The most trusted source for computer security training, certification and research.

select a course
Global Information Assurance Certification

The information presented is priceless!
-Nehal Parmar, North Fork Bank

SECURITY 505

Securing Windows

6 CPE Credits Per Day

Will you be transitioning from Windows XP to Windows 7? The Securing Windows track is fully updated for Windows Server 2008-R2 and Windows 7. Most of the content applies to Windows Server 2003 and XP too, but the focus is on 2008/Vista/7.

Concerned about the 20 Critical Security Controls of the Consensus Audit Guidelines? This course will help you implement the Critical Controls relevant to Windows systems, not just audit them, and will walk you through most of the tools step-by-step too.

As a Windows security expert, how can you stand out from the crowd and offer management more than the usual apply-this-checklist advice? Be a security architect who understands the big picture. You can save your organization money, maintain compliance with regulations, secure your networks, and advance your career all at the same time. How? By leveraging the Windows infrastructure you've already paid for.

The Securing Windows track at SANS (SEC505) is a comprehensive set of courses for Windows security architects and administrators. It tackles tough problems like Active Directory forest design, how to use Group Policy to lock down desktops, deploying a Microsoft PKI and smart cards, pushing firewall and IPSec policies out to every computer in the domain, securing public IIS web servers, and PowerShell scripting.

PowerShell is the future of Windows scripting and automation. Easier to learn and more powerful than VBScript, PowerShell is an essential tool for automation and scalable management. And if there's one skill that will most benefit the career of a Windows specialist, it's scripting, because most of your competition lack scripting skills, so it's a great way to make your resume stand out. Scripting skills is also essential for being able to implement the 20 Critical Security Controls.

You are encouraged to bring a virtual machine running Windows Server 2008 Enterprise Edition configured as a domain controller, but this is not a requirement for attendance since the instructor will demo everything discussed on-screen. You can get a free evaluation version of Server 2008 from Microsoft's web site (just do a Google search on "site:microsoft.com Server 2008 trial"). You can use VMware, Virtual PC or any other virtual machine software.

This is a fun and fascinating course, a real eye-opener even for Windows administrators with years of experience. Come see why there's a lot more to Windows security than just applying patches and changing passwords; come see why a Windows network needs a security architect.

  • Who Should Attend
    • Windows network security engineers and architects.
    • Windows administrators with security duties.
    • Anyone with Windows machines who wants to implement the SANS 20 Critical Security Controls
    • Active Directory designers and administrators.
    • Those who must enforce security policies on Windows hosts.
    • Those deploying or managing a PKI or smart cards.
    • IIS administrators and webmasters with web servers at risk.
    • Administrators who use the command line or scripting to automate their duties and must learn PowerShell (the replacement for CMD scripting and VBScript).
  • Securing Active Directory and DNS Day:
    • Read-Only Domain Controllers (RODC)
    • Securing Domain Controllers
    • SYSKEY.EXE
    • Disaster Planning and Recovery
    • Encrypting Replication Traffic
    • Property-Level Permissions (DACLs)
    • Audit Settings (SACLs)
    • Delegation of Authority
    • Organizational Unit Design
    • Custom MMC Consoles
    • The "Empty Root" Domain Model
    • Best Practices for Forest Design
    • DNS SRV Records
    • Unix BIND Integration
    • Secure Dynamic Updates
    • Best Practices for Securing DNS
  • Group Policy Day:
    • The Group Policy Management Console (GPMC)
    • Security Templates
    • Security Configuration and Analysis MMC Snap-In
    • SECEDIT.EXE
    • Group Policy Objects (GPOs)
    • GPO Links to Domains, OUs and Sites
    • Order of Precedence Processing: LSDOU
    • WMI Filtering
    • Custom ADM/ADMX Templates
    • MSI Deployment through Group Policy
    • Pushing Out Scripts
    • Software Restriction Policies
    • Managing Internet Explorer Settings
    • Replacing the Desktop Interface
    • Micro-Managing Users' Applications
  • PKI, EFS and BitLocker Day:
    • Why Must I Have A PKI?
    • Examples: Smart Cards, VPNs, Wireless, SSL, S/MIME, etc.
    • How To Install The Windows PKI
    • Root vs. Subordinate Certification Authorities
    • Should You Be Your Own Root CA?
    • Controlling Certificate Enrollment
    • How To Manage Your PKI
    • Group Policy Deployment of Certificates
    • How To Revoke Certificates
    • Automatic Private Key Backup
    • Delegation of Authority
    • Deploying Smart Cards
    • Smart Card Enrollment Station
    • Best Practices for Private Keys
    • Encrypting File System
    • EFS Insecurity Myths
    • BitLocker Drive Encryption
    • TPM and USB BitLocker Options
    • BitLocker Emergency Recovery
    • MANAGE-BDE.WSF
    • Best Practices for EFS and BitLocker
  • IPSec, Windows Firewall, NPS, VPNs and Wireless Day:
    • Secure Socket Tunneling Protocol (SSTP)
    • Isn't IPSec Just For VPNs? No!
    • IPSec Domain Isolation
    • How to Create IPSec Policies
    • Group Policy Management of IPSec
    • NETSH.EXE
    • Windows Firewall with Advanced Security
    • Configuring RADIUS Policies (NPS)
    • EAP vs. PEAP
    • PEAP-MS-CHAPv2
    • Smart Cards for VPN
    • IPSec + L2TP = RRAS VPNs
    • L2TP vs. PPTPv2
    • Host-to-Router VPN Configuration Steps
    • Router-to-Router VPN Configuration Steps
    • VPN Best Practices
    • Securing Wireless Networks
    • Wi-Fi Protected Access (WPA)
    • Smart Cards for Wireless
    • Best Practices for Wireless
  • Securing IIS Day:
    • FTP Over SSL (FTPS)
    • IIS Server Hardening
    • Security Template for IIS
    • Patch Management
    • Removing Dangerous Services
    • Securing WebDAV
    • Managing Bindings
    • Hardening TCP/IP
    • IPSec for IIS Servers
    • Authentication Options
    • Kerberos and NTLM for Web Applications
    • Smart Cards for Web Applications
    • Minimal HTTP Permissions
    • Minimal NTFS Permissions
    • Proper NTFS Auditing
    • Running Scripts and Binaries on IIS
    • Web-Based Applications
    • Worker Process Isolation
    • HTTP.SYS Filtering
    • Securing XML Config Files
    • Securing Logs Hands-Free
    • Finding Hacking Signatures In Logs
  • PowerShell Scripting Day:
    • What is PowerShell?
    • CmdLets
    • Running Scripts
    • Namespace Providers
    • Piping .NET Objects
    • Parameter Binding
    • Regular Expressions
    • Functions and Filters
    • The .NET Class Library
    • Using Properties and Methods at the Command Line
    • Security and Execution Policy
    • Managing the Event Logs
    • Accessing COM Objects: WMI, ADSI, ADO, etc.

The level of expertise is unprecedented. People like Ed are hard to find!
-Steve O'Brien, City of Bend

Author Statement

I've happily been with SANS for over a decade, and the courses I write are always guided by two questions: 1) What do administrators need to know to secure their networks? and 2) What should administrators learn to advance their careers as IT professionals? I'm not a Microsoft employee or a Microsoft-basher, so you won't get either kind of propaganda here; my concern is with the health of your network and your career. As a security consultant I've seen it all (good, bad and ugly) and my experience goes into the manuals I write for SANS and the stories I tell in seminar. The Securing Windows course is packed with interesting and useful advice which isn't so easy to find on the Internet. We always have a good time, so I hope to meet you at the next conference!
-- Jason Fossen

Training Events By Course

SECURITY 505 :: Securing Windows
SANS 2010 Orlando, FL March 06, 2010 - March 15, 2010
SANS CDI East 2009 Washington, DC December 11, 2009 - December 18, 2009
SANS Phoenix 2010 Phoenix, AZ February 14, 2010 - February 20, 2010
Community SANS Twin Cities (3) Securing Windows 2010 Edina, MN April 05, 2010 - April 10, 2010