CAST 616: Securing Windows Infrastructure

cast-616-systeminfrastructureEl endurecimiento en los sistemas de seguridad de Windows se ha vuelto mandatorio para las Organizaciones que ven la seguridad como una prioridad. Los negocios hoy en dia dependen de los servicios de TI en su totalidad, haciendo que los procesos de aseguramiento y endurecimiento de los sistemas sea mucho mas intenso, ya que el número de ataques ha crecido exponencialmente y están directamente relacionados con el crecimiento en la competitividad tecnológica.

Este curso esta diseñado con el propósito de proveer a los profesionales de Seguridad con el conocimiento y habilidades prácticas necesarias para asegurar su infraestructura de red, la cual es crítica para las organizaciones hoy en día.

Este entrenamiento se enfoca en revisar a profundidad en los aspectos clave de resolver problemas relacionados con la infraestructura de red, a través del estudio de los elementos clave en el funcionamiento de los mecanismos internos de seguridad de Windows y cómo pueden ser optimizados sin poner en riesgo la configuración en el ambiente de TI de las Organizaciones, la cual se va volviendo común al paso del tiempo.

 

Contenido del Programa

 

Unidad 1: Windows 7 & 8 Hardening

Windows Kernel role
Kernel functionality
Kernel debugging (useful techniques)
Kernel security mechanisms and their
practical ¡mplementation
Lab: Kernel digging

Securing operating system objects
Influencing the security of processes & threads
User account security (elevation of privileges, permissions, functionality, passwords, hardening)
Functionality and hardening of rights, permissions, privileges
Services security
Registry settings and activity
Lab: Securing system objects
Lab: Improving services security
Lab: Verifying the meaning of rights, permissions and privileges
Lab: System security bypass techniques
and countermeasures

Modern malware and threats
Sensitive operating system áreas
Techniques used by modern malware
Cases of the real attacks on sensitive áreas
(with the practical examples)
Protection mechanisms and countermeasures
Lab: Malware hunting
Lab: Stuxnet / other malware cases

Device Drivers
Types of drivers and their security considerations
Managing device drivers
Lab: Monitoring drivers
Lab: Driver Isolation
Lab: Signing drivers

Group Policy Settings
Useful GPO Settings for hardening
Customized GPO Templates
AGPM
Lab: Advanced GPO features
Lab: Implementing AGPM

Practical Critography
EFS
Deep-dive to BitLocker
3rd party solutions
Lab: Implementing and managing BitLocker

After completing this module, students will be familiar with:
Threats and their effects
Points of entry to the client operating system
Secure confíguration of the client operating system
Security management in the client operating system

Unidad 2: Windows Server 2008 R2 / Windows Server 8 Hardening

Securing Server Features

Public Key Infrastructures
Design considerations
Hardening techniques
Lab: PKI implementation

Active Directory
Design considerations for Windows
Server 2008 R2 and Windows Server 8
Securing Domain Services
Schema confíguration
New security features in Windows Server 8
Lab: Active Directory security in the single domain environment
Lab: Active Directory security in the múltiple domains environment

Microsoft SQL Server hardening
Installation considerations
Configuring crucial security features
Lab: Hardening Microsoft SQL Server

After completing this module, students will be familiar with:
Threats for servers and countermeasures
Points of entry to the server operating system
Solutions for server security
Hardening of the Windows related roles

Unit 3: Hardening Microsoft Network Roles

Hardening minor network roles

DNS Hardening
Improving DNS functionality
Hardening and designing DNS Role
Lab: Hardening DNS role
Lab: Testing the DNS confíguration

Internet Information Security 7.5 / 8
Implementing secure web server
Implementing web site security
Monitoring security and performance
Lab: IIS Server Hardening
Lab: Web site security settings
Lab: Monitoring IIS under attack

IPSec
Implementing IPSec
Security pólices ¡n IPSec
Lab: Implementing Domain Isolation
Lab: Network Access Protection with IPSec

DirectAccess
Implementation Considerations
DirectAccess Security and Hardening
Lab: DirectAccess secure confíguration demo

Remote Access
VPN Protocols
RDP Gateway
Unified Access Gateway
Network Access Protection
Lab: Configuring security settings in Network Policy Server
Lab: Configuring security settings in RDP Gateway
Lab: Securing UAG Confíguration for applications
Lab: Network Access Protection implementation scenario

Firewall
Customizing the rules
Hardening Client and Server for Rule-Specific scenario
Lab: Managing Windows Firewall with Advanced Security

After completing this module, students will be familiar with:
Configuring secure remote access
Implementing Network Access Protection
Protocol misusage techniques and prevention actions
DNS advanced confíguration
Hardening the Windows networking roles and services - in details
Building the secure web server 

 

Unidad 4: Windows High Availability

Network Load Balancing design considerations and best practices
iSCSI confíguration
Failover Clustering internals and security
Lab: Building IIS Cluster with NLB
Lab: Building the failover cluster

After completing this module, students will be familiar with:
High Availability technologies

Unidad 5: Data and Application Security

File Classification Infrastructure
Designing security for File Server
Active Directory Rights Management Services
AppLocker and Software Restriction Policy
Lab: Building secure solution with FCI and ADRMS
Lab: Securing and auditing a File Server
Lab: Restricting access to applications with
Applocker and SRP
Lab: Software Restriction Policy (in)
security

After completing this module, students
will be familiar with:
Information and data protection solutions
Best practices of implementing data security solutions
Techniques for restricting access to data
Techniques of avoiding misusage of applications

Unit 6: Monitoring, Troubleshooting and Auditing Windows

Advanced logging and subscriptions
Analyzing and troubleshooting the bootprocess
Crash dump analysis
Auditing tools and techniques
Monitoring tools and techniques
Professional troubleshooting tools
Lab: Event logging and subscriptions
Lab: Monitoring the boot process
Lab: Blue Screen scenario

After completing this module, students will be familiar with:
Troubleshooting methodologies
Collecting data methodologies
Monitoring Windows after / during the
attack and during situation specific events
Windows forensics

Unidad 7: Automating Windows Hardening

Advanced logging and subscriptions
Analyzing and troubleshooting the boot
process
Crash dump analysis
Auditing tools and techniques
Monitoring tools and techniques
Professional troubleshooting tools
Lab: Event logging and subscriptions
Lab: Monitoring the boot process
Lab: Blue Screen scenario

After completing this module, students
will be familiar with:
Troubleshooting methodologies
Collecting data methodologies
Monitoring Windows after / during the
attack and during situation specific events
Windows Forensics