Target Audience
Passionate IT Professionals, including:
- Information Security Professionals
- Government Agents
- IT Administrators
- IT Architects
- Risk Assessment Professionals
- Penetration Testers
Windows Kernel role
Kernel functionality
Kernel debugging (useful techniques)
Kernel security mechanisms and their practical implementation
Lab: Kernel digging
Securing operating system objects
Influencing the security of processes & threads
User account security (elevation of privileges, permissions, functionality, passwords, hardening)
Functionality and hardening of rights, permissions, privileges
Services security
Registry settings and activity
Lab: Securing system objects
Lab: Improving services security
Lab: Verifying the meaning of rights, permissions and privileges
Lab: System security bypass techniques and countermeasures
Modern malware and threats
Sensitive operating system areas
Techniques used by modern malware
Cases of the real attacks on sensitive areas (with the practical examples)
Protection mechanisms and countermeasures
Lab: Malware hunting
Lab: Stuxnet / other malware cases
Device Drivers
Types of drivers and their security considerations
Managing device drivers
Lab: Monitoring drivers
Lab: Driver Isolation
Lab: Signing drivers
Group Policy Settings
Useful GPO Settings for hardening
Customized GPO Templates
AGPM
Lab: Advanced GPO features
Lab: Implementing AGPM
Practical Cryptography
EFS
Deep-dive to BitLocker
3rd party solutions
Lab: Implementing and managing BitLocker
After completing this module, students will be familiar with:
Threats and their effects
Points of entry to the client operating system
Secure configuration of the client operating system
Security management in the client operating system
Securing Server Features
Public Key Infrastructures
Design considerations
Hardening techniques
Lab: PKI implementation
Active Directory
Design considerations for Windows Server 2008 R2 and Windows Server 8
Securing Domain Services
Schema configuration
New security features in Windows Server 8
Lab: Active Directory security in the single domain environment
Lab: Active Directory security in the multiple domains environment
Microsoft SQL Server hardening
Installation considerations
Configuring crucial security features
Lab: Hardening Microsoft SQL Server
After completing this module, students will be familiar with:
Threats for servers and countermeasures
Points of entry to the server operating system
Solutions for server security
Hardening of the Windows related roles
Hardening minor network roles
DNS Hardening
Improving DNS functionality
Hardening and designing DNS Role
Lab: Hardening DNS role
Lab: Testing the DNS configuration
Internet Information Security 7.5 / 8
Implementing secure web server
Implementing web site security
Monitoring security and performance
Lab: IIS Server Hardening
Lab: Web site security settings
Lab: Monitoring IIS under attack
IPSec
Implementing IPSec
Security polices in IPSec
Lab: Implementing Domain Isolation
Lab: Network Access Protection with IPSec
DirectAccess
Implementation Considerations
DirectAccess Security and Hardening
Lab: DirectAccess secure configuration demo
Remote Access
VPN Protocols
RDP Gateway
Unified Access Gateway
Network Access Protection
Lab: Configuring security settings in Network Policy Server
Lab: Configuring security settings in RDP Gateway
Lab: Securing UAG Configuration for applications
Lab: Network Access Protection implementation scenario
Firewall
Customizing the rules
Hardening Client and Server for Rule-Specific scenario
Lab: Managing Windows Firewall with Advanced Security
After completing this module, students will be familiar with:
Configuring secure remote access
Implementing Network Access Protection
Protocol misusage techniques and prevention actions
DNS advanced configuration
Hardening the Windows networking roles and services – in details
Building the secure web server
Network Load Balancing design considerations and best practices
iSCSI configuration
Failover Clustering internals and security
Lab: Building IIS Cluster with NLB
Lab: Building the failover cluster
After completing this module, students will be familiar with:
High Availability technologies
File Classification Infrastructure
Designing security for File Server
Active Directory Rights Management Services
AppLocker and Software Restriction Policy
Lab: Building secure solution with FCI and ADRMS
Lab: Securing and auditing a File Server
Lab: Restricting access to applications with Applocker and SRP
Lab: Software Restriction Policy (in) security
After completing this module, students will be familiar with:
Information and data protection solutions
Best practices of implementing data security solutions
Techniques for restricting access to data
Techniques of avoiding misusage of applications
Advanced logging and subscriptions
Analyzing and troubleshooting the boot process
Crash dump analysis
Auditing tools and techniques
Monitoring tools and techniques
Professional troubleshooting tools
Lab: Event logging and subscriptions
Lab: Monitoring the boot process
Lab: Blue Screen scenario
After completing this module, students will be familiar with:
Troubleshooting methodologies
Collecting data methodologies
Monitoring Windows after / during the attack and during situation specific events
Windows forensics
Powershell Scripting
Useful tools and best practices
Advanced Security Configuration Wizard
Lab: Administering Security with Powershell
Lab: Playing with hardening tools
Lab: Adjusting SCW to the special scenario
After completing this module, students will be familiar with:
Powershell usage in hardening
Automating Windows hardening
Tools used to automate configuration changes
Considerations for designing secure infrastructure
Security policy & compliance
Auditing methodologies
CERT
Attack response procedures
Documentation required for security projects
Discussion: Procedures after attack
After completing this module, students will be familiar with:
Organizational security issues
Security policy best practices
