Securing Windows Infrastructure Make The Difference CAST 616: Securing Windows Infrastructure is...

CAST EC-Council

EC-Council

CAST CENTER FOR ADVANCEDSECURITY TRAINING

Make The Difference

CAST 616Securing Windows Infrastructure

CAST EC-Council CAST EC-CouncilCAST EC-Council

The rapidly evolving information security landscape now requires professionals to stay up to date on the latest security technologies, threats and remediation strategies. CAST was created to address the need for quality advanced technical training for information security professionals who aspire to acquire the skill sets required for their job functions. CAST courses are advanced and highly technical training programs co-developed by EC-Council and well-respected industry practitioners or subject matter experts. CAST aims to provide specialized training programs that will cover key information security domains, at an advanced level.

About EC-CouncilCenter of AdvancedSecurity Training(CAST)


Windows Infrastructure Hardening has become a mandatory step performed on a regular basis by any organization that sees security as a priority. Businesses nowadays are almost fully dependent on IT services, making the hardening and securing processes even more intense. The number of possible attack surfaces has emerged exponentially in direct relation to the increasingly competitive �eld of current technology we are witnessing where developers try to achieve more and more functionality from implemented solutions and applications.

The CAST 616: Securing Windows Infrastructure is designed with the single purpose of providing Info-Sec professionals with complete knowledge and practical skills necessary to secure their network infrastructure which is fast becoming if already not a top priority plus a major tech challenge for most security conscious organizations.

This 3 day training deep dives into the key aspects of solving infrastructure-related problems by appreciating the key elements of how Windows Internal Security mechanisms actually work and how it can be further optimized without jeopardizing or easing an organization’s IT Environment con�guration settings which becomes common as time passes. Some of the highlights of this course are techniques used in Kernel Debugging, Malware hunting, deep diving into BitLocker and the automation of the whole hardening process.

Securing Windows InfrastructureCourse Description


Why You Should Attend?

There’s a lot more to Windows Security than just applying patches and changing passwords:

01

02

03

04

05

06

07

08

09

10

11

Gain knowledge on how to apply Windows Server 2008 R2 and Windows Server 2012 features to secure your infrastructure

Learn how to setup the appropriate rights, privileges and permissions to operating system objects

Learn the key functionalities of IPSec (domain isolation, securing network tra�c)

Learn now to con�gure, monitor and troubleshoot Microsoft infrastructure services

Gain knowledge how to implement Network Access Protection

Learn how Windows operating systems work

Learn how to implement BitLocker

Learn how to deal with insecure or incompatible drivers

Gain knowledge how to investigate Blue Screens

Learn how to build the failover cluster and NLB used in the Web Server scenario

Learn how to use Public Key Infrastructure in the everyday task


Who Should Attend?

• InformationSecurityProfessionals

• GovernmentAgents

• ITAdministrators

• ITArchitects

• RiskAssessmentProfessionals

• PenetrationTesters

• Anunderstandingofinfrastructuremanagement

• It’srecommendedthatstudentshaveMCTScertificationonserverorclienttechnologies

Passionate IT Professionals, including:

PRE-requisites:


Course Outline

Thismodulecoversadetaileddeep-diveintoWindowsinternalsecuritymechanismsandtheirpracticalusageandadjustment.

• WindowsKernelrole

• Kernelfunctionality

• Kerneldebugging(usefultechniques)

• Kernelsecuritymechanismsandtheirpracticalimplementation

• Lab: Kerneldigging

Unit 1: Windows 7 & 8 Hardening • Securingoperatingsystemobjects

• Influencingthesecurityofprocesses&threads

• Useraccountsecurity(elevationofprivileges,permissions,functionality,passwords,hardening)

• Functionalityandhardeningofrights,permissions,privileges

• Servicessecurity

• Registrysettingsandactivity

• Lab: Securingsystemobjects

• Lab: Improvingservicessecurity

• Lab:Verifyingthemeaningofrights,permissionsandprivileges

• Lab:Systemsecuritybypasstechniquesandcountermeasures


• Modernmalwareandthreats

• Sensitiveoperatingsystemareas

• Techniquesusedbymodernmalware

• Casesoftherealattacksonsensitiveareas(withthepracticalexamples)

• Protectionmechanismsandcountermeasures

• Lab: Malwarehunting

• Lab: Stuxnet/othermalwarecases

• DeviceDrivers

• Typesofdriversandtheirsecurityconsiderations

• Managingdevicedrivers

• Lab: Monitoringdrivers

• Lab:DriverIsolation

• Lab: Signingdrivers

• GroupPolicySettings

• UsefulGPOSettingsforhardening

• CustomizedGPOTemplates

• AGPM

• Lab: AdvancedGPOfeatures

• Lab: ImplementingAGPM

• PracticalCryptography

• EFS

• Deep-divetoBitLocker

• 3rdpartysolutions

• Lab: ImplementingandmanagingBitLocker

Aftercompletingthismodule,studentswillbefamiliarwith:

• Threatsandtheireffects

• Pointsofentrytotheclientoperatingsystem

• Secureconfigurationoftheclientoperatingsystem

• Securitymanagementintheclientoperatingsystem


Thismodulefocusesonserverarchitecture,securityissuesandhardening

• SecuringServerFeatures

• PublicKeyInfrastructures

• Designconsiderations

• Hardeningtechniques

• Lab:PKIimplementation

• ActiveDirectory

• DesignconsiderationsforWindowsServer2008R2andWindowsServer8

• SecuringDomainServices

• Schemaconfiguration

• NewsecurityfeaturesinWindowsServer8

• Lab: ActiveDirectorysecurityinthesingledomainenvironment

• Lab: ActiveDirectorysecurityinthemultipledomainsenvironment

• MicrosoftSQLServerhardening

• Installationconsiderations

• Configuringcrucialsecurityfeatures

• Lab: HardeningMicrosoftSQLServer


• Threatsforserversandcountermeasures

• Pointsofentrytotheserveroperatingsystem

• Solutionsforserversecurity

• HardeningoftheWindowsrelatedroles

Unit 2: Windows Server2008 R2 / Windows Server 8 Hardening


• Hardeningminornetworkroles

• DNSHardening

• ImprovingDNSfunctionality

• HardeninganddesigningDNSRole

• Lab:HardeningDNSrole

• Lab: TestingtheDNSconfiguration

• InternetInformationSecurity7.5/8

• Implementingsecurewebserver

• Implementingwebsitesecurity

• Monitoringsecurityandperformance

• Lab:IISServerHardening

• Lab:Websitesecuritysettings

• Lab:MonitoringIISunderattack

• IPSec

• ImplementingIPSec

• SecuritypolicesinIPSec

• Lab: ImplementingDomainIsolation

• Lab:NetworkAccessProtectionwithIPSec

• DirectAccess

• ImplementationConsiderations

• DirectAccessSecurityandHardening

• Lab: DirectAccesssecureconfigurationdemo

• RemoteAccess

• VPNProtocols

• RDPGateway

• UnifiedAccessGateway

• NetworkAccessProtection

• Lab:ConfiguringsecuritysettingsinNetworkPolicyServer

• Lab:ConfiguringsecuritysettingsinRDPGateway

• Lab:SecuringUAGConfigurationforapplications

• Lab:NetworkAccessProtectionimplementationscenario

• Firewall

• Customizingtherules

• HardeningClientandServerforRule-Specificscenario

• Lab:ManagingWindowsFirewallwithAdvancedSecurity


• Configuringsecureremoteaccess

• ImplementingNetworkAccessProtection

• Protocolmisusagetechniquesandpreventionactions

• DNSadvancedconfiguration

• HardeningtheWindowsnetworkingrolesandservices–indetails

• Buildingthesecurewebserver

Unit 3: Hardening Microsoft Network Roles

Thismodulefocusesonhardeningandtestingnetworkrelatedroles.Veryintensive!


06. Protecting Web Applications

• NetworkLoadBalancingdesignconsiderationsandbestpractices

• iSCSIconfiguration

• FailoverClusteringinternalsandsecurity

• Lab: BuildingIISClusterwithNLB

• Lab: Buildingthefailovercluster


• HighAvailabilitytechnologies

Unit 4: Windows High Availability

Thismodulecoversbusinesscontinuitysupporttechnologies


• FileClassificationInfrastructure

• DesigningsecurityforFileServer

• ActiveDirectoryRightsManagementServices

• AppLockerandSoftwareRestrictionPolicy

• Lab: BuildingsecuresolutionwithFCIandADRMS

• Lab: SecuringandauditingaFileServer

• Lab:RestrictingaccesstoapplicationswithApplockerandSRP

• Lab: SoftwareRestrictionPolicy(in)security


• Informationanddataprotectionsolutions

• Bestpracticesofimplementingdatasecuritysolutions

• Techniquesforrestrictingaccesstodata

• Techniquesofavoidingmisusageofapplications

Unit 5: Data and Application SecurityThismodulecoverssolutionsthatgreatlysupportinformationanddatasecurity


Thismodulecoversallbestpracticesregardingtomonitoring,troubleshootingandauditingWindows.ItisaprefectmoduleforWindowsinvestigators

• Advancedloggingandsubscriptions

• Analyzingandtroubleshootingthebootprocess

• Crashdumpanalysis

• Auditingtoolsandtechniques

• Monitoringtoolsandtechniques

• Professionaltroubleshootingtools

• Lab: Eventloggingandsubscriptions

• Lab: Monitoringthebootprocess

• Lab: BlueScreenscenario


• Troubleshootingmethodologies

• Collectingdatamethodologies

• MonitoringWindowsafter/duringthattackandduringsituationspecificevents

• Windowsforensics

Unit 6: Monitoring, Troubleshooting and Auditing Windows


Thismodulecoversallbestpracticesregardingtomonitoring,troubleshootingandauditingWindows.ItisaprefectmoduleforWindowsinvestigators

• Advancedloggingandsubscriptions

• Analyzingandtroubleshootingthebootprocess

• Crashdumpanalysis

• Auditingtoolsandtechniques

• Monitoringtoolsandtechniques

• Professionaltroubleshootingtools

• Lab:Eventloggingandsubscriptions

• Lab:Monitoringthebootprocess

• Lab:BlueScreenscenario


• Troubleshootingmethodologies

• Collectingdatamethodologies

• MonitoringWindowsafter/duringtheattackandduringsituationspecificevents

• Windowsforensics

Unit 7: Automating Windows hardening


Master Trainer:

Paula Januszkiewicz

Paula Januszkiewicz is an IT Security Auditor and Penetration Tester, Enterprise Security Most Valuable Professional, Microsoft Certi�ed Trainer and Microsoft Security Trusted Advisor. She is a familiar face at international events and conferences such as TechEd North America, TechEd Middle East and TechEd Europe, RSA worldwide, CyberCrime and others worldwide. Her passion for Windows & IT Security allows her to spread her expertise via her trainings and consulting services focusing on areas such as Infrastructure Security & Design, Penetration Testing, IT Security Audits, Networking Security, Windows Internals and Forensics and through her writing regarding Windows Security. Her distinct specialization is de�nitely on Microsoft security solutions in which she holds multiple Microsoft certi�cations (MCITP, MCTS, MCSE, MCDBA etc.) besides being familiar and possessing certi�cations with other related technologies. She proudly holds the role of the Security Architect in iDESIGN and has conducted hundreds IT security audits and penetration tests. When she’s not driving her own company CQURE, she enjoys researching new related technologies, which she converts to authored trainings and describes them on her blog. She is also a co-author of the Microsoft Forefront Threat Management Gateway 2010 book and is currently working on her new book under the same subject.

CAST EC-Council CAST EC-Council

EC-Council

Securing Windows Infrastructure Make The Difference CAST 616: Securing Windows Infrastructure is...

Documents

Transcript of Securing Windows Infrastructure Make The Difference CAST 616: Securing Windows Infrastructure is...