The Windows Security Certification Track (Track 5) is a comprehensive curriculum for securing Windows 2000/XP networks. The seminars bring the confusing complexity of Windows 2000/XP security into clear focus by starting with foundational security services, such as Active Directory and Group Policy, and advancing in a logical progression to particular products or features which rely on these foundations, such as IIS and IPSec. The seminars provide best practices for security, hands-on exercises, extensive documentation/screenshots in the book-like manuals, a CD-ROM of security/hacking tools, and an objective account of Windows security (neither bashing Microsoft nor toeing the party line). Whether you learn it at SANS or elsewhere, you cannot claim to be a Windows 2000/XP security expert without mastering the information and skills presented in Track 5.

You have six months following the conference to complete GIAC certification requirements. Detailed information can be found at http://www.giac.org/steps.php.

Active Directory provides the security infrastructure upon which the rest of Windows 2000/XP security depends. Virtually all concepts new to Windows 2000/XP presuppose an understanding of it, including Group Policy. Dynamic DNS replaces WINS.

Group Policy replaces and greatly enhances NT System Policy and the Security Configuration Editor. Group Policy is how you will secure and manage the Windows 2000/XP systems throughout your enterprise, whether your enterprise consists of 20 or 20,000 systems. Without an understanding of Active Directory and Group Policy it will be impossible (not just difficult) to secure your Windows 2000/XP network.

This course will quickly get you on top of what you need to know about Active Directory, DNS and Group Policy. The manual is written from a tools-oriented perspective, and includes extensive text and screenshots. You are encouraged to bring a Windows 2000 Server laptop with you, though this is not required.

Who Should Attend This Course:

• NT, Unix and NetWare administrators new to Windows 2000/XP.
• Anyone interested in the security aspects of Active Directory, DNS and Group Policy

?

• What is Active Directory?
• Active Directory Structure: Forests, Trees, Sites, Domains, OUs, etc..
• Active Directory replication and SYSVOL.
• Permissions on Active Directory containers and objects.
• ADSI scripting overview: Windows Script Host, PerlScript, ASP.
• Command-line Active Directory tools.

• Dynamic DNS
• What is Group Policy?
• Group Policy links to domains, OUs and sites.
• Group Policy override, inheritance and loopback mode.
• Group Policy security templates and registry settings.
• Group Policy startup, shutdown, logon and logoff scripts.
• Command-line Group Policy tools.

?

Digital certificates play an essential role in Windows 2000/XP security. Kerberos authentication with Smart Cards, IPsec, EFS, secure e-mail, SSL/TLS, etc. can all use digital certificates. Windows 2000/XP provides a comprehensive Public Key Infrastructure (PKI) for managing certificates and making their use as transparent as possible for users. Windows 2000/XP PKI uses Active Directory to store certificates, Group Policy to manage their use, CryptoAPI to make cryptographic services seamless with the operating system, and the Protected Storage service to keep private keys safe. With Windows 2000/XP Certificate Services, you can also be your own private Certification Authority (like VeriSign).

Smart Cards are the size of credit cards, but include a microprocessor and EEPROM memory. A Smart Card will contain one's certificate and private key. It is used with Kerberos for secure two-factor authentication, and with e-mail applications for signing and encrypting messages. Windows 2000/XP provides built-in support for Smart Cards through CryptoAPI.

The Encrypting File System (EFS) prevents attackers from reading hard drive data, even if they have physical control of the drive. It is ideal for laptops which may be stolen. EFS is a native and transparent feature of the NTFS file system, not a separate utility.

This course will quickly get you on top of what you need to know about Windows 2000/XP PKI, Smart Cards and EFS. PKI in particular can be a complex topic, but it is the future of security on the Internet.

Who Should Attend This Course:

• All Windows 2000/XP network administrators
• Anyone new to PKI or cryptography
• Anyone who is planning a PKI deployment
• Anyone researching Smart Cards or data privacy
• Anyone planning to use L2TP VPNs or IPSec

• Cryptography and PKI Essentials
• Certificate Services and Active Directory
• Managing User, Computer and Service Account X.509 Certificates
• Private Key Storage and Protection
• Smart Card Authentication with Kerberos
• Encrypting File System (EFS)
• Best Practices for Deployment

• Certification Authority snap-in
• Certificates snap-in
• Certificate Services Website
• DSSTORE.EXE
• CERTUTIL.EXE
• CERTSRV.EXE
• CIPHER.EXE
• EFSINFO.EXE

Windows 2000/XP includes native support for IP Security (IPSec). IPSec provides authentication, integrity-checking and encryption of TCP/IP packets in a way which is transparent to users and applications. IPSec on Windows 2000/XP can also be used for flexible packet filtering. IPSec has become the de facto standard for securing IP traffic over the Internet and is used with L2TP for Virtual Private Networking.

Virtual Private Networking (VPN) is a method of securely using the Internet to carry one's confidential network traffic. A VPN creates an encrypted "tunnel" through the Internet to connect a roaming user to his or her corporate LAN, or to connect two or more LANs together with VPN routers. This eliminates the costs of long-distance leased lines like ISDN. Windows 2000/XP includes a VPN router called the Routing and Remote Access Service.

The Routing and Remote Access Service (RRAS) is a multi-protocol, multi-purpose router. RRAS can be used as a dial-up server for POTS, ISDN or VPN clients. RRAS can use RIPv2 or OSPF to route traffic between Ethernet, Token Ring, dial-up, VPN and other interfaces. Each interface can perform static packet filtering. RRAS can also be used as a demand-dial router for PPP/SLIP or VPN connections to save on connect charges.

VPNs on Windows 2000/XP also support Smart Card authentication of users and certificate-based security for IPSec connections, hence, these products are also integrated into the Windows 2000 PKI.

Who Should Attend This Course:

• All Windows 2000/XP network administrators
• Anyone new to IPSec or evaluating it
• IIS web farm administrators (IPSec)
• Anyone using VPNs or researching them
• Dial-up and VPN server administrators

?

• Create IPSec Policies and Filters
• Install and configure IPSec through Group Policy
• Use certificate-based security for IPSec with the Windows 2000 PKI
• Configure IPSec from the command-line with IPSECPOL.EXE

• Install the Routing and Remote Access Service (RRAS)
• Configure RRAS packet filters and dial-up policies
• Use Smart Card authentication for dial-up clients
• Use RRAS for client-to-router or router-to-router VPNs

?

Internet Information Server is Microsofts HTTP, FTP, SMTP and NNTP server for Windows 2000. A large percentage of Internet web servers run IIS, including major e-commerce sites such as Dell and eBay, and IIS is one of the foundational servers for Microsoft's ".NET" initiative. At the same time, many of the most notorious Microsoft security vulnerabilities are found in IIS. Hence, the demand for IIS security personnel is great.

After attending this seminar you will know how to install, configure and harden IIS against attack. We will discuss exactly which features to uninstall, files to delete, services to disable and permissions to set. IPSec is used for resilient packet filtering and securing web farm communications. TCP/IP settings can also be modified to help withstand SYN Floods and other distributed denial of service attacks.

Because IIS is really an application server, we will discuss the different methods of authenticating to IIS, including Kerberos and certificate-based authentication, and how IIS authorizes file access based on user identity. We will see how ISAPI Extensions and Filters support server-side applications, and how to isolate vulnerable DLLs and processes. Finally, we will see how to use logging data and remote administration tools.

The manual can be read like a book, and contains numerous screenshots and references. 90% of this course will apply to IIS 4.0 as well.

Who Should Attend This Course:

• e-Commerce Solution Providers
• NT and Windows 2000/XP Administrators and Webmasters
• IIS Web Application Developers
• Internet Service Providers

?

• Firewall Design
• DMZ Domain Controllers
• Administration Requirements

Server Hardening

• Service Packs and Hotfixes
• Website Location
• Dangerous Files
• Dangerous Services
• WebDAV
• Protocols and Bindings
• TCP/IP Parameters
• IPSec Filtering and Authentication

IIS Authentication

• Anonymous
• Basic
• Digest
• Kerberos
• NTLM
• Certificate

Permissions

• IIS/HTTP Permissions
• NTFS Permissions
• Application
• Permissions Wizard

• ISAPI Filters
• ISAPI Extensions
• HTTP Verbs
• OLE Controls
• Session State
• Buffer Overflows
• Process Isolation Techniques
• Securing the Metabase

Logging and Auditing

• Event Viewer logs
• IIS logs and accounting
• Hacking signatures
• SSL Connection logging
• Securing log files

Remote Administration

• Delegation of authority
• HTML Administration Website
• Terminal Services
• Scripting and Tools
  

Virtually every aspect of Windows 2000/XP can be managed from the command line or with scripts. This includes Active Directory, NTFS permissions, shared folders, audit logs, IIS, the registry, and more. Besides regular batch files, the built-in script interpreter, the Windows Script Host (WSH), can run scripts written in VBScript, JScript or Perl (with a free add-on). Repetitive and complex security tasks can be automated, if only they can be scripted and scheduled-- this course will show you how to do it.

In addition to logon scripts, Windows 2000/XP Group Policy can assign startup, shutdown, logon and logoff scripts to machines automatically. The Windows Installer Service can also be used to deploy Service Packs and hotfixes to hundreds of computers in the same way. Finally, the new Task Scheduler on each system is easier to use, more secure and accessible remotely.

These scripting capabilities come at a price. We will analyze the ILOVEYOU virus and walk through its VBScript code to see exactly how it works, then discuss how to defend against e-mail viruses in general.

This seminar will use VBScript to demonstrate the use of ADSI, WMI and COM to automate security tasks. Attendees are encouraged to bring Windows 2000 laptops with CD-ROM drives, but this is not required. Knowing VBScript is not a prerequisite for coming to the seminar. VBScript is a very user-friendly language and we will walk through the scripts together.

Who Should Attend This Course:

• All Windows NT/2000/XP network administrators
• Those who want to automate their work
• Those who want command-line control of Windows
• Windows network auditors
• E-mail administrators who dislike script viruses
• Anyone who wants to learn VBScript

?

• Windows Script Host (WSH) and VBScript
• Script distribution through Group Policy
• Windows Installer Service for deploying Service Packs

?

• The New Task Scheduler
• Analysis of the ILOVEYOU virus
• Scripting ADSI, WMI and COM
• Script libraries, editors and debuggers
• Plus many example security scripts&