Lab: Monitoring IIS under attack
  • IPSec
  • Implementing IPSec
  • Security polices in IPSec
  • Lab: Implementing Domain Isolation
  • Lab: Network Access Protection with IPSec
  • DirectAccess
  • Implementation Considerations
  • DirectAccess Security and Hardening
  • Lab: DirectAccess secure configuration demo
  • Remote Access
  • VPN Protocols
  • RDP Gateway
  • Unified Access Gateway
  • Network Access Protection
  • Lab: Configuring security settings in Network Policy Server
  • Lab: Configuring security settings in RDP Gateway
  • Lab: Securing UAG Configuration for applications
  • Lab: Network Access Protection implementation scenario
  • Firewall
  • Customizing the rules
  • Hardening Client and Server for Rule-Specific scenario
  • Lab: Managing Windows Firewall with Advanced Security
  • After completing this module, students will be familiar with:
  • Configuring secure remote access
  • Implementing Network Access Protection
  • Protocol misusage techniques and prevention actions
  • DNS advanced configuration
  • Hardening the Windows networking roles and services – in details
  • Building the secure web server
  • Network Load Balancing design considerations and best practices
  • iSCSI configuration
  • Failover Clustering internals and security
  • Lab: Building IIS Cluster with NLB
  • Lab: Building the failover cluster
  • After completing this module, students will be familiar with:
  • High Availability technologies
  • File Classification Infrastructure
  • Designing security for File Server
  • Active Directory Rights Management Services
  • AppLocker and Software Restriction Policy
  • Lab: Building secure solution with FCI and ADRMS
  • Lab: Securing and auditing a File Server
  • Lab: Restricting access to applications with Applocker and SRP
  • Lab: Software Restriction Policy (in) security
  • After completing this module, students will be familiar with:
  • Information and data protection solutions
  • Best practices of implementing data security solutions
  • Techniques for restricting access to data
  • Techniques of avoiding misusage of applications
  • Advanced logging and subscriptions
  • Analyzing and troubleshooting the boot process
  • Crash dump analysis
  • Auditing tools and techniques
  • Monitoring tools and techniques
  • Professional troubleshooting tools
  • Lab: Event logging and subscriptions
  • Lab: Monitoring the boot process
  • Lab: Blue Screen scenario
  • After completing this module, students will be familiar with:
  • Troubleshooting methodologies
  • Collecting data methodologies
  • Monitoring Windows after / during the attack and during situation specific events
  • Windows forensics
  • Powershell Scripting
  • Useful tools and best practices
  • Advanced Security Configuration Wizard
  • Lab: Administering Security with Powershell
  • Lab: Playing with hardening tools
  • Lab: Adjusting SCW to the special scenario
  • After completing this module, students will be familiar with:
  • Powershell usage in hardening
  • Automating Windows hardening
  • Tools used to automate configuration changes
  • Considerations for designing secure infrastructure
  • Security policy & compliance
  • Auditing methodologies
  • CERT
  • Attack response procedures
  • Documentation required for security projects
  • Discussion: Procedures after attack
  • After completing this module, students will be familiar with:
  • Organizational security issues
  • Security policy best practices
  • minimize course outline