Hi there!

71-214 Beta Review: Implementing and Administering Security in a Microsoft Windows 2000 Network Exam

By MasterPyrexia

This weekend I had the pleasure of taking the beta exam for the new Microsoft exam: Implementing and Administering Security in a Microsoft Windows 2000 Network Exam number 70-214. Please note that exam 70-214 is available in its beta version October 10-17, 2002. While it is in its beta version, this exam is numbered 71-214. When you pass the Implementing and Administering Security in a Microsoft Windows 2000 Network exam, you achieve Microsoft Certified Professional (MCP) status. You also earn credit toward the following certifications:

Elective credit toward Microsoft Certified Systems Administrator (MCSA) on Microsoft Windows 2000 certification

Elective credit toward Microsoft Certified Systems Engineer (MCSE) on Microsoft Windows 2000 certification

My summered up thoughts of the beta:

“I feel that the exam was tough but fair. Anyone not working with the tools listed in the objectives, or without a fundamental knowledge of general security concepts may find this exam very tough. A thorough knowledge of Active Directory, GPO’s and Security Templates is needed… and if you don’t have it, I suggest you study it before attempting the exam.â€

Now into detail… without breaking my NDA, I can tell you this - the exam is not a piece of cake. I have found that most Microsoft exams are in fact NOT what they used to be. I remember taking Windows NT exams and you could easily read an exam cram or a condensed study guide and have passed the exam. Not now, not anymore. This exam tests you on your real world skills of implementing security on a Windows 2000 network platform in an Enterprise level environment. I was surprised to see that there was so much emphasis on real world scenarios. I thought the exam might focus more on the ‘how to’ based configuration… but its focus was more on memorization of Permission and policies and then troubleshooting the scenario based question and then on ‘how to’. In other words, you would need to know exactly how something works when its set up correctly, and how to weed out the wrong answers from within the questions. Put simply… if you don’t implement security on a Windows 2000 infrastructure, you may find this test very hard. Here are the high points of the exam:

• Basic security fundamentals: attacks, etc.

• Active Directory and all its underpinning were tested. You had to know GPO’s, OU’s, and how to apply security templates

• Auditing… memorize the console.

• Permissions and NTFS. Know everything about them

• Logs… know every log and how to check them.

• Tools… know all the tools outlined in the test objectives.

• RAS and VPNs. Know how to configure them and troubleshoot them

• Service packs and hotfixes… know how to slipstream them and memorize how to deploy them.

• Certificates… memorize everything in the objectives

This is not to say anything else it not tested, but these were definitely hit very hard. Make sure you study hard for this one!

Here are the testable objectives:

http://www.microsoft.com/traincert/exams/70-214.asp

Good luck!

Robert J. Shimonski(Truesecure TICSA, Cisco CCDP, CCNP, Nortel NNCSS, Microsoft MCSE, MCP+I, Novell Master CNE, CIP, CIBS, IWA CWP, Prosoft CIW, SANS GSEC, GCIH, CompTIA Server+, Network+, Inet+, A+, e-Biz+, Symantec SPS and NAI Sniffer SCP) is a Lead Network and Security Engineer for a leading manufacturing company. Robert"s specialties include network infrastructure design with the Cisco and Nortel product line, network security design and management with CiscoSecure and PIX firewalls, network management and troubleshooting with CiscoWorks, CiscoSecure, Sniffer-based technologies, and HPOV. Robert is the author of many security-related articles and published books, including the new Sniffer Network Optimization and Troubleshooting Handbook from Syngress Media, Inc. You can contact Robert at rshimonski@rsnetworks.net

71-214 Beta Review: Implementing and Administering Security in a Microsoft Windows 2000 Network Exam

By MasterPyrexia

This weekend I had the pleasure of taking the beta exam for the new Microsoft exam: Implementing and Administering Security in a Microsoft Windows 2000 Network Exam number 70-214. Please note that exam 70-214 is available in its beta version October 10-17, 2002. While it is in its beta version, this exam is numbered 71-214. When you pass the Implementing and Administering Security in a Microsoft Windows 2000 Network exam, you achieve Microsoft Certified Professional (MCP) status. You also earn credit toward the following certifications:

Elective credit toward Microsoft Certified Systems Administrator (MCSA) on Microsoft Windows 2000 certification

Elective credit toward Microsoft Certified Systems Engineer (MCSE) on Microsoft Windows 2000 certification

My summered up thoughts of the beta:

“I feel that the exam was tough but fair. Anyone not working with the tools listed in the objectives, or without a fundamental knowledge of general security concepts may find this exam very tough. A thorough knowledge of Active Directory, GPO’s and Security Templates is needed… and if you don’t have it, I suggest you study it before attempting the exam.â€

Now into detail… without breaking my NDA, I can tell you this - the exam is not a piece of cake. I have found that most Microsoft exams are in fact NOT what they used to be. I remember taking Windows NT exams and you could easily read an exam cram or a condensed study guide and have passed the exam. Not now, not anymore. This exam tests you on your real world skills of implementing security on a Windows 2000 network platform in an Enterprise level environment. I was surprised to see that there was so much emphasis on real world scenarios. I thought the exam might focus more on the ‘how to’ based configuration… but its focus was more on memorization of Permission and policies and then troubleshooting the scenario based question and then on ‘how to’. In other words, you would need to know exactly how something works when its set up correctly, and how to weed out the wrong answers from within the questions. Put simply… if you don’t implement security on a Windows 2000 infrastructure, you may find this test very hard. Here are the high points of the exam:

• Basic security fundamentals: attacks, etc.

• Active Directory and all its underpinning were tested. You had to know GPO’s, OU’s, and how to apply security templates

• Auditing… memorize the console.

• Permissions and NTFS. Know everything about them

• Logs… know every log and how to check them.

• Tools… know all the tools outlined in the test objectives.

• RAS and VPNs. Know how to configure them and troubleshoot them

• Service packs and hotfixes… know how to slipstream them and memorize how to deploy them.

• Certificates… memorize everything in the objectives

This is not to say anything else it not tested, but these were definitely hit very hard. Make sure you study hard for this one!

Here are the testable objectives:

http://www.microsoft.com/traincert/exams/70-214.asp

Good luck!

Robert J. Shimonski(Truesecure TICSA, Cisco CCDP, CCNP, Nortel NNCSS, Microsoft MCSE, MCP+I, Novell Master CNE, CIP, CIBS, IWA CWP, Prosoft CIW, SANS GSEC, GCIH, CompTIA Server+, Network+, Inet+, A+, e-Biz+, Symantec SPS and NAI Sniffer SCP) is a Lead Network and Security Engineer for a leading manufacturing company. Robert"s specialties include network infrastructure design with the Cisco and Nortel product line, network security design and management with CiscoSecure and PIX firewalls, network management and troubleshooting with CiscoWorks, CiscoSecure, Sniffer-based technologies, and HPOV. Robert is the author of many security-related articles and published books, including the new Sniffer Network Optimization and Troubleshooting Handbook from Syngress Media, Inc. You can contact Robert at rshimonski@rsnetworks.net

71-214 Beta Review: Implementing and Administering Security in a Microsoft Windows 2000 Network Exam

By MasterPyrexia

This weekend I had the pleasure of taking the beta exam for the new Microsoft exam: Implementing and Administering Security in a Microsoft Windows 2000 Network Exam number 70-214. Please note that exam 70-214 is available in its beta version October 10-17, 2002. While it is in its beta version, this exam is numbered 71-214. When you pass the Implementing and Administering Security in a Microsoft Windows 2000 Network exam, you achieve Microsoft Certified Professional (MCP) status. You also earn credit toward the following certifications:

Elective credit toward Microsoft Certified Systems Administrator (MCSA) on Microsoft Windows 2000 certification

Elective credit toward Microsoft Certified Systems Engineer (MCSE) on Microsoft Windows 2000 certification

My summered up thoughts of the beta:

“I feel that the exam was tough but fair. Anyone not working with the tools listed in the objectives, or without a fundamental knowledge of general security concepts may find this exam very tough. A thorough knowledge of Active Directory, GPO’s and Security Templates is needed… and if you don’t have it, I suggest you study it before attempting the exam.â€

Now into detail… without breaking my NDA, I can tell you this - the exam is not a piece of cake. I have found that most Microsoft exams are in fact NOT what they used to be. I remember taking Windows NT exams and you could easily read an exam cram or a condensed study guide and have passed the exam. Not now, not anymore. This exam tests you on your real world skills of implementing security on a Windows 2000 network platform in an Enterprise level environment. I was surprised to see that there was so much emphasis on real world scenarios. I thought the exam might focus more on the ‘how to’ based configuration… but its focus was more on memorization of Permission and policies and then troubleshooting the scenario based question and then on ‘how to’. In other words, you would need to know exactly how something works when its set up correctly, and how to weed out the wrong answers from within the questions. Put simply… if you don’t implement security on a Windows 2000 infrastructure, you may find this test very hard. Here are the high points of the exam:

• Basic security fundamentals: attacks, etc.

• Active Directory and all its underpinning were tested. You had to know GPO’s, OU’s, and how to apply security templates

• Auditing… memorize the console.

• Permissions and NTFS. Know everything about them

• Logs… know every log and how to check them.

• Tools… know all the tools outlined in the test objectives.

• RAS and VPNs. Know how to configure them and troubleshoot them

• Service packs and hotfixes… know how to slipstream them and memorize how to deploy them.

• Certificates… memorize everything in the objectives

This is not to say anything else it not tested, but these were definitely hit very hard. Make sure you study hard for this one!

Here are the testable objectives:

http://www.microsoft.com/traincert/exams/70-214.asp

Good luck!

Robert J. Shimonski(Truesecure TICSA, Cisco CCDP, CCNP, Nortel NNCSS, Microsoft MCSE, MCP+I, Novell Master CNE, CIP, CIBS, IWA CWP, Prosoft CIW, SANS GSEC, GCIH, CompTIA Server+, Network+, Inet+, A+, e-Biz+, Symantec SPS and NAI Sniffer SCP) is a Lead Network and Security Engineer for a leading manufacturing company. Robert"s specialties include network infrastructure design with the Cisco and Nortel product line, network security design and management with CiscoSecure and PIX firewalls, network management and troubleshooting with CiscoWorks, CiscoSecure, Sniffer-based technologies, and HPOV. Robert is the author of many security-related articles and published books, including the new Sniffer Network Optimization and Troubleshooting Handbook from Syngress Media, Inc. You can contact Robert at rshimonski@rsnetworks.net

Examnotes for Implementing and Administering Security in a Microsoft Windows 2000 Network

By Robert J Shimonski

Abstract:

This study guide was created to help you set a path to studying for and successfully negotiating the new Microsoft Security exam 70-214.

Please note: Exam 70-214 is available in its beta version October 10-17, 2002. While it is in its beta version, this exam is numbered 71-214.

This study guide will outline where you need to focus your studies.

My thoughts of the beta:

“I feel that the exam was tough but fair. Anyone not working with the tools listed in the objectives, or without a fundamental knowledge of general security concepts may find this exam very tough. A thorough knowledge of Active Directory, GPO’s and Security Templates is needed… and if you don’t have it, I suggest you study it before attempting the exam.â€

Exam Details:

When you pass the Implementing and Administering Security in a Microsoft Windows 2000 Network exam, you achieve Microsoft Certified Professional (MCP) status. You also earn credit toward the following certifications:

• Elective credit toward Microsoft Certified Systems Administrator (MCSA) on Microsoft Windows 2000 certification

• Elective credit toward Microsoft Certified Systems Engineer (MCSE) on Microsoft Windows 2000 certification

Links and Study Aids:

First, visit the main objectives site. You need to check this often since this is in beta right now and everything is subject to change when the exam goes live.

Official Objectives list:

http://www.microsoft.com/traincert/exams/70-214.asp

Next, you will need to have general security fundamentals down pretty solid for the exam. Please use the following tools to get yourself acclimated before digging into the Microsoft specific material related solely to this exam:

Hack Proofing Windows 2000 Server

http://www.syngress.com/catalog/sg_main.cfm?pid=1813

This book is not going to allow you to pass the exam (as it was not made to be a certification guide), but I can promise you that a lot of the material covered in the test is also covered in this book. This would be a good book to use a reference as well. It helped me prepare for the beta exam – along with the Windows 2000 Resource kit and hands on experience.

Note: To prepare for the actual exam, there are many books available to you, but what I suggest you do until there are actual study guides available, you can use the Microsoft TechNet site (links outlined in the Examnotes), and the Windows 2000 Server resource kit:

Windows 2000 Server Resource Kit:

http://www.microsoft.com/mspress/windows/windows2000

You CAN’T go wrong with the Resource kit.

General Security Information Online:

Most people do not have the funds for books, so if you don’t, here are some free online resources for you to tap…

Security Operations Guide for Windows 2000 Server
This guide delivers procedures and best practices for system administrators to lock down their Windows 2000-based servers and maintain secure operations once they"re up and running. Through effective use of Group Policy, proper patch management, and auditing and intrusion detection tactics, this guide provides administrators with the key information to manage risk of attack from avoidable malicious code (such as viruses and Trojan horses), unauthorized access, and data theft

Securing Windows 2000 Network Resources
Administration of a Microsoft Windows 2000 operating system-based network is a important task that has become much simpler. The administration tools and the directory service infrastructure (for user accounts and authentication) provide and control access to network and application resources. This guide focuses on setting up user accounts and using groups to control access to resources such as file share, printers and Web servers

The Definitive Guide to Windows 2000 Security
An online eBook sponsored by BindView Corporation. Free Registration required

Windows 2000 Installation Security Checklist
Our security checklist for locking down Windows 2000 Servers and Workstations. This is a live document that will be updated continuously as Microsoft posts new recommendations

Windows 2000 Security Technical Overview
This paper describes the major elements of the Windows 2000 distributed security services that support this model, including Active Directory, authentication, and authorization, and an introduction to the Kerberos authentication protocol.

Security Configuration Tool Set

SCToolset.doc

This technical article describes the Microsoft Security Configuration Tool Set, a set of Microsoft Management Console (MMC) snap-ins designed to reduce costs associated with security configuration and analysis of Windows 2000 operating system networks. The Security Configuration Tool Set allows you to configure security for a Windows 2000 system, and then perform periodic analysis of the system to ensure that the configuration remains intact or to make necessary changes over time. It is also integrated with Windows Administration Change and Configuration Management to automatically configure policy on a large number of systems in the enterprise. This article includes the following sections:

• Introduction

• Security Configuration Tool Set Overview

• Configuring Security

• Analyzing Security

• Group Policy Integration

• Using The Tools

• Appendix A. Implementing Security Attachments

Audience Profile:

Candidates for this exam operate in medium to very large computing environments that use Windows 2000 and Active Directory. Operating systems on client computers might include Windows NT Workstation 4.0, Windows 2000 Professional, and Windows XP Professional.

Candidates have a minimum of one year"s experience in implementing and administering security and network infrastructures in environments that have the following characteristics:

• Supported users range from 200 to more than 26,000.

• Physical locations range from five to more than 150.

• Infrastructures include LAN, WAN, and wireless networks.

• Typical network services and applications include file and print, database, messaging, proxy server and firewall, public key infrastructure, remote access, desktop management, and Web hosting.

• Connectivity scenarios include connecting individual offices and users at remote locations to the corporate network and connecting corporate networks to other networks and the Internet.

Although this is what Microsoft recommends, you don’t have to have this experience. Just make sure you are comfortable with the testable objectives. If you don’t have a working knowledge of administering Active Directory… you will have a problem with the exam.

Skills Being Measured:

This certification exam measures your ability to implement and administer security and network infrastructures that use Windows 2000 and Active Directory. Before taking the exam, you should be proficient in the job skills listed in the following matrix. The matrix shows, which Microsoft Official Curriculum courses may help, you reach competency in the skills being tested in the exam

Implementing, Managing, and Troubleshooting Baseline Security

Objectives:

• Configure security templates

• Configure registry and file system permissions

• Configure account policies

• Configure audit policies

• Configure user rights assignment

• Configure security options

• Configure system services

• Configure restricted groups

• Configure event logs

• Deploy security templates. Deployment methods include using Group Policy and scripting

• Troubleshoot security template problems. Considerations include Group Policy, upgraded operating systems, and mixed client-computer operating systems

• Configure additional security based on computer roles. Computer roles include Microsoft SQL Server computer, Microsoft Exchange Server computer, domain controller, Internet Access Service (IAS) server, Internet Information Services (IIS) server, and mobile client computer

• Configure additional security for client-computer operating systems by using Group Policy

Security Templates

• Windows 2000 comes with about a dozen predefined templates

• These templates define the security settings that Microsoft recommends using in certain situations

• You can use the template to quickly and effortlessly reproduce those settings on your own network.

Security Templates Up Close

• A security template is actually nothing more than an .INF file

• By default, these template files are located in the WINNTSECURITYTEMPLATES folder

• The file BASICDC.INF is a template for basic security on a domain controller.

Applying Templates

• There are actually a couple of different ways to apply security templates:

  • Using the Security Configuration and Analysis Tool

  • Applying the security template or templates by importing them into a group policy object (GPO)

• Once you’ve imported the security template, you must remember that the change usually doesn’t happen instantly.

• For the change to take effect, you must wait for the next group policy propagation cycle

• If you don’t have time to wait for automatic propagation, you can speed things up by either rebooting the computer or entering the following command:

SECEDIT /REFRESHPOLICY policy_name

Please note:You have to be totally comfortable with working with templates and all the commands involved.

Implementing, Managing, and Troubleshooting Service Packs and Security Updates

Objectives:

• Determine the current status of service packs and security updates. Tools include MBSA and HFNetChk

• Install service packs and security updates. Consideration include slipstreaming and using Remote Installation Services (RIS), custom scripts, and isolated networks

• Install service packs and security updates on new client computers and servers. Considerations include slipstreaming and using RIS, custom scripts, and isolated networks

• Manage service packs and security updates. Considerations include server computers and remote client computers. Tools include Microsoft Software Update Service, Automatic Updates, and SMS

• Troubleshoot the deployment of service packs and security updates. Typical issues include third-party application compatibility, permissions, and version conflicts

Microsoft Baseline Security Analyzer (MBSA)

• As part of Microsoft"s Strategic Technology Protection Program, and in response to direct customer need for a streamlined method of identifying common security misconfigurations, Microsoft has developed the Microsoft Baseline Security Analyzer (MBSA)

• Version 1.0 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems

• MBSA runs on Windows 2000 and Windows XP systems and will scan for missing hotfixes and vulnerabilities in the following products:

  • Windows NT 4.0

  • Windows 2000

  • Windows XP

  • Internet Information Server (IIS) 4.0 and 5.0

  • SQL Server 7.0 and 2000

  • Internet Explorer (IE) 5.01 and later

  • Office 2000 and 2002 (XP)

• MBSA creates and stores individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML

• MBSA uses a version of HFNetChk to scan for missing hotfixes and service packs for Windows, IIS, and SQL (See below for information on this tool)

• MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML

• For More Information: http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q320454

• System Requirements:

  • Windows 2000 or Windows XP

  • Internet Explorer 5.01 and later

  • An XML parser is required (MSXML version 3.0 SP2) for the tool to function correctly

• Systems not running IE 5.01 or greater will need to download and install an XML parser to run this tool

• MSXML version 3.0 SP2 can be installed during tool setup, otherwise, you can download and install a standalone version of the Microsoft XML parser from the following location:
  http://msdn.microsoft.com/downloads/default.asp?url=/downloads/sample.asp?url=/msdn-files/027/001/772/msdncompositedoc.xml

• MBSA is available for download at: http://download.microsoft.com/download/win2000platform/Install/1.0/NT5XP/EN-US/mbsasetup.msi

• A technical white paper on MBSA is also available for download at: http://www.microsoft.com/technet/security/tools/tools/mbsawp.asp

HFNetChk

• One particularly important element of operating a secure system is staying up to date on security patches

• It"s critical to know which patches have been applied to your system and, more importantly, which haven"t

• Microsoft has released a tool called HFNetChk that will significantly aid system administrators in this task

• HFNetChk is a command-line tool that enables an administrator to check the patch status of all the machines in a network from a central location

• Detailed information, including download locations, is available in Knowledge Base article Q303215.

Implementing, Managing, and Troubleshooting Secure Communication Channels

Objectives:

• Configure IPSec to secure communication between networks and hosts. Hosts include domain controllers, Internet Web servers, databases, e-mail servers, and client computers.

• Configure IPSec authentication.

• Configure appropriate encryption levels.

• Configure the appropriate IPSec protocol. Protocols include AH and ESP.

• Deploy and manage IPSec certificates. Considerations include renewing certificates.

• Troubleshoot IPSec. Typical issues include IPSec rule configurations, firewall configurations, routers, and authentication.

• Implement security for wireless networks.

• Configure public and private wireless LANs.

• Configure wireless encryption levels. Levels include WEP and 802.1x. Consider Authentication methods (Shared key, etc)

• Configure wireless network connection settings on client computers. Client-computer operating systems include Windows 2000 Professional, Windows XP Professional, and Windows CE 3.0

• Configure Server Message Block (SMB) signing to support packet authentication and integrity.

• Deploy and manage SSL certificates. Considerations include renewing certificates and obtaining self-issued certificates versus public-issued certificates.

• Obtain public and private certificates.

• Install certificates for SSL.

• Renew certificates

• Configure SSL to secure communication channels. Communication channels include client computer to Web server, Web server to SQL Server computer, client computer to Active Directory domain controller, and e-mail server to client computer.

IPSEC

• IPsec (Internet Protocol Security) is a developing standard for security at the network or packet-processing layer of network communication

• Earlier security approaches have inserted security at the application layer of the communications model

• IPsec will be especially useful for implementing virtual private networks and for remote user access through dial-up connection to private networks

• A big advantage of IPsec is that security arrangements can be handled without requiring changes to individual user computers

• IPsec provides two choices of security service:

  • Authentication Header (AH), which essentially allows authentication of the sender of data

  • Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well.

• The Windows 2000 IPSec policy engine provides a very effective means to secure a network interface

• If you have a server that isn"t protected by a firewall or router with good access control lists (or if you do) – IPSec is a good option.

• IPSec can be implemented and deployed in the end hosts or in the gateways/routers or in both

Configuring, Managing, and Troubleshooting Authentication and Remote Access Security

Objectives:

• Configure and troubleshoot authentication.

• Configure authentication protocols to support mixed Windows client-computer environments.

• Configure the interoperability of Kerberos authentication with UNIX computers.

• Configure authentication for extranet scenarios.

• Configure trust relationships.

• Configure authentication for members of non-trusted domain authentication

• Configure and troubleshoot authentication for Web users. Authentication types include Basic, Integrated Windows, anonymous, digest, and client certificate mapping.

• Configure authentication for secure remote access. Authentication types include PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-TLS, and Multi-factor authentication with smart cards and EAP.

• Configure and troubleshoot virtual private network (VPN) protocols. Considerations include Internet service provider (ISP), client-computer operating system, Network Address Translation (NAT) devices, Routing and Remote Access server, and firewall server.

• Manage client-computer configuration for remote access security. Tools include remote access policy and Connection Manager Administration Kit.

PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-TLS

• Microsoft created MS-CHAP to authenticate remote Windows workstations, providing the functionality to which LAN-based users are accustomed while integrating the hashing algorithms used on Windows networks

• Like CHAP, MS-CHAP uses a challenge-response mechanism to keep the password from being sent during the authentication process.

• MS-CHAP uses the Message Digest 4 (MD4) hashing algorithm and the Data Encryption Standard (DES) encryption algorithm

• Unlike CHAP, MS-CHAP does not require that the user account"s password be stored in a reversibly encrypted form.

• During the MS-CHAP authentication process, shared secret encryption keys for Microsoft Point-to-Point Encryption (MPPE) are generated

• Windows 2000 includes support for Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) that provides stronger security for remote access connections. MS-CHAP v2 offers the additional security features:

  • LAN Manager encoding of responses and password changes is no longer supported.

  • Two-way authentication verifies the identity of both sides of the connection

  • Two-way authentication, also known as mutual authentication, ensures that the remote access client is dialing into a remote access server that has access to the user"s password

  • Mutual authentication provides protection against remote server impersonation.

  • Separate cryptographic keys are generated for transmitted and received data.

Implementing and Managing a Public Key Infrastructure (PKI) and Encrypting File System (EFS)

Objectives:

• Install and configure Certificate Authority (CA) hierarchies. Considerations include enterprise, standalone, and third-party.

• Install and configure the root, intermediate, and issuing CA. Considerations include renewals and hierarchy.

• Configure certificate templates. Considerations include LDAP queries, HTTP queries, and third-party CAs.

• Configure the publication of Certificate Revocation Lists (CRLs).

• Configure public key Group Policy.

• Configure certificate renewal and enrollment.

• Deploy certificates to users, computers, and CAs

• Manage Certificate Authorities (CAs). Considerations include enterprise, stand-alone, and third party

• Enroll and renew certificates.

• Revoke certificates.

• Manage and troubleshoot Certificate Revocation Lists (CRLs). Considerations include publishing the CRL.

• Back up and restore the CA

• Manage client-computer and server certificates. Considerations include SMIME, EFS, exporting, and storage

• Publish certificates through Active Directory

• Issue certificates using MMC, Web enrollment, programmatic, or auto enrollment using Windows XP

• Recover KMS-issued keys

• Manage and troubleshoot EFS. Considerations include domain members, workgroup members, and client-computer operating systems

Certificate Authorities

• When a certificate is presented to an entity as a means of identifying the certificate holder (the subject of the certificate), it is useful only if the entity being presented the certificate trusts the issuer, which is often referred to as the certification authority

• When you trust a certification authority, which means you have confidence that the certification authority has the proper policies in place when evaluating certificate requests and will deny certificates to any entity that does not meet those policies.

• For Windows 2000 users, computers, and services, trust in a certification authority is established when you have a copy of the root certificate in the trusted root certification authorities store, as well as having a valid certification path, meaning that none of the certificates in the certification path has been revoked or has had its validity period expire

• If your organization is using the version of Certificate Services in Windows 2000 Server to run its certification authority, then the certification authority is one of two types:

  • Enterprise: An enterprise certification authority depends upon Active Directory being present.

  • Stand-alone: A stand-alone certification authority is less automated for a user than an enterprise certification authority because it does not depend on the use of Active Directory

• By default, users can request certificates from a stand-alone certification authority only by using Web pages.

• Stand-alone certification authorities that do not use Active Directory will generally have to request that the certificate requester provide more complete identifying information

• A stand-alone certification authority makes its certificate revocation list available from a shared folder, or from Active Directory if it is available.

Monitoring and Responding to Security Incidents

Objectives:

• Configure and manage auditing. Considerations include Windows Events, Internet Information Services (IIS), firewall log files, Network Monitor Log, and RAS log files

• Manage audit log retention

• Manage distributed audit logs by using EventComb

• Analyze security events. Considerations include reviewing logs and events

• Respond to security incidents. Incidents include hackers, viruses, denial-of-service (DoS) attacks, natural disasters, and maintaining chains of evidence

• Isolate and contain the incident. Considerations include preserving the chain of evidence

• Implement counter measures

• Restore services

EventComb

• EventCombMT is a multi-threaded tool that will parse event logs from many servers at the same time, spawning a separate thread of execution for each server that is included in the search criteria. The tool allows you to:

  • Define either a single Event ID, or multiple Event IDs to search for. You can include a single event ID, or multiple event IDs separated by spaces.

  • Define a range of Event IDs to search for and you have many ways to search information with

• Installing the Tool:

  • To install the tool, extract the contents of the self-extracting SecurityOps.exe

  • This will create a C:SecurityOpsEventComb folder

  • Once the files are extracted, you can run the EventCombMT tool by double-clicking the EventCombMT.exe file

Good luck on the exam.

70-214 Examnotes complied by: Robert J. Shimonski http://www.rsnetworks.net

Designing and Implementing Distributed Applications with

Visual Basic 6 – Exam 70-175

An application is a computer program that solves a particular problem or related set of problems. A simple application runs in a single process space and often loads in utility, or helper, functions through dynamic-link libraries, which helps the application achieve its task.

A distributed application is:

• Scalable

As the number of users or workload increases, the application performance does not degrade significantly.

• Reliable

Reliable applications do not stop users from doing their jobs due to a hardware or software failure. Users of reliable applications also have a high level of confidence regarding the correctness of their operation and availability.

• Efficient

Efficient applications do their work quickly and are effective at helping users reach their goals.

Enterprise applications have additional characteristics beyond a distributed application. An enterprise application is:

• Extensive

Enterprise applications are often multi-user, multi-computer applications that manipulate huge amounts of data and utilize parallel processing, network-distributed resources, and complex logic. A team of developers typically develop the application, and it can be deployed across multiple platforms and inter-operate with many other applications. Enterprise applications are long-lived.

• Business oriented

Enterprise applications meet specific business requirements. They encode business policies, processes, rules, and entities, and can be deployed in a manner responsive to business needs.

• Mission critical

An enterprise application must be robust enough to sustain continuous operation. It must be extremely flexible for scalability and deployment, and allow for efficient maintenance, monitoring, and administration.

Distributed Component Object Model (DCOM)

COM and DCOM, technologies that enable components to communicate with each other, make distributed applications on the Windows platform and other platforms possible. COM is an object-based programming model designed to promote software interoperability. DCOM is the "glue" that binds all of the technology in a distributed application together. DCOM allows two or more components to cooperate easily with one another, even if different vendors wrote them at different times and in different programming languages, or if the components are running on different computers with different operating systems.

Creating the User Interface

Overview of User Interface Elements

Control properties, methods, and events provide specific functionality to your application. The Visual Basic Toolbox includes standard controls (also called inherent or intrinsic controls). You must use the Components dialog box to add custom controls to the Toolbox. Some ActiveX controls may not be available in the Components dialog box and need to be registered on your computer. Using the Professional and Enterprise editions of Visual Basic, you can create your own ActiveX controls. You should remove any ActiveX controls that your application does not use before you package your application. Removing the unused controls reduces file size and overhead.

A control array is a group of controls that share the same name, type, and event procedures but retain individual property settings. Common uses for control arrays are menu controls and option button groupings.

You can create controls at run time with the Load statement and the Add method of the Controls collection. To delete controls, you use the Unload and Remove methods.

With the Properties window, you can set control properties at design time. You can also set control properties at run time programmatically.

Events are fired in response to system or user input and are handled in your application by event procedures. The timer event is an example of a system event. A single user action can trigger one or multiple events. The object type determines available events. Each object fires its events independently. Form events generally fire in this order: Initialize, Load, Activate/Deactivate, QueryUnload, Unload and Terminate.

A collection is a grouping of related objects. Visual Basic creates some automatically; you can create others using the Collection object. A collection is either zero-based or one-based.

The Forms collection lets you enumerate, or loop through, all forms in an application. The Controls collection lets you enumerate all controls on a form. You can refer to a particular element in a collection by its index or by its name.

Navigation & Validation

Menus facilitate navigation in an application. The tool that creates the menu is the Menu Editor with which you can create menus such as pop-up menus. Use control arrays to add or delete menus and menu items at run time. To hide a run time menu, use the Hide method or set a menu control"s Visible property to false.

The two validation methods that Visual Basic offers are form-level validation and the field-level validation. Use the form-level validation to check all data entered into controls on a form, and be sure and include visual cues for the user. Use field-level validation to check the data entered into each field individually.

Creating COM DLLs with Visual Basic

Creating Class Modules

class module (.cls file) is a type of Visual Basic code module that lets you create custom objects for your application. It provides functionality in the form of an object. Each class module defines one type of object. You can create class modules manually or with the Class Builder utility.

You create property procedures to implement properties in objects created from custom classes. Visual Basic provides three property procedures: Property Get, Property Let, and Property Set. You can then write validation code to ensure that input values are valid.

You can declare properties and methods Public, Private, or Friend. Private members cannot be used outside of the class. Friend members cannot be used outside of the component. Public members are available to use outside of the class and the component.

Visual Basic provides two built-in events for class modules, Initialize and Terminate. You can also create custom events.

An enumeration lets you define your own set of named constants, which you can then use as property values, method arguments, and return values. This makes your code easier to read and maintain.

Using Class Modules

You can use class modules in one or more Visual Basic applications, and also within a compiled COM DLL. In the latter case, you do not add the class module to your project; instead, reference it via its type library, which is a resource that contains detailed descriptions of classes. The Object Browser, which is designed to read type libraries, lets you display the classes that are available in projects and libraries.

To use a class module in an application, you must create an instance of the class (object). You should first set a reference to the appropriate type library, then create an instance with the CreateObject function or the New operator.

To make your application run quickly and efficiently, optimize the resolution of object references. Early-bound objects always run faster than late-bound objects. If you must use late-binding -for example, if you don"t know in advance what class of object will be assigned to a variable - declare it As Object. Also, in-process components offer better performance than out-of-process components; the client does not have to cross process boundaries to use a server object"s properties, methods, and events.

Creating COM DLLs and EXEs

New COM components are based on either the ActiveX EXE or ActiveX DLL template. You can build either in- or out-of-process components depending on the needs of your application:

• DLLs (in-process components) are faster but less fault tolerant. These are the major focus of this course.

• EXEs (out-of-process components) are slower but provide better fault tolerance.

Project properties you can set include:

• Project Type

Determines several other possible options such as the threading model.

• Startup Object

Specifies whether to run code when the component loads.

• Project Name

Is the name of the type library for the component. It is important to choose a unique name.

• Project Description

Allows contents to appear in the References dialog box and in the Object Browser.

• Help Information

Specifies the help (.hlp) file for the application.

• Upgrade ActiveX Controls

Provides automatic update if newer versions of controls are loaded onto the computer.

• Unattended Execution

Specifies whether the component runs without the user interface.

• Retained In Memory

Gives the option to keep the project in memory when Unattended Execution is specified.

• Threading Model (ActiveX DLLs)

Provides a choice between single-threading or apartment-threading. Actually, apartment-threading is standard in Visual Basic, but the Threading Model option lets you specify one or multiple threads per apartment.

The properties you set for each class module in the COM components determine how clients identify and create the class module. The properties include the following:

• Instancing

Determines the availability of your class and how other applications create instances.

• DataSourceBehavior

Determines whether the object is data-aware or can act as a data source for other objects.

• Persistable

Determines that the component has default values that are constant when you compile the component. To be persistable, the component must be public and creatable.

Before you can use a COM component, you must register it to make it available on your computer. You can do this by creating a Setup program, compiling the DLL in Visual Basic, and running the Regsvr32 utility.

After you create a COM component, test and debug it in the Visual Basic IDE using both a compiled version of the component and a project group.

To create a COM DLL

1. Create a new ActiveX DLL project in Visual Basic

2. Name the project Account.

3. Create a class called CAccount and set its Instancing property to PublicNotCreatable.

4. Add the following properties to the class:

   Property Name	Data Type	Procedure
   AccountNumber	Integer	Get/Let
   FullName	String	Get/Let
   Balance	Currency	Get/Let

5. You will have to create property procedures and Private variables to hold the property values.

6. Use the ClassBuilder utility to create a collection based on the CAccount class.

7. Name the collection class colAcc, and set its Instancing property to MultiUse.

8. Save your work, and compile your project.

Click Make Account.dll from the File menu

Advanced COM Programming with Visual Basic 6.0

You can create COM components by using ActiveX DLL and ActiveX EXE project templates. Interfaces facilitate the communication between the objects and the clients. Visual Basic creates default interfaces for COM components. However, you can also create your own custom interfaces. There are many advantages to creating your own custom interfaces, including polymorphism and component maintainability. The process of interface development consists of defining and implementing the interface.

Business objects separate business rules and application logic that can be organized into an object model. An object model is a hierarchical representation of objects and/or collections that exist within an applications framework. The object models that you create for your applications give your objects structure and priority. An object model is composed of objects and collections. Some of the Visual Basic tools are available to aid in the development and evaluation of object models are the Class Builder utility and Object Browser.

ActiveX Data Objects

Overview of Universal Data Access

Universal Data Access is the Microsoft strategy for providing access to all types of information across the enterprise. It provides high-performance access to a variety of information sources including relational data and non-relational data. These data sources include mainframe ISAM/VSAM, hierarchical databases, e-mail, file systems, text, and graphical data.

OLE DB is the underlying interface that enables Universal Data Access. Microsoft ActiveX Data Objects is the development interface to the data sources supported by OLE DB. Because ADO is built on top of OLE DB, ADO benefits from the universal data access infrastructure.

ADO Compared to Other Data Access Methods

• ADO is an object model for accessing all types of data through OLE DB.

Languages such as Visual Basic, Java, C++, VBScript, and JScript can use ADO which can then access data from any OLE DB source. You can use ADO to access relational data as well as e-mail or data contained in a spreadsheet.

• RDO is an object model for accessing relational data through ODBC.

RDO was designed to give Visual Basic developers the ability to access ODBC data without having to code to the ODBC API. RDO is a COM interface to the ODBC API and provides the functionality of ODBC in a programmable object model. It is designed to take advantage of database servers that use sophisticated query engines, such as SQL Server and Oracle.

• DAO is an object model for accessing local or SQL data through Jet.

DAO is the oldest of the three data access methods. With DAO, you can access data in Microsoft Jet databases, Microsoft Jet-connected ODBC databases, and installable indexed sequential access method (ISAM) data sources, such as FoxPro, Paradox, or Lotus 1-2-3. Compared to the newer ADO and RDO technologies, DAO is a slower, less capable data access alternative. DAO, like its companion, the Microsoft Jet database engine, was originally designed to support ISAM data access.

Need for ADO

• ADO can access all types of data, whereas RDO and DAO access only relational data.

• The ADO object model is not as complex as that of RDO or DAO and therefore is easier to use, with less coding required.

• ADO combines the best features of RDO and ADO and will eventually replace them.

• ADO is the standard data access object model across Microsoft tools, including Visual Basic, Access, Office, and Microsoft Internet Information Server.

ADO Object Model

You can use ADO objects in Microsoft Visual C++, Microsoft Visual Basic, Microsoft Visual Basic Scripting Edition, Java, and any platform that supports both COM and automation. There are seven objects in the ADO object model: Connection, Command, Recordset, Field, Parameter, Error, and Property. Although each ADO object features a set of properties and methods that allow you to manipulate the object and its contents, when you work with ADO programmatically, you typically use the following three ADO objects: Connection, Command, and Recordset objects.

The Connection object establishes a connection to a data source. It allows an application to pass user-specific information when creating the connection.

Command objects define specific detailed information about what data is retrieved from a database connection. You can base command objects on either a database object (such as a table, view, stored procedure, or synonym) or an SQL query.

Recordset objects represent an entire set of records from a database table or the result of an executed command. You use Recordset objects to manipulate data from a provider, one record at a time.

Data Environment

The Data Environment designer is an object you can add to your Visual Basic project to provide an interactive, design-time environment for creating objects that access data. When you add a connection to a Data Environment, you select a data source provider, specify connection properties such as the database server name, username, password, and database name. Once you"ve created a connection to your database, you can use the Data Environment designer to create Command objects that give you access to data. For example, you can create a simple Command object that gives you access to the data in a table, or you can create a more complex Command object based on a query.

The Command Properties window contains a SQL Builder button that opens Query Designer for the Microsoft Visual Data Tools. Once you open the Query Designer, you can drag and drop database objects from the Data View window to build SQL statements. When you have finished designing the Command, you can drag and drop the Command from the Data Environment onto a form. If a Command object returns data, the results can be accessed using a Recordset object available from the DataEnvironment object.

Accessing Data with ActiveX Data Objects

A Connection object represents a physical connection to a data source. Use the Open method of the Connection object to establish a connection. All of the arguments for the Open method are optional because you can specify the connection information using the Connection object"s ConnectionString property. Once a connection has been established, you can begin updating records in a database. By using the Connection object"s Execute method, you can send SQL commands to the database without having to return records to the client. A Command object is a definition of a specific command that you intend to execute against a data source. It can be based on either a database object (such as a table, view, or stored procedure) or a SQL command. Due to the variety of possible commands you can place in the CommandText property, you must also use the CommandType property to specify the type of command used.

The following table lists the supported CommandType values:

Value	Description
adCmdText	Use if the query string is a SQL command.
adCmdTable	Use if the query string is the name of a table name.
adCmdStoredProc	Use if the query string is the name of a stored procedure.
adCmdFile	Use if the query string is the name of a file used to save the records in a previously created Recordset object.
adCmdTableDirect	Use specifically for OLE DB providers that support both SQL statements and the ability to directly open tables by their name. This is a variation on adCmdTable.
adCmdUnknown	Use when the command type is not explicitly known, and the provider attempts to execute the command text first as an SQL statement, then as a stored procedure, and finally as a base table name. An error occurs only if all three of these attempts fail. Because the Command object must perform these extra steps to determine the type of query string, performance is degraded. This is the default value.

Using ADO you can define a command statement that contains multiple Select statements. As a result, the single command returns more than one recordset. Multiple recordsets can be created using the Execute method of a Command object or the Open method of a Recordset object. Use the NextRecordset method to move to the next recordset when multiple recordsets can be returned. Recordset object allows users to navigate through a set of records returned from a query or stored procedure. The Recordset object contains properties and method to allow you to navigate, add, change, and delete records.

Advanced Database

Introduction to Transactions

A transaction is an "all or nothing" operation; either all of the statements are executed and completed or none of them are. If any command fails, you can roll back all commands, returning the data source to its original state. If all commands are successful, you can commit the changes and make them permanent. Database operations are combined into a logical unit of work that succeeds or fails as a whole, and must exhibit four properties, called the ACID (Atomicity, Consistency, Isolation, and Durability) properties, to qualify as a transaction.

The following transaction methods manage transaction processing within a Connection object as follows:

• BeginTrans

Begins a new transaction.

• CommitTrans

Saves any changes and ends the current transaction. It may also start a new transaction.

• RollbackTrans

Cancels any changes made during the current transaction and ends the transaction. It may also start a new transaction.

Types of Transactions

Autocommit transactions

In autocommit mode, which is the default mode for SQL Server, each individual SQL statement is committed automatically if it is successful and rolled back automatically if it generates an error. There is no need for an application running in autocommit mode to issue statements that specifically start or end a transaction. When using Transact-SQL within SQL Server, each individual Transact-SQL statement is committed when it completes. You do not have to specify any statements to control transactions.

Implicit Transactions

Implicit transactions do not allow you to group multiple commands together. Instead a transaction is built around each individual command. Using implicit transactions, you cannot programmatically roll back or commit the changes. However, you can trap for a run-time error if the command were to fail. Your program can then resubmit the individual change.

If you do not explicitly turn on a transaction, implicit transactions are used automatically. SQL Server uses auto-commit mode and builds a transaction around each individual command.

Explicit Transactions

Explicit transactions allow your application to manage multiple SQL statements as if they were a single command. When you use an explicit transaction, your application groups commands into a single action.

For example, you can use an explicit transaction if your application transfers money between bank accounts. The act of transferring money consists of two operations: removing money from one account (a debit) and then adding it to another account (a credit). Without using a transaction, if there are any network problems or other errors that prevent the credit from occurring, the money is removed from the first account without being added to the second. This situation is avoided when you use an explicit transaction.

Transact-SQL

Transact-SQL is the standard language for communicating between applications and SQL Server. The Transact-SQL language is an enhancement to Structured Query Language (SQL), the ANSI-standard relational database language. It provides a comprehensive language for defining tables; inserting, updating, or deleting information stored in tables; and for controlling access to data in those tables.

Disconnected Recordsets

Every cursor uses temporary resources to hold its data. These resources can be memory, a disk paging file, temporary disk files, or even temporary storage in the database. The cursor is called a client-side cursor when these resources are located on the client machine.

Server-side cursors are the default in ADO. To explicitly specify the